On Thu, 18 Apr 2002, Vadim Fedukovich wrote: > On Thu, 18 Apr 2002, Joern Sierwald wrote: > > > At 10:19 18.04.2002 +0200, you wrote: > > >Hi, > > > > > >Is it possible to prevent apache from automatically giving out its server > > >certificate to everyone that is connecting to the server? > > >I want apache to only allow access to thoose that already have the > > >certificate installed in their clients. > > >It will be a form of access control. > > > > > >I need this functionality since only a few applications will ever access > > >this virtual host. The clients will come from a wide range of IP-adresses > > >(not predictable) so I cant stop access that way. > > >I also would like to avoid client certificates. > > > > I think you make a basic mistake here: You assume that the client NEEDS the > > server certificate to > > make a connection. That is not true. The Client can, if he chooses to, > > ignore the server's signature > > and therefore not need the server's certificate. > > Client need server public key, part of certificate. > Well, client could ignore SSL and talk in plaintext
No. The client normally performs the verification of the challenge signed by the server. But it can eventually skip this verification, and go on talking SSL with the server... -- Erwann ABALEA <[EMAIL PROTECTED]> - RSA PGP Key ID: 0x2D0EABD5 ----- FB> Ollivier, BOUM? Fait. -+- Roberto in GNU : Boum, quand notre Kontrol fait Boum -+- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
