darrenjs
commented
6 years ago Hi, yeah that seems along the right lines. The wampcc::ssl_config and wampcc::ssl_contextclasses would need to have options to allow them to be configured to support client certificate authentication. Currently ssl_context has optional support for accepting the server key (via the certificate_file and private_key_file config options), so something similar needed for client authentication.
In terms of the server side (i.e, wampcc acting as the server that requests client certificate and then validates), that could also need to be added, although that is parallel task to supporting the client side. For the server side, how it deals with rejects would need to be considered. Would be nice for wampcc to support client certification request, since wampcc can be then used as both server and client during testing.
Also, as the ssl_context becomes more feature rich (supporting client auth, server auth etc), the current design of having one ssl_context per wampcc kernel might need to be revisited. Perhaps instead each wamp_session can have its own ssl_context . E.g, consider the case of a single wampcc application that needs to have a SSL server socket, and a separate SSL client socket. That could be achieved via two separate wampcc::kernel instances, but would be nice to support it via single kernel.
The project I'm working on requires authentication to be performed by client certificate. In order to enable this functionality, ssl_context needs additional settings such as
For implemetation it looks like ssl_config in wampcc::ssl_config in kernel would need extensions to pass this information and necessary callbacks to ssl_context.
How do you see, would this be an acceptable approach ?