External validation of client certificates
Hi, we're having a special use case and hope to find a solution in stunnel. In our use case clients use self-signed X.509 certificates to authenticate with our TLS-server. We don't have a CA but a database with usernames (DN) and fingerprints of the client-certificates. Is it possible with stunnel not to validate the client certificates against a CA but handover the Distinguished Name to an external application which returns the fingerprint to check the certificate against? -- Best regards, Rene Bartsch, B. Sc. Informatics Current Bitcoin Exchange Rate: https://www.bitcoin.de/de/r/mwfngu
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rene Bartsch wrote:
Is it possible with stunnel not to validate the client certificates against a CA but handover the Distinguished Name to an external application which returns the fingerprint to check the certificate against?
This is not something supported by stunnel out of the box. It is certainly possible to add such a feature to stunnel. Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlRnK6MACgkQ/NU+nXTHMtEU3gCg54OUa6bWYT9jzijSi0KriBnx 9/IAoI5CaUbZS4Ckis5XYrZ3l60rb0hT =gmQ/ -----END PGP SIGNATURE-----
participants (2)
-
Michal Trojnara -
Rene Bartsch