[Users] Re: [Serusers] trusting peers

Klaus Darilion klaus.mailinglists at pernau.at
Thu Oct 13 10:29:53 CEST 2005


Juha Heinanen wrote:
> Klaus Darilion writes:
> 
>  > But we need to handle the validation of the domain in the certifiacte 
>  > somehow. 
> 
> why?  since certificate doesn't carry any useful domain information, you
> have to do it yourself with a table that lists for each certificate the
> domains you want to see in from headers from that proxy.

Yes! Thus we need to get the domain part for the certificate to make the 
lookup in the table. Thus, we have to handle it. I did not said that the 
TLS part has to handle it, but somewere we have to validate it.

e.g. simmilar to allow_trusted, but using the domain form the 
certificate instead of using src_ip.

regards
klaus




More information about the sr-users mailing list