|Anonymous | Login | Signup for a new account||2020-01-23 14:27 PST|
|Main | My View | View Issues | Change Log | Roadmap | Summary | My Account|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0007178||opensim||[REGION] OpenSim Core||public||2014-05-17 05:04||2014-08-22 17:43|
|Product Version||master (dev code)|
|Target Version||Fixed in Version|
|Summary||0007178: Adding a client authentication|
I want to add functionality of client authentication to HTTPserver of OpenSim.
With this capability, server (Robust or Money etc) can authenticate the Region Server.
Currently, I am using this code at our DTL/NSL Money.
Modification of opensim-libs is required for this.
I attach the patch code.
|Tags||No tags attached.|
|Git Revision or version number|
|Run Mode||Grid (Multiple Regions per Sim)|
|Environment||Mono / Linux64|
|Attached Files||patch.zip [^] (2,068 bytes) 2014-05-17 05:04|
Hi iseki. Apologies for the length of time that it's taken to look at this patch. Here are some comments.
1. I presume you need to insert the RemoteCertificateValidationCallback in order to control whether the negotiated cryptographic algorithms and strengths are sufficient?
2. I'm assuming that the ClientCertificateValidationCallback and _clientCallback properties in HttpContextFactory are there to allow this to be set one time only. However, I really don't like this approach much. I would much rather see the ClientCertificateValidationCallback passed down in the constructor or as a property through the HttpContextFactory <- HttpListener <- BaseHttpServer (OpenSim) route or similar, much as the server X509Certificate is already passed down this route. I know this is more work but I think that it is probably cleaner.
3. Can we expose the X509Certificate2 as a properties on IHttpClientContext rather than just the common name in case some other data is required in the future?
4. (minor) The two identical sslStream.AuthenticateAsServer(certificate, false, protocol, false); could be reduced to a single call after the conditional.
5. Could you provide the simplest possible example code to illustrate use of these patches? I can look at MoneyServer (again) some time but it will be quicker if I can just see the essentials of use.
|2014-05-17 05:04||iseki||New Issue|
|2014-05-17 05:04||iseki||File Added: patch.zip|
|2014-06-27 16:13||justincc||Status||new => patch included|
|2014-08-22 17:43||justincc||Note Added: 0026778|
|2014-08-22 17:43||justincc||Assigned To||=> justincc|
|2014-08-22 17:43||justincc||Status||patch included => patch feedback|
|Copyright © 2000 - 2012 MantisBT Group|