[Users] Re: [Serusers] trusting peers
Klaus Darilion
klaus.mailinglists at pernau.at
Wed Oct 12 15:24:13 CEST 2005
Klaus Darilion wrote:
>
> Version B:
> 1. Validate the domain in the certificate against a local whitelist of
> known trusted peers. E.g. I could have all the public certificates of
> the trusted peers stored locally, or just having a database table with
> the hostname (as in the certificate) of the trusted peers.
> if (tls_is_from_trusted()) ..
Maybe this can bone outside the routing logic. If the client certificate
is received, ser should verifiy if the domain in the certificate is on
the whitelist. If yes, this TLS connection gets the "trusted flag" and
can be easily queried in the routing logic without checking against the
whitelist for each request.
regards
klaus
More information about the sr-users
mailing list