Re: Suggested data shown for SSL certificate when choosing to accept or reject

2009-08-14 Thread Chase Douglas
> This is an SSH-like scenario (meaning, the subject is already known to > the principal, who has made a choice to use the services provided by > that subject).  Instead of trying to display the contents of a > self-signed webserver certificate, the only thing that you can really > truly verify is

Suggested data shown for SSL certificate when choosing to accept or reject

2009-08-14 Thread Chase Douglas
out? I am thinking of presenting just the issuer, subject, validity time frame, and signature, leaving out things like serial number, signature and key algorithms, and the public key itself. Is this reasonable? Thanks, Chase Douglas

Re: OpenSSL pseudo-psk usage

2009-01-26 Thread Chase Douglas
On Jan 26, 2009, at 4:23 PM, Philipp Gühring wrote: Hello Douglas, I'm wanting to use openssl to provide a psk-like authentication and encryption. While I see that openssl cvs has some TLS-PSK functionality, this does not seem to exist in any of the released tarballs. I run gentoo and I don't

OpenSSL pseudo-psk usage

2009-01-24 Thread Chase Douglas
d if a subsequent man in the middle attack is attempted, the server cert won't match the CA cert the client possesses. Does this design work as I am intending, with only one set of server and client certs needed per server impl