Hi Justin,
You've been extremely helpful! Thank you very much!
--- Justin Karneges <[EMAIL PROTECTED]> wrote:
> Hi,
>
> If you just want to compare fingerprints, you can
> avoid X509_STORE entirely.
> In OpenSSL, a verification failure doesn't mean the
> connection stops. This
> is how a
Hi,
If you just want to compare fingerprints, you can avoid X509_STORE entirely.
In OpenSSL, a verification failure doesn't mean the connection stops. This
is how apps are able to show those "do you want to continue?" prompts to the
user after verification problems.
So just use an empty X509
Thank you Justin!
Just to nail down my understanding of your last
paragraph - you said "just compare the fingerprint of
the certificate with your list of allowed
fingerprints" - My question is, would this be done in
my verify callback function? (int
(*verify_callback)(int, X509_STORE_CTX *)) ?
On Thursday 27 October 2005 07:25, M G wrote:
> Hi list,
>
> My goal is to create mutual authentication for small business (each client
> app is also a server that can share data securely), is there a way to use
> SSL the "normal" way i.e., to create an X509 store, set verify function,
> use certif
Hi list,
My goal is to create mutual authentication for small business (each client app is also a server that can share data securely), is there a way to use SSL the "normal" way i.e., to create an X509 store, set verify function, use certificates, etc, ... but not require usrs to sign with a CA
