RE: FQDN

On 2003-07-24 at 18:43, David Schwartz wrote: Please check this url: http://developer.netscape.com/docs/manuals/security/sslin/contents.htm Server authentication, step 4 The only difference is that netscape just check domain name. Does the domain name in the server's certificate match

Re: Multithreading and SSL

There is a multi-thread example on book Network Security with OpenSSL. Chapter 5. Jacky On 2003-07-24 at 09:15, Michiels Olivier wrote: Hi, I would to have a multithreaded server that accepts ssl connections. My main thread accepts the ssl connection and then creates a new thread with the

Re: FQDN

Yes, Lutz. That's why I want to check peer's FQDN against which on its certificate. Actually, just like what Steve said before, even the hacker can spoof DNS, he still needs peer's certificates and key to masquerade the owner of that key. Checking of the FQDN is an extra step to prevent this to

Re: FQDN

Jue (Jacky) Shu wrote: Yes, Lutz. That's why I want to check peer's FQDN against which on its certificate. Look at Lutz' list. You get already in step 1 the FQDN from the *user*, so there is no need for further actions to find out the peer's FQDN. Ciao, Richard -- Dr. Richard W. Könning

Re: FQDN

] To: [EMAIL PROTECTED] Sent: Wednesday, July 23, 2003 10:20 AM Subject: Re: FQDN Jue (Jacky) Shu wrote: Sorry, Richard. Maybe I didn't put it clearly. There r two names, one is from the certificate, another one is from DNS. They must match. The other one is *not* from DNS, but from

FQDN

hi all, maybe it is not a SSL question. I want to make post-connection assertion to prevent man-in-the-middle attack. But I don't know how to get FQDN of the peer side(Not from peer's certificate, it must be other side's real address). Is there any socket fucntion to get peer's FQDN? thank you

Re: FQDN

intended. This verifies forward DNS lookup. Regards, Vadim On Mon, Jul 21, 2003 at 12:12:49PM -0400, Jue (Jacky) Shu wrote: hi all, maybe it is not a SSL question. I want to make post-connection assertion to prevent man-in-the-middle attack. But I don't know how to get FQDN

Re: which SSL function

Thx lutx, I found there is another SSL function to get peer's certificate, not certificate chain. SSL_get_peer_certificate(SSL). man suggests using it instead of SSL_get_peer_cert_chain. Jacky On 2003-07-17 at 02:50, Lutz Jaenicke wrote: On Wed, Jul 16, 2003 at 09:53:24PM -0400, Jue (Jacky

which SSL function

hi all, which SSL function can return peer's DNS or FQDN name, such as get client's name on server side? Thx a lot. Jacky ©zt’,úèç-†Ûiÿü0Š^žË%¢¸±êÒºšh®ÓŠX§€¸¬¶Š^žË%ºÇ«²Š^žË%¢¸ºÚjם.+-1©Úêæj:+v‰¨¢—§²Éh®

Re: CRL problem

Security with OpenSSL together. Jacky On 2003-07-15 at 11:32, Austin Krauss wrote: I ran across this as well. Check out this thread: http://www.mail-archive.com/[EMAIL PROTECTED]/msg31473.html austin - Original Message - From: Jue (Jacky) Shu [EMAIL PROTECTED] To: [EMAIL

can't use X509_V_FLAG_CRL_CHECK

hi all, i want to implement CRL check. but when i use flag: X509_V_FLAG_CRL_CHECK, the compiler tells me that it is an undelared indentifier. i use openssl-0.9.7b. i don't why, i can't find it from any head files under openssl. anybody can give a clue to me? thx a lot. jacky

access apache only once

hi all, I wrote a c client to access apache. here is the code: strcpy(buf, GET /index.html HTTP/1.0\r\nConnection: Keep-Alive\r\n\r\n); err = SSL_write(ssl, buf, strlen(buf)); I check the response, it works well. so i use SSL_read() to get the http head and html content. but when i use the