snacktime
2006-Jul-25 19:41 UTC
[Rails] rails compatible http servers that support ssl client auth
So far, apache is the only server I have found that supports ssl client authentication. Pound can forward the client certificate so I could verify it myself. I couldn''t find any information on client auth with lighttpd. Litespeed evidently doesnt'' support it. I''ve been trying to use apache for the ssl connection and then pass the ssl env back to mongrel or lighttpd, without any luck. Right now using pound and verifying the certificate inside rails seems like the best choice. I want to stay away from apache and fastcgi if at all possible. Any other ideas?
Matthew Palmer
2006-Jul-26 00:27 UTC
[Rails] Re: rails compatible http servers that support ssl client auth
On Tue, Jul 25, 2006 at 11:47:43AM -0700, snacktime wrote:> So far, apache is the only server I have found that supports ssl > client authentication. Pound can forward the client certificate so I > could verify it myself. I couldn''t find any information on client > auth with lighttpd.It doesn''t support it at present, I''ve checked. But if I had a larger stock of round tuits I''d write it in, because it''d give me a few more options for some stuff I''m doing. It''s pretty trivial, even -- you just need to add a few calls here and there to say "ask for a cert" and "check the cert". Alas, time constraints and all that.> Right now using pound and verifying the certificate inside rails seems > like the best choice. I want to stay away from apache and fastcgi if > at all possible. > > Any other ideas?Adding the necessary SSL presentation and verification to Mongrel itself should be about as difficult as it was with webrick -- that is to say, pretty darned simple. The Ruby OpenSSL wrappers are pretty good about that sort of thing. You could then load balance as you like. - Matt