Hello !
This will probably look like a dumb question, but anyway. Is there
any provision and way, in SSL and/or HTTP, to establish a SSL link
without trying to assert anything about the server identity? Such
that a client (a web browser) would happily use the encrypted tunnel
while obviously not offer any guarantee about the real identity of
the server but not complain about it too.
Something like a flag in a self-signed certificate that would tell
clients : "please I know I'm self-signed and I'm not trying to prove
my identity to you, just trying to establish a secure link between
both of us, so please don't make too much waves about me being self-
signed" ?
--
Olivier Mascia
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
