>From my understanding, the client cert is transmitted in clear.
When server receives the client cert, server verifies the client
cert using a CA (or chained CAs), like verifying the date, signature,
etc. The question I have is that whoever could intercepts the client
cert could fake the client. Am I right?
Thanks.
--Yunhong
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]