Hello:
I'm still learning SSL. I still do no understand how does or if
SSL/TSL prevents from a "man in the middle" attack. If the certificates
are good, no problem. But, how does a client, or what must I do for a
client to check the validity of a certificate, even a signed one from a
trusted CA?
My problem is this: I'm developing a client-server application (not
web based), the clients will be in computers with Win9x, and for
simplicity, the users won't know to wich server they are connecting to
(they do not need to). I could have the server certificate and the
server address in files in the client computer, but as Win9x security
does not exist, nothing prevents someone from replacing these file for
another server.
I would apreciate any coments, thanks.
Darío
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
