subject:"RE\: reg\: question about SSL server cert verification"

Re: reg: question about SSL server cert verification

2021-06-20 Thread Viktor Dukhovni

> On 19 Jun 2021, at 10:08 pm, Jakob Bohm via openssl-users > wrote: > >> Differences are observed once the local trust store contains some >> intermediate certificates or the remote chain provides a cross cert for >> which the local store instead contains a corresponding (same subject >> name a

Re: reg: question about SSL server cert verification

2021-06-19 Thread Jakob Bohm via openssl-users

On 2021-06-18 17:07, Viktor Dukhovni wrote: On Fri, Jun 18, 2021 at 03:09:47PM +0200, Jakob Bohm via openssl-users wrote: Now the client simply works backwards through that list, checking if each certificate signed the next one or claims to be signed by a certificate in /etc/certs. This looku

RE: reg: question about SSL server cert verification

2021-06-18 Thread Michael Wojcik

2021 07:10 > >> To: openssl-users@openssl.org > >> Subject: Re: reg: question about SSL server cert verification > >> > > And there are a whole bunch of other checks: signature, validity dates, key > > usage, basic constraints... > > Those checks would

Re: reg: question about SSL server cert verification

2021-06-18 Thread Viktor Dukhovni

On Fri, Jun 18, 2021 at 05:37:33PM +0200, Jakob Bohm via openssl-users wrote: > > Also, the correspondence between the peer identity as requested by > > the client, and as represented by the entity certificate, should not > > be done using the CN component of the Subject DN (as OP suggested), > >

Re: reg: question about SSL server cert verification

2021-06-18 Thread Jakob Bohm via openssl-users

On 2021-06-18 16:23, Michael Wojcik wrote: From: openssl-users On Behalf Of Jakob Bohm via openssl-users Sent: Friday, 18 June, 2021 07:10 To: openssl-users@openssl.org Subject: Re: reg: question about SSL server cert verification On 2021-06-18 06:38, sami0l via openssl-users wrote: I&#

Re: reg: question about SSL server cert verification

2021-06-18 Thread Viktor Dukhovni

On Fri, Jun 18, 2021 at 03:09:47PM +0200, Jakob Bohm via openssl-users wrote: > Now the client simply works backwards through that list, checking if > each certificate signed the next one or claims to be signed by a > certificate in /etc/certs. This lookup is done based on the complete > distingu

RE: reg: question about SSL server cert verification

2021-06-18 Thread Michael Wojcik

> From: openssl-users On Behalf Of Jakob > Bohm via openssl-users > Sent: Friday, 18 June, 2021 07:10 > To: openssl-users@openssl.org > Subject: Re: reg: question about SSL server cert verification > > On 2021-06-18 06:38, sami0l via openssl-users wrote: > > I'm c

Re: reg: question about SSL server cert verification

2021-06-18 Thread Jakob Bohm via openssl-users

On 2021-06-18 06:38, sami0l via openssl-users wrote: I'm curious how exactly an SSL client verifies an SSL server's certificate which is signed by a CA. So, during the SSL handshake, when the server sends its certificate, will the SSL client first checks the `Issuer`'s `CN` field from the x509

Re: reg: question about SSL server cert verification

Re: reg: question about SSL server cert verification

RE: reg: question about SSL server cert verification

Re: reg: question about SSL server cert verification

Re: reg: question about SSL server cert verification

Re: reg: question about SSL server cert verification

RE: reg: question about SSL server cert verification

Re: reg: question about SSL server cert verification

8 matches

Site Navigation

Mail list logo

Footer information