Hi there,
I'm not quite sure if this is a little bit off topic but maybe someone can
answer it anyway:
In the protocol of SSL there is this certificate_verify_message which is
send after right the client has send its certificate. The message is
composed of a combination of the recently exchanged messages, the master
secret and some padding bytes. This data is somehow scrambled by MD5 and
SHA. Ok.
But what is the real point of this message at all? In the SSl 3.0 draft,
page 30, it is written that this is '...to provide explicit verification of
a client certificate'. But how does this message verifies this? As far as I
know is that both signing functions are working without any key (am I
right?) so all you do is to send some data without any relevance for the
certificate to the server. So what can the server do with this data to
verify the client's certificate ?
*g* I know it is ME who has the problem here with this but can someone pls.
be so kind and give me a hint???
Regards,
Oliver
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
