> This is an SSH-like scenario (meaning, the subject is already known to
> the principal, who has made a choice to use the services provided by
> that subject). Instead of trying to display the contents of a
> self-signed webserver certificate, the only thing that you can really
> truly verify is
out? I am
thinking of presenting just the issuer, subject, validity time frame,
and signature, leaving out things like serial number, signature and
key algorithms, and the public key itself. Is this reasonable?
Thanks,
Chase Douglas
On Jan 26, 2009, at 4:23 PM, Philipp Gühring wrote:
Hello Douglas,
I'm wanting to use openssl to provide a psk-like authentication and
encryption. While I see that openssl cvs has some TLS-PSK
functionality,
this does not seem to exist in any of the released tarballs. I run
gentoo and I don't
d if a
subsequent man in the middle attack is attempted, the server cert
won't match the CA cert the client possesses.
Does this design work as I am intending, with only one set of server
and client certs needed per server impl
