|
Rich Salz
rsalz at caveosystems.com
Thu Aug 17 15:51:10 EST 2000
> That'd be interesting to see. Let me play with it a day or two and I'll send the patch along. > I'd really appreciate a lamens terms explanation of what it is you're > trying to get out of mod_ssl and what are the steps issues involved with > it? The simplest thing is: I want to be able to get the the DN of the client and their entire cert, if there is one. With this, I can do all my own authorization rules in my python code. Later on, I want to be able to control what crypto protocols they're using, etc. > I'm somwhat familiar with use of openssl to generate certificates and > such, but I know next to nothing about mod_ssl internals. > P.S. Does SWIG really have to be involved in order for this to work? No. It just saves me a lot of time. SWIG is a "compiler" that read C (and, to some extent) C++ header files, and generates all the python code to map the datatypes, and wrappers that convert from Py objects to the C objects, and back. Simple things (numbers strings) get mapped directly, others are only exposed as pointers unless you write your own conversions. There are some good examples at http://www.swig.org Ng Pheng Siong has a package, M2Crypto, that exposes most of the OpenSSL functions up through python (via swig) -- see http://www.post1.com/home/ngps. So all I need is a little glue code (i.e., my get_swig_handle patch) and I can do what I need. /r$
|