EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Validate clientcertificate based on requested URL

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
Posted: 03/28/2014 10:43:15
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 80

I have a server based on the HTTPS Webserver example.
The TElHTTPSServer.OnCertificateValidate event is used to validate the client certificate and I have this working.

Now I want to have a validation based on the requested URL:

https://myserver/url1 -> requires certificate X
https://myserver/url2 -> requires certificate Y

My idea was to check the CurrentRequestParams.url property. However the CurrentRequestParams are not known in the stage where the OnCertificateValidate event is fired.

Is there a way to know the requested URL when the OnCertificateValidate event is fired?
Posted: 03/28/2014 10:48:08
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

Its not possible because SSL/TLS handshake is performed before HTTP request is received by a server.
Posted: 03/28/2014 10:53:21
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 80

Thanks for the quick reply!
Posted: 03/28/2014 11:00:49
by Eugene Mayevski (Team)

Actually to solve this problem in TLS 1.1 and later there's ServerNameIndication extension offered, which is used by some (but not all) clients. So if you want, you can extend your code with support for this extension. My colleagues will guide you on this.

Sincerely yours
Eugene Mayevski
Posted: 03/28/2014 11:06:03
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 80

That looks interesting! I'd be happy to receive any information related to this subject.
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.



Topic viewed 511 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!