[99s-extend] cowboy client cert auth, basic auth

Loïc Hoguin essen at ninenines.eu
Thu Jun 5 23:24:50 CEST 2014

Previous message: [99s-extend] cowboy client cert auth, basic auth
Next message: [99s-extend] cowboy client cert auth, basic auth
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Misunderstood what you needed then.

Note that the services that are completely blocked from anyone who 
doesn't have the right cert are virtually non-existent, it doesn't make 
sense to add a feature for it.

You can do that kind of thing by having custom code creating the 
protocol process by the way. There's no need to patch Cowboy for that.

On 06/05/2014 11:01 PM, Daniel Goertzen wrote:
> But then I would have to check the client cert for each and every
> request.  I should have to check the cert only once at connect time and
> then be able to pass the result of that check in the request to each
> handler.
>
> Anyway I've gone ahead and implemented what I need in a generic manner
> and it seems to work well.  I think it would be a useful addition to
> Cowboy.  If you agree I could write some more documentation for it.
>
> https://github.com/goertzenator/cowboy/tree/onconnect
>
> I added a "onconnect" hook and "connection metadata" to cowboy_req.  The
> connection metadata works like existing metadata, but is preserved from
> request to request on the same connection.  The onconnect hook provides
> initial values for the connection metadata.
>
> Dan.
>
>
>
>
> On Thu, Jun 5, 2014 at 3:04 AM, Loïc Hoguin <essen at ninenines.eu
> <mailto:essen at ninenines.eu>> wrote:
>
>     On 06/05/2014 01:44 AM, Daniel Goertzen wrote:
>
>
>
>
>         On Wed, Jun 4, 2014 at 4:48 PM, Loïc Hoguin <essen at ninenines.eu
>         <mailto:essen at ninenines.eu>
>         <mailto:essen at ninenines.eu <mailto:essen at ninenines.eu>>> wrote:
>
>              On 06/04/2014 10:08 PM, Daniel Goertzen wrote:
>
>                  I am having very good luck with Cowboy so far, but I
>         have some
>                  questions:
>
>                  1. There doesn't appear to be any way to do client
>         certificate
>                  authorization in Cowboy, although I see there is an
>         example for
>                  doing
>                  exactly that with Ranch.  I think I could modify Cowboy
>         to do what I
>                  want, but I thought I would ask if there were other options
>                  before doing
>                  that.
>
>
>              Same as Ranch really, you just gotta take the socket and
>         then call
>              the ssl functions.
>
>
>         Yes, but in cowboy there's no API to get at the socket.
>
>
>     There is the undocumented function cowboy_req:get/1 which is meant
>     for that kind of "special" use.
>
>
>     --
>     Loïc Hoguin
>     http://ninenines.eu
>
>

-- 
Loïc Hoguin
http://ninenines.eu

Previous message: [99s-extend] cowboy client cert auth, basic auth
Next message: [99s-extend] cowboy client cert auth, basic auth
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Extend mailing list