On Fri, Sep 25, 2009 at 01:49:25PM +0200, Michael Prinzinger wrote:
> Dear Victor,
>
> thanks for your help.
> The problem is that I need to understand OpenSSL and its mechanisms and
No you need to understand SSL/TLS in general, and how to make use of
SSL in your protocol. The OpenSSL part will be easy, understanding SSL
(especially SSL with direct trust sans trust anchors) is I think your
main obstacle.
> However I think it would be more secure to be able to verify that the client
> is actually in posession of the private key belonging to this certificate,
> right?
SSL ensures that the SSL client has the private key for the peer
certificate that you find for the client at the end of the SSL session.
It is then up to your application to decide whether this is the right
peer to talk to, but the peer definitely knows how to solve the inverse
problem for the public key in question, presumably by having access to
the private key.
Good luck.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
