On Wed, Sep 5, 2012 at 4:32 PM, Mark Montague m...@catseye.org wrote:
...
As you can see, the CN is not a hostname and does not get validated by
httpd. You need to rely on the certificate authorities you trust in order to
not sign certificates for improper CNs -- for example, the CN of a host
On Sun, Sep 09, 2012 at 08:36:30AM -0500, Tom Browder wrote:
So the client cert. does contain the private key? Then its password
is all that is protecting it?
No, the key is normally (but not always) kept separately.
Mark, in your experience, what is the best way to distribute client
On Sun, Sep 9, 2012 at 8:59 AM, Pete Houston p...@openstrike.co.uk wrote:
On Sun, Sep 09, 2012 at 08:36:30AM -0500, Tom Browder wrote:
So the client cert. does contain the private key? Then its password
is all that is protecting it?
No, the key is normally (but not always) kept separately.
All,
I'm starting to use SSLVerifyClient. I can't find any documentation on exactly
what it means to verify a client, however.
By reading the source, I found that some of the work is delegated to OpenSSL
and its behavior is somewhat documented here:
On September 5, 2012 16:32 , john.e.gr...@wellsfargo.com wrote:
I’m starting to use SSLVerifyClient. I can’t find any documentation on
exactly what it means to verify a client, however.
By reading the source, I found that some of the work is delegated to
OpenSSL and its behavior is somewhat