Hi there! First of all, happy holidays ;)
We're in the middle of the holiday season, so I do hope that there are some people around that are still reading the list, maybe even while being on holiday ;-) I'm having a chicken-egg problem, that I'm hoping someone on this list can help me with. I'm using OpenSSL to run a small CA and take care of encryption for an application that sends data over the internet. It is critical that all communication between the various nodes of the application are encrypted. The issue I'm running into is as follows: A new node (A) is about to make it's first connection to an already existing node (B). The new node knows the IP address and port number by use of a configuration file. The already existing node (B) has the posession of the following data: * The public root certificate * The full list of all signed certificates * The CRL * It's own public certificate and private key for the certificate The new node (A) has the posession of the following data: * The public root certificate * It's own public certificate and private key for the certificate Some more information: * Both the full list of signed certificates and CRL are not available from any other source than the already existing node * The commonName field is not to be used to identify the remote host, since the value of the commonName field in the certificate of the already existing node may vary How can I make the new node (A) send an encrypted request to the already existing node (B) while node A does not have any public key/certificate information about the already existing node (B), and still make sure that I am actually talking to B, and not some Man-In-The-Middle ? Thanks a bunch for any thoughts, Nils -- Simple guidelines to happiness: Work like you don't need the money, Love like your heart has never been broken and Dance like no one can see you. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]