...
Please note this is not extensively tested at this time. I believe there is still a little bit of work to be done. We plan on testing this here at Athabasca University within the next little while (currently May 27th, 2005). This modification was written by Trenton D. Adams and anonymous. If someone knows who anonymous is, let me know. I will search my email soon to see if I can find out who it was that helped me. We will soon contribute a binary RPM as well as a source RPM, which will automatically suck down the patch, and build against it.
*TODO* support multiple certificate files in PEM format by using multiple directivesStarting with the Case mod_cas distribution as a base ~ceharris wrote a modification to support the XML objects returned by CAS 2 and up. It was also modified to support a chain of trusted CA certificates, rather than a single certificate. The attached mod_cas-VATECH.tar.gz can be used with the instructions posted on the Case wiki to produce the improved mod_cas. The CASTrustedCerts directive can now point to a file containing a trusted CA cert chain.
TODO: The ssl_verify.c module in mod_cas is rather monolithic and inelegant. It could really stand to be significantly refactored.
TODO: OpenSSL has options for getting the trusted CA cert chain as a single file or as a directory. The directory option is not currently implemented in mod_cas-VATECH, but should be added.
When not to use MOD_CAS
(Per Scott Lundgren's email).
...