[Users] Re: [Serusers] trusting peers
Klaus Darilion
klaus.mailinglists at pernau.at
Thu Oct 13 10:29:53 CEST 2005
Juha Heinanen wrote:
> Klaus Darilion writes:
>
> > But we need to handle the validation of the domain in the certifiacte
> > somehow.
>
> why? since certificate doesn't carry any useful domain information, you
> have to do it yourself with a table that lists for each certificate the
> domains you want to see in from headers from that proxy.
Yes! Thus we need to get the domain part for the certificate to make the
lookup in the table. Thus, we have to handle it. I did not said that the
TLS part has to handle it, but somewere we have to validate it.
e.g. simmilar to allow_trusted, but using the domain form the
certificate instead of using src_ip.
regards
klaus
More information about the Users
mailing list