On 26/8/2011 2:29 μμ, Arno Garrels wrote:
Dimitris Botsis wrote:
"remotely" I mean that client must contact server in order to find
certificate and then verify it to see if it contains signature that
client expects in order to establish trusted connection. Thank you
for replying
I still do not understand. A client must always connect to a server
in order to receive its certificate (chain). Verification of the received
certificate can be done locally or remotely by sending it to an OCSP
server. Do you by any chance mean OCSP?
http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
OCSP is not implemented in ICS, however if you use the Microsoft
Crypto API for certificate verification as shown in demo
OverbyteIcsMsVerify then Windows (Vista+) may use OCSP as well.
OK, let me explain what I want.
I want my client that connects over https to a server, before start
exchanging data with server, first to check if the certificate provided
by the server is the right one. I think there is a signature in
certificate which client will know, and verify if the certificate's
signature that is read from the server are the same.
And of course, any other things that may be used so that the client to
be sure that this is the right server or is not (not only based on IP
address connected).
Thank you.
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
