EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Validate clientcertificate based on requested URL

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
Posted: 03/28/2014 10:43:15
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 73

I have a server based on the HTTPS Webserver example.
The TElHTTPSServer.OnCertificateValidate event is used to validate the client certificate and I have this working.

Now I want to have a validation based on the requested URL:

https://myserver/url1 -> requires certificate X
https://myserver/url2 -> requires certificate Y

My idea was to check the CurrentRequestParams.url property. However the CurrentRequestParams are not known in the stage where the OnCertificateValidate event is fired.

Is there a way to know the requested URL when the OnCertificateValidate event is fired?
Posted: 03/28/2014 10:48:08
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Its not possible because SSL/TLS handshake is performed before HTTP request is received by a server.
Posted: 03/28/2014 10:53:21
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 73

Thanks for the quick reply!
Posted: 03/28/2014 11:00:49
by Eugene Mayevski (EldoS Corp.)

Actually to solve this problem in TLS 1.1 and later there's ServerNameIndication extension offered, which is used by some (but not all) clients. So if you want, you can extend your code with support for this extension. My colleagues will guide you on this.

Sincerely yours
Eugene Mayevski
Posted: 03/28/2014 11:06:03
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 73

That looks interesting! I'd be happy to receive any information related to this subject.
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.



Topic viewed 432 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!