'Lo. I'm working on a small server program (the actual details of which aren't important).
I want to use certificates and TLS to provide strong authentication but two questions still remain: 1. Users have accounts on the server. A user may have many certificates registered to his account (and may log in using any of them). I want the user's username to appear in each certificate and the proper place for this appears to be in the CommonName field. The problem: Unless I'm mistaken, this field seems to be assumed to contain a hostname which is then checked and results in a warning if it doesn't match the expected value (which of course, it never will). Is there a better place to put an application-specific username in certificates? 2. I want to only allow connections from peers the server has certificates for - a whitelist. What's the simplest way to implement this? At the moment, I can only seem to get GnuTLS to verify peers with the CA (which it needs to do anyway, but I want to add this additional restriction). As for the second question, I suppose I could create a server-specific CA, issue certificates to all clients and then only check connecting client certs against that CA (effectively creating a whitelist). Perhaps there's a better way, though? _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
