From: Rob McCool 
Newsgroups: netscape.devs-nsapi
Subject: Re: Anybody has luck with Client Certificates w/NSAPI???
Date: Wed, 27 Nov 1996 15:38:33 -0800

> Thanks for the info. and I did go through the admin server to activate
> the security for the Client Certificates, but my question is how do I
> decode the certificate passed to the server from the client: in other
> words I want to enforce the authentication by other means not by the
> authdb/* db files. How do I setup PathCheck to call my user function
> along with "get-client-cert" or what ever.... is it possible at all??

Hi, here's what I got from someone who knows more about this area, hope
it helps. Netscape's forthcoming cryptography API will have more
functionality for decoding certificates.

--Rob

The base64 encoding of the certificate DER encoding is placed in
rq->vars as "auth-cert" by get-client-cert.  base64 is relatively
easy to decode.  See http://home.netscape.com/eng/security/certs.html
for information about the certificate format.

He will need to provide his own code to decode the certificate.
It may be helpful to look at SSLeay at

    http://psych.psy.uq.oz.au/~ftp/Crypto/

[And needless to say, that's not an endorsement or anything.  RSA
also sells code that should work.  That's not an endorsement either.]

--
Rob McCool, robm@netscape.com http://home.netscape.com/people/robm/
Stunt Programmer, Netscape Communications Corporation
It was working ten minutes ago, I swear...

Reproduced by permission of the author.