On 2003-07-24 at 18:43, David Schwartz wrote:
Please check this url:
http://developer.netscape.com/docs/manuals/security/sslin/contents.htm
Server authentication, step 4
The only difference is that netscape just check domain name.
Does the domain name in the server's certificate match
There is a multi-thread example on book Network Security with OpenSSL.
Chapter 5.
Jacky
On 2003-07-24 at 09:15, Michiels Olivier wrote:
Hi,
I would to have a multithreaded server that accepts ssl connections.
My main thread accepts the ssl connection and then creates a new thread
with the
Yes, Lutz. That's why I want to check peer's FQDN against which on its
certificate.
Actually, just like what Steve said before, even the hacker can spoof DNS,
he still needs peer's certificates and key to masquerade the owner of that
key.
Checking of the FQDN is an extra step to prevent this to
Jue (Jacky) Shu wrote:
Yes, Lutz. That's why I want to check peer's FQDN against which on its
certificate.
Look at Lutz' list. You get already in step 1 the FQDN from the *user*,
so there is no need for further actions to find out the peer's FQDN.
Ciao,
Richard
--
Dr. Richard W. Könning
]
To: [EMAIL PROTECTED]
Sent: Wednesday, July 23, 2003 10:20 AM
Subject: Re: FQDN
Jue (Jacky) Shu wrote:
Sorry, Richard.
Maybe I didn't put it clearly.
There r two names, one is from the certificate, another one is from DNS.
They must match.
The other one is *not* from DNS, but from
hi all,
maybe it is not a SSL question. I want to make post-connection assertion to
prevent man-in-the-middle attack. But I don't know how to get FQDN of the
peer side(Not from peer's certificate, it must be other side's real address).
Is there any socket fucntion to get peer's FQDN?
thank you
intended. This verifies forward DNS lookup.
Regards,
Vadim
On Mon, Jul 21, 2003 at 12:12:49PM -0400, Jue (Jacky) Shu wrote:
hi all,
maybe it is not a SSL question. I want to make post-connection
assertion to
prevent man-in-the-middle attack. But I don't know how to get FQDN
Thx lutx, I found there is another SSL function to get peer's
certificate, not certificate chain.
SSL_get_peer_certificate(SSL).
man suggests using it instead of SSL_get_peer_cert_chain.
Jacky
On 2003-07-17 at 02:50, Lutz Jaenicke wrote:
On Wed, Jul 16, 2003 at 09:53:24PM -0400, Jue (Jacky
hi all,
which SSL function can return peer's DNS or FQDN name, such as get client's name on
server side?
Thx a lot.
Jacky
©zt,úèç-Ûiÿü0Â^Ë%¢¸±êÒºh®ÓX§¸¬¶^Ë%ºÇ«²^Ë%¢¸ ºÚj×.+-1©Úêæj:+v¨¢§²Éh®
Security with OpenSSL together.
Jacky
On 2003-07-15 at 11:32, Austin Krauss wrote:
I ran across this as well. Check out this thread:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg31473.html
austin
- Original Message -
From: Jue (Jacky) Shu [EMAIL PROTECTED]
To: [EMAIL
hi all,
i want to implement CRL check.
but when i use flag: X509_V_FLAG_CRL_CHECK,
the compiler tells me that it is an undelared indentifier.
i use openssl-0.9.7b.
i don't why, i can't find it from any head files under openssl.
anybody can give a clue to me?
thx a lot.
jacky
hi all,
I wrote a c client to access apache.
here is the code:
strcpy(buf, GET /index.html HTTP/1.0\r\nConnection:
Keep-Alive\r\n\r\n);
err = SSL_write(ssl, buf, strlen(buf));
I check the response, it works well.
so i use SSL_read() to get the http head and html content.
but when i use the
12 matches
Mail list logo