Pathfinder and Apache
What is it?
Our Pathfinder library allows applications to easily perform RFC5280-compliant path validation of X.509 certificates.
We've created a patch for the Apache web server that allows it to use Pathfinder to validate client certificates. Path discovery, policy mapping, policy constraints, and more, are all handled transparently. Moreover, this patch allows Apache to perform real-time CRL-checking of client certificates without needing to restart the web server.
Pathfinder and this patch for Apache are presently under active development.
- Make sure you have the WvStreams 4.6.1 library installed.
- Make sure you have Pathfinder 1.1.3 and libpathfinder-openssl installed and appropriately configured.
- Make sure you have pkg-config installed, and that it knows about libpathfinder.
- Apply the patch to a clean httpd-2.2.19 build tree.
- Run "buildconf".
- When running "./configure", specify "--with-pathfinder".
- Compile and install apache.
- Enable pathfinder with the "SSLPathfinder on" command in the apache server configuration.