On Thu, Oct 11, 2012 at 6:47 PM, Charles Mills charl...@mcn.org wrote:
Thanks.
My boss is not technical. I am the CTO of this product. Our customers are
your basic commercial customers. Yes, I picture that they would be their own
CA. Why pay Verisign if you don't have a bunch of people
away into the wild, right?
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent: Wednesday, October 10, 2012 12:48 PM
To: openssl-users@openssl.org
Subject: RE: Best practice for client cert name checking
: Saturday, October 06, 2012 9:52 AM
To: openssl-users@openssl.org
Subject: Best practice for client cert name checking
I have recently written a product that incorporates SSL/TLS
server code that
processes client certificates. I designed what I thought made
sense at the
time but now I am
From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
Sent: Saturday, 06 October, 2012 19:11
On Sat, Oct 6, 2012 at 5:41 PM, Charles Mills
charl...@mcn.org wrote:
Thanks. I'm a relative newbie to this whole topic. Can you
point me to a resource that describes pin in the sense
On 06.10.2012 23:41 , Charles Mills charl...@mcn.org wrote:
Thanks. I'm a relative newbie to this whole topic. Can you point me to a
resource that describes pin in the sense you use it below? The word is
too common for the Google to be much help.
try searching for certificate pinning. If you
Dave, any thoughts on my original question? My thread kind of got hi-jacked.
Charles
-Original Message-
From: Charles Mills [mailto:charl...@mcn.org]
Sent: Saturday, October 06, 2012 9:52 AM
To: openssl-users@openssl.org
Subject: Best practice for client cert name checking
I have
On Mon, Oct 08, 2012 at 07:42:04AM +, Marco Molteni (mmolteni) wrote:
try searching for certificate pinning. If you are familiar with ssh, it
is the same concept of the StrictHostKeyChecking option (although
obviously SSH and TLS are completely distinct protocols and by default SSH
doesn't
On Mon, Oct 8, 2012 at 9:25 AM, Mark H. Wood mw...@iupui.edu wrote:
On Mon, Oct 08, 2012 at 07:42:04AM +, Marco Molteni (mmolteni) wrote:
try searching for certificate pinning. If you are familiar with ssh, it
is the same concept of the StrictHostKeyChecking option (although
obviously SSH
]
On Behalf Of Jeffrey Walton
Sent: Monday, October 08, 2012 11:13 AM
To: OpenSSL Users List
Subject: Re: Best practice for client cert name checking
On Mon, Oct 8, 2012 at 9:25 AM, Mark H. Wood mw...@iupui.edu wrote:
On Mon, Oct 08, 2012 at 07:42:04AM +, Marco Molteni (mmolteni) wrote:
try
and server can perform the
additional validations.
Jeff
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Jeffrey Walton
Sent: Monday, October 08, 2012 11:13 AM
To: OpenSSL Users List
Subject: Re: Best practice for client cert
On Sat, Oct 6, 2012 at 2:52 PM, Charles Mills charl...@mcn.org wrote:
I have recently written a product that incorporates SSL/TLS server code that
processes client certificates. I designed what I thought made sense at the
time but now I am wondering if what I did was best.
In the product's
To: openssl-users@openssl.org
Subject: Re: Best practice for client cert name checking
On Sat, Oct 6, 2012 at 2:52 PM, Charles Mills charl...@mcn.org wrote:
I have recently written a product that incorporates SSL/TLS server
code that processes client certificates. I designed what I thought
made sense
I have recently written a product that incorporates SSL/TLS server code that
processes client certificates. I designed what I thought made sense at the
time but now I am wondering if what I did was best.
In the product's configuration file the sysadmin may optionally include a
whitelist of client
On Sat, Oct 6, 2012 at 9:52 AM, Charles Mills charl...@mcn.org wrote:
I have recently written a product that incorporates SSL/TLS server code that
processes client certificates. I designed what I thought made sense at the
time but now I am wondering if what I did was best.
In the product's
...@openssl.org]
On Behalf Of Jeffrey Walton
Sent: Saturday, October 06, 2012 4:40 PM
To: openssl-users@openssl.org
Subject: Re: Best practice for client cert name checking
On Sat, Oct 6, 2012 at 9:52 AM, Charles Mills charl...@mcn.org wrote:
I have recently written a product that incorporates SSL/TLS
for client cert name checking
On Sat, Oct 6, 2012 at 9:52 AM, Charles Mills charl...@mcn.org wrote:
I have recently written a product that incorporates SSL/TLS server
code that processes client certificates. I designed what I thought
made sense at the time but now I am wondering if what I did
16 matches
Mail list logo
