CGI and SCGI (WIP)

SIS supports CGI and SCGI for all protocols. The following variables are used:

Authorizers (Unimplemented)

An Authorizer script is a CGI script/SCGI server that is given TLS Client Certificate information, as well as path information, and hands back to the server (SIS) whether the user is authorized to access that resource. The server (SIS) then responds to the client with an error or, if authorized, the data that they requested, calling out to another CGI script/SCGI application server to access the resource data if necessary. This model is based off of FastCGI Authorizer scripts, but modified to work with CGI and SCGI. How each Authorizer should respond is detailed below.

Responses should use Gemini’s response format, regardless of protocol, with exception to HTTP(S) which may use FastCGI’s HTTP Authorizer responses.

• 20 success should be used if authorized, telling the server to proceed with sending the resource to the client.
• 60 may be used if no certificate was given and one is required.
• 61 response code should be used for unauthorized certificates.
• 62 response code should be used for invalid certificates.

??When a directory is being served, SIS with automatically look for a .authorizer executable in a given directory and use it as an authorizer script for that directory’s contents.??

An authorizer script could handle authorization in three ways:

• comparing the client certificate hash to a list of known hashes
• check a database for the client certificate hash and its permissions
• call out to LDAP or some other authorization server