PathCheck Stage
Parameters
dorequest
require
method
bucket
Examples
# Get the client certificate from the session.
# If a certificate is not already associated with the
# session, request one.
# The request fails if the client does not present a
# valid certificate.
PathCheck fn="get-client-cert" dorequest="1"
66
Netscape Enterprise Server NSAPI Programmer's Guide • November 2001
controls whether to actually try to get the certificate, or just test for its
presence. If dorequest is absent the default value is 0.
• 1 tells the function to redo the SSL3 handshake to get a client
certificate, if the server does not already have the client certificate.
This typically causes the client to present a dialog box to the user
to select a client certificate. The server may already have the client
certificate if it was requested on the initial handshake, or if a
cached SSL session has been resumed.
• 0 tells the function not to redo the SSL3 handshake if the server
does not already have the client certificate.
If a certificate is obtained from the client and verified successfully by
the server, the ASCII base64 encoding of the DER-encoded X.509
certificate is placed in the parameter auth-cert in the
Request->vars pblock, and the function returns REQ_PROCEED,
allowing the request to proceed.
controls whether failure to get a client certificate will abort the HTTP
request. If require is absent the default value is 1.
• 1 tells the function to abort the HTTP request if the client
certificate is not present after dorequest is handled. In this case,
the HTTP status is set to PROTOCOL_FORBIDDEN, and the
function returns REQ_ABORTED.
• 0 tells the function to return REQ_NOACTION if the client
certificate is not present after dorequest is handled.
(optional) specifies a wildcard pattern for the HTTP methods for
which the function will be applied. If method is absent, the function is
applied to all requests.
optional, common to all obj.conf functions