Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0007178opensim[REGION] OpenSim Corepublic2014-05-17 05:042014-08-22 17:43
Reporteriseki 
Assigned Tojustincc 
PrioritynormalSeverityfeatureReproducibilityalways
Statuspatch feedbackResolutionopen 
PlatformOSOS Version
Product Versionmaster (dev code) 
Target VersionFixed in Version 
Summary0007178: Adding a client authentication
DescriptionHello.

I want to add functionality of client authentication to HTTPserver of OpenSim.
With this capability, server (Robust or Money etc) can authenticate the Region Server.
Currently, I am using this code at our DTL/NSL Money.
http://www.nsl.tuis.ac.jp/xoops/modules/xpwiki/?OpenSim%2FMoneyServer [^]

Modification of opensim-libs is required for this.
I attach the patch code.

Thanks.
TagsNo tags attached.
Git Revision or version number
Run Mode Grid (Multiple Regions per Sim)
Physics EngineODE
Script Engine
EnvironmentMono / Linux64
Mono Version3.2
Viewer
Attached Fileszip file icon patch.zip [^] (2,068 bytes) 2014-05-17 05:04

- Relationships

-  Notes
(0026778)
justincc (administrator)
2014-08-22 17:43

Hi iseki. Apologies for the length of time that it's taken to look at this patch. Here are some comments.

1. I presume you need to insert the RemoteCertificateValidationCallback in order to control whether the negotiated cryptographic algorithms and strengths are sufficient?
 
2. I'm assuming that the ClientCertificateValidationCallback and _clientCallback properties in HttpContextFactory are there to allow this to be set one time only. However, I really don't like this approach much. I would much rather see the ClientCertificateValidationCallback passed down in the constructor or as a property through the HttpContextFactory <- HttpListener <- BaseHttpServer (OpenSim) route or similar, much as the server X509Certificate is already passed down this route. I know this is more work but I think that it is probably cleaner.

3. Can we expose the X509Certificate2 as a properties on IHttpClientContext rather than just the common name in case some other data is required in the future?

4. (minor) The two identical sslStream.AuthenticateAsServer(certificate, false, protocol, false); could be reduced to a single call after the conditional.

5. Could you provide the simplest possible example code to illustrate use of these patches? I can look at MoneyServer (again) some time but it will be quicker if I can just see the essentials of use.

Thanks!

- Issue History
Date Modified Username Field Change
2014-05-17 05:04 iseki New Issue
2014-05-17 05:04 iseki File Added: patch.zip
2014-06-27 16:13 justincc Status new => patch included
2014-08-22 17:43 justincc Note Added: 0026778
2014-08-22 17:43 justincc Assigned To => justincc
2014-08-22 17:43 justincc Status patch included => patch feedback


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker