diff options
Diffstat (limited to 'doc/chapters/tlsauthentication.inc')
-rw-r--r-- | doc/chapters/tlsauthentication.inc | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/doc/chapters/tlsauthentication.inc b/doc/chapters/tlsauthentication.inc index 4f9c4443..278a3ba5 100644 --- a/doc/chapters/tlsauthentication.inc +++ b/doc/chapters/tlsauthentication.inc | |||
@@ -135,8 +135,22 @@ both of uncritically @emph{HTTP} parts and secured @emph{HTTPS}. | |||
135 | You can also use MHD to authenticate the client via SSL/TLS certificates | 135 | You can also use MHD to authenticate the client via SSL/TLS certificates |
136 | (as an alternative to using the password-based Basic or Digest authentication). | 136 | (as an alternative to using the password-based Basic or Digest authentication). |
137 | To do this, you will need to link your application against @emph{gnutls}. | 137 | To do this, you will need to link your application against @emph{gnutls}. |
138 | For this, you first need to obtain the raw GnuTLS session handle from | 138 | Next, when you start the MHD daemon, you must specify the root CA that you're |
139 | @emph{MHD} using @code{MHD_get_connection_info}. | 139 | willing to trust: |
140 | @verbatim | ||
141 | daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY | MHD_USE_SSL, | ||
142 | PORT, NULL, NULL, | ||
143 | &answer_to_connection, NULL, | ||
144 | MHD_OPTION_HTTPS_MEM_KEY, key_pem, | ||
145 | MHD_OPTION_HTTPS_MEM_CERT, cert_pem, | ||
146 | MHD_OPTION_HTTPS_MEM_TRUST, root_ca_pem, | ||
147 | MHD_OPTION_END); | ||
148 | @end verbatim | ||
149 | |||
150 | With this, you can then obtain client certificates for each session. | ||
151 | In order to obtain the identity of the client, you first need to | ||
152 | obtain the raw GnuTLS session handle from @emph{MHD} using | ||
153 | @code{MHD_get_connection_info}. | ||
140 | 154 | ||
141 | @verbatim | 155 | @verbatim |
142 | #include <gnutls/gnutls.h> | 156 | #include <gnutls/gnutls.h> |