CGISSL
Sandipan Gangopadhyay
sandipan at vsnl.com
Sat Mar 10 15:08:36 EST 2001
cgissl.py is part of your web2ldap. Thanks for the great software. The
reason that I asked is this:
1. I have an Apache1.3.9 with Mod_SSL
2. It has a certificate .key and .crt installed. The .crt is signed by a
Root CA, called (say) XXX.
3. On the other hand, I have an MSIE5.5 browser that has a Digital ID
installed.
4. This digital ID was generated with Xenroll and signed by the same Root CA
XXX.
5. When a cgi program on the server is accessed by the client, the following
method of cgissl is returning 1 (server side SSL only). I want it to be 2
(client side as well). I want to find out how...
sec_sslacceptedciphers = [
'IDEA-CBC-SHA',
'RC4-MD5',
'EXP-RC4-MD5',
'RC4-SHA',
'IDEA-CBC-MD5',
'DES-CBC3-SHA',
'DH-DSS-DES-CBC3-SHA',
'DH-RSA-DES-CBC3-SHA',
'EDH-DSS-DES-CBC3-SHA',
'EDH-RSA-DES-CBC3-SHA',
'ADH-RC4-MD5',
'ADH-DES-CBC3-SHA',
'FZA-RC4-SHA',
'RC2-CBC-MD5',
'DES-CBC3-MD5'
]
intLevel = cgissl.SecLevel(sec_sslacceptedciphers, '/.*', '/.*')
I am only interested in ldap_clientdn2binddn = ['CN'] for now.
My OpenSSL is 0.9.4
What I am basically asking is how do I ensure that Apache and IE negotiate
the client cert as well as the server cert in the HTTPS handshake ?
Is the problem because IE is not using the Digital ID at all ?
Is the problem because Apache cant find the Root CA certificate to match the
signer/issuer of the Digital ID ?
Is the regexp failing ?
How do I find out ?
Thanks for your fast response,
Sandipan
----- Original Message -----
From: "Michael Ströder" <michael at stroeder.com>
To: "Sandipan Gangopadhyay" <sandipan at vsnl.com>
Sent: Sunday, March 11, 2001 12:48 AM
Subject: Re: CGISSL
> Sandipan Gangopadhyay wrote:
> >
> > Is the cgissl module documentation available online ?
>
> Which module do you mean?
>
> Ciao, Michael.
>
More information about the Python-list
mailing list