>From my understanding, the client cert is transmitted in clear.
When server receives the client cert, server verifies the client
cert using a CA (or chained CAs), like verifying the date, signature,
etc. The question I have is that whoever could intercepts the client
cert could fake the client.
It is run time memmeory on BSDI 4.0.1. I did the measurement a few weeks
ago. (Does the day matter :=?)
My testing might not be accurate. If anyone has done the similar test,
please putlish the result.
Thanks.
--Yunhong
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTE
We are writing our server using openssl-0.9.4. If I understand it
correctly, here is how to do chain cert and client auth on the server
side.
o chain cert
Put the server cert and all CAs in a single file and use
"SSL_CTX_use_certificate_chain_file".
The order of certs in the file is ver
I like to create a CA key/cert, and a end user key/cert
with SGC on. And then, I need to import the CA key/cert
into Communicator or Explorer, and put the end user key/cert
to Apache+mod_ssl server.
How do I create the certs with SGC on and import the CA cert
to a browser using openssl-0.9.4?
T
I got the same problem with version 0.9.4. 'apps/x509.c' tries to read
'client.csr' as a certificate, not a certificate request. But, 'client.csr'
is a certificate request. I believe the cmd should be:
"openssl x509 -req -in client.csr ..."
Meanwhile, I got another question. Is it possible to g
I downloaded openssl-0.9.4, configured the target to bsdi-elf-gcc and
compiled
on my BSDI-4.0 machine. The performance from "s_time" in "app/openssl" is
extremely slow when session id is reused. Here is how I run the command:
openssl s_server -port -cert server.pem -www -ssl3
