On Thu, 18 Apr 2002, Joern Sierwald wrote:
> At 10:19 18.04.2002 +0200, you wrote:
> >Hi,
> >
> >Is it possible to prevent apache from automatically giving out its server
> >certificate to everyone that is connecting to the server?
> >I want apache to only allow access to thoose that already have the
> >certificate installed in their clients.
> >It will be a form of access control.
> >
> >I need this functionality since only a few applications will ever access
> >this virtual host. The clients will come from a wide range of IP-adresses
> >(not predictable) so I cant stop access that way.
> >I also would like to avoid client certificates.
> >
> >Regards,
> >Tobbe
> >
> >______________________________________________________________________
> >OpenSSL Project http://www.openssl.org
> >User Support Mailing List [EMAIL PROTECTED]
> >Automated List Manager [EMAIL PROTECTED]
>
> I think you make a basic mistake here: You assume that the client NEEDS the
> server certificate to
> make a connection. That is not true. The Client can, if he chooses to,
> ignore the server's signature
> and therefore not need the server's certificate.
Client need server public key, part of certificate.
Well, client could ignore SSL and talk in plaintext
> So, even if an (enemy) client does not have the server's cert - he can
> still connect. Is that what you want?
>
> Jörn
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
