Forum OpenACS Q&A: Re: client ns_openssl

Collapse
4: Re: client ns_openssl (response to 1)
Posted by robert parker on
I have gone through the help I have so far received - thanks. To be specific about the problem I am encountering, here is what's happening:

====
From a .tcl page I invoke ns_httpsget to retrieve another page (as I am testing at the moment, this page is hosted on the same instance of OACS)

The requested page checks if the request is https (using [security::secure_conn_p], which returns true) then checks the certificate, using [ns_openssl clientcert subject] which returns blank and [ns_openssl clientcert exists] which returns false. Why?

There doesn't seem to be anything wrong in the error.log

I use the same certfile and keyfile for the users and client contexts and I can make https requests from a browser to the server (i.e. the users context), so I believe my certificate and key file are ok.

I was wondering if I have to do something with the CADir and CAFile ns_params? if so what? I can't find any documentation on these parameters and they are currently commented out as per the default installed config.tcl. Do these parameters store the certificate of the CA approved by the server? (i.e. in the same way that browsers are configured with a list of approved CAs)

This is with nsopenssl-3.0beta26