@evanphx what do you think about having an SSL-implementation independent class for X.509 certificates? /cc @seancribbs @halorgium
@evanphx @seancribbs @halorgium @_emboss_ yes! Client presents X.509 cert, server verifies certificate chain, app can then trust the subject
-
-
@bascule@seancribbs@halorgium@_emboss_ OH. I think I read your tweet wrong. You want a standalone X509 lib, yes? -
@evanphx@seancribbs@halorgium@_emboss_ something like that, yeah. Possibly Krypt? ;) -
@bascule@seancribbs@halorgium@_emboss_ Yeah. You can use any ASN.1 lib to decode the cert, then just pull the fields you want. -
@evanphx@seancribbs@halorgium@_emboss_ well more to the point I'd like to see a common way for Ruby web servers to expose the client cert -
@bascule@seancribbs@halorgium@_emboss_ Let's add it as a rack-ext. Inject the client cert subject as 'ssl.client.subject' into the env. -
@evanphx@seancribbs@_emboss_ and use the DirName? that seems good to me.@halorgium was thinking a hash of the Distinguished Name's parts -
@bascule@seancribbs@_emboss_@halorgium The full subject should be exposed since how to understand it will vary. -
@evanphx@seancribbs@_emboss_@halorgium what form should it take though? A special class? A hash? A string? Raw ASN.1? ;) - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.