EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Validate clientcertificate based on requested URL

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#29010
Posted: 03/28/2014 10:43:15
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 73

I have a server based on the HTTPS Webserver example.
The TElHTTPSServer.OnCertificateValidate event is used to validate the client certificate and I have this working.

Now I want to have a validation based on the requested URL:

https://myserver/url1 -> requires certificate X
https://myserver/url2 -> requires certificate Y

My idea was to check the CurrentRequestParams.url property. However the CurrentRequestParams are not known in the stage where the OnCertificateValidate event is fired.

Is there a way to know the requested URL when the OnCertificateValidate event is fired?
#29011
Posted: 03/28/2014 10:48:08
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Its not possible because SSL/TLS handshake is performed before HTTP request is received by a server.
#29012
Posted: 03/28/2014 10:53:21
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 73

Thanks for the quick reply!
#29013
Posted: 03/28/2014 11:00:49
by Eugene Mayevski (EldoS Corp.)

Actually to solve this problem in TLS 1.1 and later there's ServerNameIndication extension offered, which is used by some (but not all) clients. So if you want, you can extend your code with support for this extension. My colleagues will guide you on this.


Sincerely yours
Eugene Mayevski
#29014
Posted: 03/28/2014 11:06:03
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 73

That looks interesting! I'd be happy to receive any information related to this subject.
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 443 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!