I have to deploy experimental web services and to limit their access to a
limited (but varying) list of people (well, computers). The web services are
developed in C++ using gsoap.

The solution used is to hide the services behind an Apache server using
mod_proxy to redirect queries to the services.

The authentication is handled through mod_ssl asking to present a certificate
and filtering users on their DN.

Everything works but I'm not administrator of the Apache server. Thus, I
cannot edit myself the virtual host SSLRequire definition. I have to ask to
the administrator through a somewhat long process.

We think that we could place the SSLRequire in a .htaccess of a folder I would
have the rights on, the mod_proxy handled folders being subfolders of this
one. The problem here is that the proxying is applied before the SSL
certificate verification.

Is there a way to allow me to modify the authorized certificates list without
having full administrative rights ?

Thanks in advance.



PS: below are some parts of my configuration files
ProxyPass /a/service http://localhost:10001/

SSLVerifyClient require
SSLVerifyDepth 10

SSLRequire ( %{SSL_CLIENT_S_DN_CN} =~ m/MY CN/ )

Gael de Chalendar
Centre de Fontenay-aux-Roses
Laboratoire d'Ingénierie de la Connaissance Multimédia Multilingue (LIC2M)
(Multimedia and Multilingual Knowledge Engineering Laboratory)
Bat. 38-2 ; 18, rue du Panorama ; BP 6
92265 Fontenay aux Roses Cedex ; France
Tél.: ; Fax.:
Email : Gael.D.O.T.de-Chalendar.A@T.cea.D.O.T.fr
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org