CGISSL

Sandipan Gangopadhyay sandipan at vsnl.com
Sat Mar 10 21:08:36 CET 2001


cgissl.py is part of your web2ldap. Thanks for the great software. The
reason that I asked is this:
1. I have an Apache1.3.9 with Mod_SSL
2. It has a certificate .key and .crt installed. The .crt is signed by a
Root CA, called (say) XXX.
3. On the other hand, I have an MSIE5.5 browser that has a Digital ID
installed.
4. This digital ID was generated with Xenroll and signed by the same Root CA
XXX.

5. When a cgi program on the server is accessed by the client, the following
method of cgissl is returning 1 (server side SSL only). I want it to be 2
(client side as well). I want to find out how...

sec_sslacceptedciphers = [
    'IDEA-CBC-SHA',
    'RC4-MD5',
    'EXP-RC4-MD5',
    'RC4-SHA',
    'IDEA-CBC-MD5',
    'DES-CBC3-SHA',
    'DH-DSS-DES-CBC3-SHA',
    'DH-RSA-DES-CBC3-SHA',
    'EDH-DSS-DES-CBC3-SHA',
    'EDH-RSA-DES-CBC3-SHA',
    'ADH-RC4-MD5',
    'ADH-DES-CBC3-SHA',
    'FZA-RC4-SHA',
    'RC2-CBC-MD5',
    'DES-CBC3-MD5'
  ]
intLevel = cgissl.SecLevel(sec_sslacceptedciphers, '/.*', '/.*')

I am only interested in ldap_clientdn2binddn = ['CN'] for now.

My OpenSSL is 0.9.4

What I am basically asking is how do I ensure that Apache and IE negotiate
the client cert as well as the server cert in the HTTPS handshake ?

Is the problem because IE is not using the Digital ID at all ?
Is the problem because Apache cant find the Root CA certificate to match the
signer/issuer of the Digital ID ?
Is the regexp failing ?
How do I find out ?

Thanks for your fast response,

Sandipan

----- Original Message -----
From: "Michael Ströder" <michael at stroeder.com>
To: "Sandipan Gangopadhyay" <sandipan at vsnl.com>
Sent: Sunday, March 11, 2001 12:48 AM
Subject: Re: CGISSL


> Sandipan Gangopadhyay wrote:
> >
> > Is the cgissl module documentation available online ?
>
> Which module do you mean?
>
> Ciao, Michael.
>





More information about the Python-list mailing list