13 Oct
2005
13 Oct
'05
8:29 a.m.
Juha Heinanen wrote:
Klaus Darilion writes:
But we need to handle the validation of the domain in the certifiacte somehow.
why? since certificate doesn't carry any useful domain information, you have to do it yourself with a table that lists for each certificate the domains you want to see in from headers from that proxy.
Yes! Thus we need to get the domain part for the certificate to make the lookup in the table. Thus, we have to handle it. I did not said that the TLS part has to handle it, but somewere we have to validate it.
e.g. simmilar to allow_trusted, but using the domain form the certificate instead of using src_ip.
regards klaus