On Dec 2, 2005, at 2:17 AM, Victor Duchovni wrote:
So I would change this to:
int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
{
return 1;
}
You can test this. Give the client or server a the wrong private key
and the right certificate and watch the SSL handshake f
On Thu, Dec 01, 2005 at 04:08:38PM -0500, Sean Rhea wrote:
> >Clearly OpenSSL has already verified that the client
> >has a private key that matches the public key in the certificate, or
> >else all the certificace checks are pointless.
>
> Are you SURE about that? I'm not doubting you, it's jus
On Nov 30, 2005, at 10:48 PM, Victor Duchovni wrote:
Clearly OpenSSL has already verified that the client
has a private key that matches the public key in the certificate, or
else all the certificace checks are pointless.
Are you SURE about that? I'm not doubting you, it's just that
"Clearly
On Wed, Nov 30, 2005 at 09:52:57PM -0500, Sean Rhea wrote:
> Okay, but I need to do _some_ verification:
No, not really. Clearly OpenSSL has already verified that the client
has a private key that matches the public key in the certificate, or
else all the certificace checks are pointless. At this
On Nov 30, 2005, at 8:24 PM, Victor Duchovni wrote:
Yes, but the verification is optional just tell SSL that the certs
verify OK. Postfix only uses fingerprints of verified clients, but you
don't have to do that. The machinery is much the same. In the
Postfix client,
the server verification is
On Wed, Nov 30, 2005 at 06:07:20PM -0500, Sean Rhea wrote:
> On Nov 30, 2005, at 4:42 PM, Victor Duchovni wrote:
> >This is completely doable. Example code to be found in many SSL
> >applications.
> >
> > http://www.postfix.org/TLS_README.html#server_vrfy_client
> > http://www.postfix.org/
On Nov 30, 2005, at 4:42 PM, Victor Duchovni wrote:
This is completely doable. Example code to be found in many SSL
applications.
http://www.postfix.org/TLS_README.html#server_vrfy_client
http://www.postfix.org/TLS_README.html#server_access
http://www.postfix.org/postconf
On Wed, Nov 30, 2005 at 04:18:44PM -0500, Sean Rhea wrote:
> All,
>
> I'm trying to use OpenSSL in a rather peculiar way, and I wonder if
> anyone here can help me out. I have two peers. Each has an RSA
> public-private key pair and a self-signed X509 certificate. What I'd
> like to do i
