Juha Heinanen wrote:
Klaus Darilion writes:
But we need to handle the validation of the
domain in the certifiacte
somehow.
why? since certificate doesn't carry any useful domain information, you
have to do it yourself with a table that lists for each certificate the
domains you want to see in from headers from that proxy.
Yes! Thus we need to get the domain part for the certificate to make the
lookup in the table. Thus, we have to handle it. I did not said that the
TLS part has to handle it, but somewere we have to validate it.
e.g. simmilar to allow_trusted, but using the domain form the
certificate instead of using src_ip.
regards
klaus