Plasma GitLab Archive
Projects Blog Knowledge 

(* $Id: qserver_auth_ssl.ml 289 2006-04-30 17:50:29Z gerd $ *)

(* Configure qserver for SSL authentication (UNSAFE) *)

Ssl.init();;  (* Don't forget! *)

let ctx = Ssl.create_server_context Ssl.TLSv1 "server.crt" "server.key" ;;

Ssl.set_verify ctx [ Ssl.Verify_peer; Ssl.Verify_fail_if_no_peer_cert ] None;
Ssl.set_verify_depth ctx 99;
Ssl.load_verify_locations ctx "ca.crt" "" ;;


let ssl_socket_config =
  Rpc_ssl.ssl_server_socket_config 
    ~get_peer_user_name:(fun ctx sslsock -> 
			   prerr_endline "get_peer_user_name";
			   let cert = Ssl.get_certificate sslsock in
			   let user = Ssl.get_subject cert in
			   prerr_endline ("user=" ^ user);
			   Some user)
    ctx ;;

Qserver.pluggable_auth_module :=
  ( "auth_ssl",
    (`Socket(Rpc.Tcp, Rpc_server.Portmapped, ssl_socket_config)),
    (fun srv ->
       Rpc_server.set_auth_methods
	 srv
	 [ Rpc_server.auth_transport ]
    )
  )
;;
This web site is published by Informatikbüro Gerd Stolpmann
Powered by Caml