[fpc-pascal] client certificate mandatory and verification

Jos Wegman jos.wegman at gmail.com
Sat Mar 23 12:46:39 CET 2024 

Hi,

Out of the info on the wiki I created a simple Webserver with a 
server-certificate.
To get this code working you need to create the necessary certificate.
For this I used xca from https://hohnstaedt.de but you can use OpenSSL 
to do the same.


[code=pascal]
program webserver;

{$mode objfpc}{$H+}

uses
   {$ifdef UNIX}
   cthreads, cmem,
   {$endif}
   fphttpapp,
   httpdefs,
   httproute,
   opensslsockets;

var
   fUseSSL: boolean;
const
   fCertificatePassword: string = 'hello';
   fCertificateHostName: string = 'localhost';
   fCertificateFileName: string = 'Server.crt';
   fCertificatePrivateKey: string = 'Server.key';

   procedure route1(aReq: TRequest; aResp: TResponse);
   begin
     aResp.Content := '<html><body><h1>Route 1 The 
Default</h1></body></html>';
   end;

   procedure route2(aReq: TRequest; aResp: TResponse);
   begin
     aResp.Content := '<html><body><h1>Route 2</h1></body></html>';
   end;

begin
   HTTPRouter.RegisterRoute('/', @route1);
   HTTPRouter.RegisterRoute('/2', @route2);
   Application.Port := 1999;
   fUseSSL :=true;
   Application.UseSSL := fUseSSL;
   if fUseSSL then
   begin
     Application.CertificateData.KeyPassword := fCertificatePassword;
     Application.CertificateData.HostName := fCertificateHostName;
     Application.CertificateData.Certificate.FileName := 
fCertificateFileName;
     Application.CertificateData.PrivateKey.FileName := 
fCertificatePrivateKey;
   end;
   Application.Threaded := True;
   Application.Initialize;
   Application.Run;
end.
[/code]

My questions are:
*- How can I modify this example to enforce the use of a client certificate?
- How can I verify a client certificate in the server?*

In the TLS handshake a client certificate is optional but the server can 
ensure that it is mandatory.

Any help, pointers, sample code is appreciated.

Sincerely,

Jos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freepascal.org/pipermail/fpc-pascal/attachments/20240323/c1cbafef/attachment.htm>

More information about the fpc-pascal mailing list