SSL certificates should be checked
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenMapi.org |
New
|
Wishlist
|
Johannes Roith |
Bug Description
This bug is a list of some SSL-related things we should support someday:
- The hostname of certificates should be matched against the hostname we are connecting to by the NMapi TeamXChange provider as well as the planned protobuf-based provider.
- Furthermore there should be an option for the TeamXChange-
- The NMapi server should verify provided client certificates and associate the connection with a trust-level that can be checked by custom server modules. The Levels should be:
+ InternalComponent (Special certificates for other NMapi servers if clustered, or for daemons with extended permissions like the ability to access any message store)
+ Trusted (Client certificates signed by the server CA)
+ SemiTrusted (Client certificates signed by CAcert or any authority in the mono certificate store)
+ Anonymous (No client certificate or unknown)
Any call-behaviour depending on these levels can be enforced by some server modules.
- The ASP.NET interface of the server should have some UI to manage certificates etc.
Changed in openmapi: | |
assignee: | nobody → Johannes Roith (johannes-jroith) |
importance: | Undecided → Wishlist |