Hi Andrew,
Andrew Cooke wrote:
>
> Flemming Jans wrote:
> > I'm using openssl 0.9.4 on Sparc Solaris 2.6/2.7 for a webserver like
> > process which must recognize customers from a simple username/password
> > scheme or from a client certificate.
> >
> > The customer 'subscription' is stored in a database where the username
> > is the unique identifier.
> >
> > 1) When using a client certificate I guess the unique username must be
> > stored in the certificate right ? Is the field Common Name (CN) used for
> > this purpose ? Am I guaranteed that this field is unique or is this up
> > to the CA issuing the certificate?
>
> Since openssl is both open source and can generate certificates, I can't
> think of a mechanism that could possibly guarantee that CNs were
> unique! The simplest solution might be to use the hash of the
> certificate (SSL_get_peer_certificate; x509_digest) - for all practical
> purposes, this is unique.
Ok, I have tried the following code snip which works:
client_cert = SSL_get_peer_certificate(con);
X509_digest(client_cert, EVP_md5(), digest, &digest_len);
Which message digest should I use ? md5 or other ? Is the digest
guaranteed to be unique mathematically or how does a digest work??
Regards,
--
Flemming F. Jans
Manager, Software Development
Belle Systems A/S
Tel.: +45 5944 2500
Mobile: +45 2340 9375
Fax.: +45 5944 2588
E-mail: [EMAIL PROTECTED]
www.bellesystems.com
Defining the Future of IP Services
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
