The client sends its certificate in a Certificate handshake message. The
server can use the public key in the certificate to verify the signature,
and just as important the server needs to examine the issuer and subject
identity information in the certificate to make the access control decision.
_____________________________________
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_____________________________________
----- Original Message -----
From: "Sandipan Gangopadhyay" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 07, 2001 10:38 AM
Subject: Re: Question on client authentication and signing
> Greg,
>
> When the client signs the handshake message hash with its private key, how
> does the server (say, Apache/ModSSL) authenticate that
encryption/signature
> ? Is the client's certificate also enclosed ? Asked for by the server ?
> Needs to be stored on the server in advance ?
>
> Regards,
>
> Sandipan
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
