It seems I have not explained myself ably. I completly understand that Private Keys should and would never be sent across.
But assume that you are going through a proxy using SSL. And the proxy has no capability to verify the certs. That capablity is vested with a server that sits behind the proxy(I call it the Backend server). Now all I want is to get the cert presented by the client, to be passed on by the proxy, to the backend server. Usually prox'ies, replicate a connection they receive. ie., they will initiate a new connection to the Backend Server, for every connection they receive from the client. Thus we have two seperate SSL connections between the client and the backend server. One from client to the proxy and the other from proxy to the backend server. In succint, the question is how to use the cert presented by the client in the SSL connection between proxy and the backend server. thanks to all of you, rsr. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael Helm Sent: Monday, February 10, 2003 1:55 AM To: [EMAIL PROTECTED] Subject: Re: Tunneling Client Certs > > I have the following scenario - > > > > Client Cert -- Tunnel Server - Tunnel Client -- Backend server. > > > > The requirement is to pass the Client Cert to the Backend server. > If you could do that then anyone who had access to a certificate > (for example the recipent of signed email) could impersonate the sender or You may want to look at how Globus deals with a similar problem for grids; see: http://www-fp.globus.org/security/ and http://www.ietf.org/internet-drafts/draft-ietf-pkix-proxy-03.txt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
