| Ticket UUID: | 0d1971c5aee58c973ef4b7e3fafffc1c2e29515d | ||
| Title: | SSL client certificates | ||
| Status: | Closed | Type: | Feature_Request |
| Severity: | Important | Priority: | |
| Subsystem: | Resolution: | Fixed | |
| Last Modified: | 2011-08-15 09:13:53 | ||
| Version Found In: | |||
| Description & Comments: | |||
|
It would be useful to support client certificates for https connections. Making sure that unauthorised requests never invoke the fossil cgi handler gives an extra level of assurance to those who have paranoid tendencies.
I implemented a very simple approach in the ben-security branch (--ssl-identity option to clone, which stores the path to PEM encoded cert and key in the ssl-identity setting), before noticing the jan-clientcert branch which provides a much more comprehensive certificate management feature (certs sub-command, certs table in repo db, client side cert passphrases, plus enhancements to the server certificate checking). What should I do to get support for client certificates into a state suitable for incorporating into the release version? ben added on 2011-08-15 09:10:39 UTC: | |||
View Ticket