Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Apache: Dev

Apache proxy sending client certificate on behalf of the client

  

 
Apache dev RSS feed   Index | Next | Previous | View Threaded


duarte.silva at serializing

May 28, 2012, 12:53 PM

Post #1 of 4 (456 views)
Permalink
Apache proxy sending client certificate on behalf of the client
Hi all,

I know this should be imposssible ("sounds" to me like a MITM), but bare with
me for a second and please tell me if this is in any way possible:

Client (HTTPS request) -> Apache (Forward Proxy) -> Server (HTTPS)
\___________________/
\/
Sends the client certificate on behalf of
the client


Note that the client is able to create SSL connections but it is not able to
send client certificate. Since the Apache is the one openning the connection
to the end Server, isn't there a way to force Apache to send a specific client
cert (the handshake is done in the Client even though the server is?

If it isn't, is there any alternatives that do this? Maybe if it was a
transparent proxy?

Thanks for all your time, regards,
Duarte Silva
Attachments: smime.p7s (3.99 KB)


duarte.silva at serializing

May 28, 2012, 12:58 PM

Post #2 of 4 (444 views)
Permalink
Re: Apache proxy sending client certificate on behalf of the client [In reply to]
Small correction, when reading "... send a specific client cert (the handshake
is done in the Client even though the server is?" should be

... send a specific client cert? I know the handshake is done in the Client
even thought the server is opening the connection.

Thanks,
Duarte

On Monday 28 May 2012 20:53:37 Duarte Silva wrote:
> Hi all,
>
> I know this should be imposssible ("sounds" to me like a MITM), but bare
> with me for a second and please tell me if this is in any way possible:
>
> Client (HTTPS request) -> Apache (Forward Proxy) -> Server (HTTPS)
> \___________________/
> \/
> Sends the client certificate on behalf of
> the client
>
>
> Note that the client is able to create SSL connections but it is not able to
> send client certificate. Since the Apache is the one openning the
> connection to the end Server, isn't there a way to force Apache to send a
> specific client cert (the handshake is done in the Client even though the
> server is?
>
> If it isn't, is there any alternatives that do this? Maybe if it was a
> transparent proxy?
>
> Thanks for all your time, regards,
> Duarte Silva
Attachments: smime.p7s (3.99 KB)


covener at gmail

May 28, 2012, 1:02 PM

Post #3 of 4 (441 views)
Permalink
Re: Apache proxy sending client certificate on behalf of the client [In reply to]
On Mon, May 28, 2012 at 3:53 PM, Duarte Silva
<duarte.silva [at] serializing> wrote:
> Hi all,
>
> I know this should be imposssible ("sounds" to me like a MITM), but bare with
> me for a second and please tell me if this is in any way possible:
>
> Client (HTTPS request) -> Apache (Forward Proxy) -> Server (HTTPS)
>                          \___________________/
>                                   \/
>                Sends the client certificate on behalf of
>                               the client
>
>
> Note that the client is able to create SSL connections but it is not able to
> send client certificate. Since the Apache is the one openning the connection
> to the end Server, isn't there a way to force Apache to send a specific client
> cert (the handshake is done in the Client even though the server is?
>
> If it isn't, is there any alternatives that do this? Maybe if it was a
> transparent proxy?
>

http://httpd.apache.org/userslist.html


duarte.silva at serializing

May 28, 2012, 1:13 PM

Post #4 of 4 (441 views)
Permalink
Re: Apache proxy sending client certificate on behalf of the client [In reply to]
On Monday 28 May 2012 16:02:44 Eric Covener wrote:
> On Mon, May 28, 2012 at 3:53 PM, Duarte Silva
>
> <duarte.silva [at] serializing> wrote:
> > Hi all,
> >
> > I know this should be imposssible ("sounds" to me like a MITM), but bare
> > with me for a second and please tell me if this is in any way possible:
> >
> > Client (HTTPS request) -> Apache (Forward Proxy) -> Server (HTTPS)
> > \___________________/
> > \/
> > Sends the client certificate on behalf of
> > the client
> >
> >
> > Note that the client is able to create SSL connections but it is not able
> > to send client certificate. Since the Apache is the one openning the
> > connection to the end Server, isn't there a way to force Apache to send a
> > specific client cert (the handshake is done in the Client even though the
> > server is?
> >
> > If it isn't, is there any alternatives that do this? Maybe if it was a
> > transparent proxy?
>
> http://httpd.apache.org/userslist.html

Thanks Eric, regards,
Duarte
Attachments: smime.p7s (3.99 KB)

Apache dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.