hi,
i have a problem where a ssl connection is getting established even when the
certificate is not yet valid.
the steps that leads to that point are as below.
1. run openssl s_server in a machine say C using a
self signed certificate.
e.g. openssl s_server -accept 1111 -Verify -1
-CAfile clientcert.pem -key serverkey.pem
-cert servercert.pem
2. now i run a s_client in another machine say C.
e.g. openssl s_client -connect C:1111 -CAfile
servercert.pem -key clientkey.pem -cert
clientcert.pem
3. The connection gets established as expected.
4. I disconnect the client. And change the time of
the machine running server i.e. S to say 10
years before so that the clientcert will be
considered as not yet valid.
5. now when i run s_client again the same way as
in step 2 it successfully gets connected to the
server. This should not happend.
The other observations are as below
A. If i repeat the same thing by advancing the
time of Machine A to say 10 years so that the
client certificate expires, in the same order
as above then client is unable to connect
which is the desired behaviour.
B I start the server and change the time 10
years before and then try to connect the
client then as expected the connection is
not established as expected. Please note this
time i have not made a previous connection
before changing the time.
Could anyone please help me in this regard as to
what should be done to rectify the problem.
Also could anyone please let me know what has to
be done in case where a connection is established
after authenticating with a valid certificate but
the certificate expires before the connection is
closed.
thanks
kaushik
Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com
Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from
http://www.planetm.co.in
Change the way you talk. Indiatimes presents Valufon, Your PC to Phone service with
clear voice at rates far less than the normal ISD rates. Go to
http://www.valufon.indiatimes.com. Choose your plan. BUY NOW.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
