From c807880f7ac73f813b2660ea81a00f7712a4e793 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= Date: Mon, 29 Aug 2016 12:39:49 +0200 Subject: Add old mailing list archives --- archives/extend/2014-June/000398.html | 143 ++++++++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+) create mode 100644 archives/extend/2014-June/000398.html (limited to 'archives/extend/2014-June/000398.html') diff --git a/archives/extend/2014-June/000398.html b/archives/extend/2014-June/000398.html new file mode 100644 index 00000000..32322b35 --- /dev/null +++ b/archives/extend/2014-June/000398.html @@ -0,0 +1,143 @@ + + + + [99s-extend] cowboy client cert auth, basic auth + + + + + + + + + + +

[99s-extend] cowboy client cert auth, basic auth

+ Loïc Hoguin + essen at ninenines.eu +
+ Thu Jun 5 23:24:50 CEST 2014 +

+
+ +
Misunderstood what you needed then.
+
+Note that the services that are completely blocked from anyone who 
+doesn't have the right cert are virtually non-existent, it doesn't make 
+sense to add a feature for it.
+
+You can do that kind of thing by having custom code creating the 
+protocol process by the way. There's no need to patch Cowboy for that.
+
+On 06/05/2014 11:01 PM, Daniel Goertzen wrote:
+> But then I would have to check the client cert for each and every
+> request.  I should have to check the cert only once at connect time and
+> then be able to pass the result of that check in the request to each
+> handler.
+>
+> Anyway I've gone ahead and implemented what I need in a generic manner
+> and it seems to work well.  I think it would be a useful addition to
+> Cowboy.  If you agree I could write some more documentation for it.
+>
+> https://github.com/goertzenator/cowboy/tree/onconnect
+>
+> I added a "onconnect" hook and "connection metadata" to cowboy_req.  The
+> connection metadata works like existing metadata, but is preserved from
+> request to request on the same connection.  The onconnect hook provides
+> initial values for the connection metadata.
+>
+> Dan.
+>
+>
+>
+>
+> On Thu, Jun 5, 2014 at 3:04 AM, Loïc Hoguin <essen at ninenines.eu
+> <mailto:essen at ninenines.eu>> wrote:
+>
+>     On 06/05/2014 01:44 AM, Daniel Goertzen wrote:
+>
+>
+>
+>
+>         On Wed, Jun 4, 2014 at 4:48 PM, Loïc Hoguin <essen at ninenines.eu
+>         <mailto:essen at ninenines.eu>
+>         <mailto:essen at ninenines.eu <mailto:essen at ninenines.eu>>> wrote:
+>
+>              On 06/04/2014 10:08 PM, Daniel Goertzen wrote:
+>
+>                  I am having very good luck with Cowboy so far, but I
+>         have some
+>                  questions:
+>
+>                  1. There doesn't appear to be any way to do client
+>         certificate
+>                  authorization in Cowboy, although I see there is an
+>         example for
+>                  doing
+>                  exactly that with Ranch.  I think I could modify Cowboy
+>         to do what I
+>                  want, but I thought I would ask if there were other options
+>                  before doing
+>                  that.
+>
+>
+>              Same as Ranch really, you just gotta take the socket and
+>         then call
+>              the ssl functions.
+>
+>
+>         Yes, but in cowboy there's no API to get at the socket.
+>
+>
+>     There is the undocumented function cowboy_req:get/1 which is meant
+>     for that kind of "special" use.
+>
+>
+>     --
+>     Loïc Hoguin
+>     http://ninenines.eu
+>
+>
+
+-- 
+Loïc Hoguin
+http://ninenines.eu
+
+ + + +
+

+ +
+More information about the Extend +mailing list
+ -- cgit v1.2.3