[Users] Re: [Serusers] trusting peers

Klaus Darilion klaus.mailinglists at pernau.at
Wed Oct 12 15:24:13 CEST 2005


Klaus Darilion wrote:
> 
> Version B:
>   1. Validate the domain in the certificate against a local whitelist of 
> known trusted peers. E.g. I could have all the public certificates of 
> the trusted peers stored locally, or just having a database table with 
> the hostname (as in the certificate) of the trusted peers.
>   if (tls_is_from_trusted()) ..

Maybe this can bone outside the routing logic. If the client certificate 
is received, ser should verifiy if the domain in the certificate is on 
the whitelist. If yes, this TLS connection gets the "trusted flag" and 
can be easily queried in the routing logic without checking against the 
whitelist for each request.

regards
klaus




More information about the Users mailing list