Re: 2 certs on one machine

Mon, 08 Nov 2004 15:19:58 -0800 

In message <[EMAIL PROTECTED]> on Mon, 08 Nov 2004 12:49:58 -0500, Charles B 
Cranston <[EMAIL PROTECTED]> said:

zben> I guess my comments were kind of conditioned on the certificate
zben> being for HTTPS, however, the underlying problem occurs in all
zben> SSL transfers: when multiple domain names resolve to the same IP
zben> address there is no way for a server to know which of the
zben> certificates to present, and since the negotiation of the secure
zben> channel happens before the channel opens there is no way to
zben> deduce which domain name was originally given from data given
zben> in the channel, since it is not yet open.
zben> 
zben> I guess TLS gets around this, since you could at least
zben> theoretically defer switching the channel into secure mode
zben> until AFTER enough information has been presented by the
zben> initiator for the responder to know which certificate the
zben> initiator is going to expect.

TLS currently doesn't solve this.  However, there is a proposed
extension where the host name can be declared early in the handshake.

However, considering the original poster talks about two IP addresses
with one FQDN assigned to each of them, I wonder why the hell you're
going off on this tangent:

zben> >>> I have a machine with two static IPs, presently on one NIC
                                ^^^^^^^^^^^^^^
zben> >>> using a virtual interface.  I'd like to make two self-signed
zben> >>> certs, one per IP.  Is this possible given that the machine
zben> >>> only has one hostname?
zben> >>>
zben> >>> If it matters, the two IPs differ by just the last digit,
zben> >>> but one IP is a .com, and the other is a .net.
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Cheers,
Richard
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

-- 
Richard Levitte                         [EMAIL PROTECTED]
                                        http://richard.levitte.org/

"When I became a man I put away childish things, including
 the fear of childishness and the desire to be very grown up."
                                                -- C.S. Lewis
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to