* Sebastián Treu wrote on Mon, Jul 05, 2010 at 10:39 -0300: > if we can use a fake DNS that resolves a name as we want and > also we can gather that certificate to be installed in the > fake-server,
This fake-server would not have the secret key belonging to the public key certified in the (public) certificate. SSL/TLS handshaking verifies that each peer really has the secret key (by requesting a signature made by it). oki, Steffen --[ end of message ]----------------------------------------------->8======= About Ingenico: Ingenico is a leading provider of payment solutions, with over 15 million terminals deployed in more than 125 countries. Its 2,850 employees worldwide support retailers, banks and service providers to optimize and secure their electronic payments solutions, develop their offer of services and increase their point of sales revenue. More information on http://www.ingenico.com/. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. P Please consider the environment before printing this e-mail ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org