EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Validate clientcertificate based on requested URL

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#29010
Posted: 03/28/2014 10:43:15
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 80

I have a server based on the HTTPS Webserver example.
The TElHTTPSServer.OnCertificateValidate event is used to validate the client certificate and I have this working.

Now I want to have a validation based on the requested URL:

https://myserver/url1 -> requires certificate X
https://myserver/url2 -> requires certificate Y

My idea was to check the CurrentRequestParams.url property. However the CurrentRequestParams are not known in the stage where the OnCertificateValidate event is fired.

Is there a way to know the requested URL when the OnCertificateValidate event is fired?
#29011
Posted: 03/28/2014 10:48:08
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

Its not possible because SSL/TLS handshake is performed before HTTP request is received by a server.
#29012
Posted: 03/28/2014 10:53:21
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 80

Thanks for the quick reply!
#29013
Posted: 03/28/2014 11:00:49
by Eugene Mayevski (Team)

Actually to solve this problem in TLS 1.1 and later there's ServerNameIndication extension offered, which is used by some (but not all) clients. So if you want, you can extend your code with support for this extension. My colleagues will guide you on this.


Sincerely yours
Eugene Mayevski
#29014
Posted: 03/28/2014 11:06:03
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 80

That looks interesting! I'd be happy to receive any information related to this subject.
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 500 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!