-----Mensaje original----- De: Jeffrey Altman [mailto:[EMAIL PROTECTED]] Enviado el: jueves, 06 de junio de 2002 19:58 Para: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Asunto: Re: telnetd-ssl That depends on whose Telnetd you are using and how you want the client's to be authorized. -I'm on a Debian 2.4.6 with telnetd-ssl and telnet-ssl (0.17), openssl 0.9.6-c and their libs, latest libc6 and depending libs. This is testing versión on Debian. -I've talked with the responsible of package and he said that the original sources are from telnetssl and he never tested the authentication certificate client. I've tried to do this with this config: -CA root certificate installed and accessible. -Two x509 certs verified certs created with demoCa (signed by CA root certificate): *telnetd cert subject and issuer subject=/C=ES/ST=Castellon/L=Castellon/O=IN3 S.A./OU=Telnet/CN=zidane.in3.es issuer =/C=ES/ST=Castellon/L=Castellon/O=IN3 Certificate Authority/OU=IN3 Certificate Authority/CN=IN3 *newcert cert subject and issuer subject=/C=ES/ST=Castellon/L=Castellon/O=IN3 S.A./OU=staff/CN=<user name>, where user name is valid user system issuer =/C=ES/ST=Castellon/L=Castellon/O=IN3 Certificate Authority/OU=IN3 Certificate Authority/CN=IN3 -telnetd entry on inetd.conf: telnets stream tcp nowait telnetd.telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd -z cert=/etc/ssl/certs/telnetd.pem -z key=/etc/ssl/private/telnetd.key -z certrequired -z secure -z verify=1 -z certsok -command line from bash: telnet-ssl -z cert=newcert.pem -z debug -z verbose -z key=newcert.key -z verify=1 zidane.in3.es 992 The exit during execeution of client: [SSL - attempting to switch on SSL] [SSL - handshake starting] SSL_connect:UNKWN before/connect initialization SSL_connect:23WCHA SSLv2/v3 write client hello A SSL_connect:3RSH_A SSLv3 read server hello A Certificate[0] subject=/C=ES/ST=Castellon/L=Castellon/O=IN3 S.A./OU=Telnet/CN=zidane.in3.es Certificate[0] issuer =/C=ES/ST=Castellon/L=Castellon/O=IN3 Certificate Authority/OU=IN3 Certificate Authority/CN=IN3 Certificate Authority SSL_connect:error in 3RSC_B SSLv3 read server certificate B SSL_connect:error in 3RSC_B SSLv3 read server certificate B [SSL - FAILED (-1)] telnet: Unable to ssl_connect to remote host: Success 3752:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:769: [SSL - SSL_accept error] Connection closed by foreign host. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
BEGIN:VCARD VERSION:2.1 N:Guerrero;Manuel FN:Manuel Guerrero EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20010529T163110Z END:VCARD