💾 Archived View for rawtext.club › ~sloum › geminilist › 001560.gmi captured on 2020-09-24 at 01:48:07. Gemini links have been rewritten to link to archived content

View Raw

More Information

-=-=-=-=-=-=-

<-- back to the mailing list

CGI, SCGI and Certificates (was Re: [ANN] Gemini browser for iOS)

Petite Abeille petite.abeille at gmail.com

Thu Jun 11 20:02:39 BST 2020

- - - - - - - - - - - - - - - - - - - 
On Jun 10, 2020, at 05:53, Michael Lazar <lazar.michael22 at gmail.com> wrote:
TLS_CLIENT_AUTHORISED
Even though jetforce accepts unverified client certificates now, it will still
check if the certificate is authorised anyway. This means both valid and trusted
by the server's CA store. So this will be set to "1" for trusted and "0" for
untrusted. I like this variable because it gives each CGI script the option to
implement authentication however they want.

Is that the equivalent of SSL_CLIENT_VERIFY?

E.g.:

NONE: client has no cert SUCCESS = cert is valid GENEROUS = says only that some kind of certificate was sent at all FAILED:reason = auth with the cert failed