Curtis Dutton wrote at 01/05/2011 07:37 AM:
I am interested in implementing authentication via client browser certificates with a racket webserver.
One way I have seen HTTPS SSL client certificate authentication done for Racket (actually, PLT Scheme, a while ago) on the server side is to simply use Apache as a front-end Web Server, and have an Apache module do the authentication before the connection gets to Racket. Then your Racket code can get from Apache a string of a DN or some other identifying info from the valid certificate, which you can use for authorization or possibly additional authentication. I think that will do everything you want, including letting you lock out users (based on DN, without having to mess with cert revocation lists).
There might also be other reasons to use a front-end HTTPS server in front of your Racket Web Server, so perhaps you're already doing this. If for some reason you wanted connections direct to your Racket Web Server, not through a front-end like Apache, I don't know whether Racket's SSL support currently supports client cert authn on the server side.
-- http://www.neilvandyke.org/ _________________________________________________ For list-related administrative tasks: http://lists.racket-lang.org/listinfo/users
