On Thu, Oct 11, 2012 at 6:47 PM, Charles Mills wrote:
> Thanks.
>
> My boss is not technical. I am the CTO of this product. Our customers are
> your basic commercial customers. Yes, I picture that they would be their own
> CA. Why pay Verisign if you don't have a bunch of people sitting at their
>
the problem of a client certificate that "got away" into the wild, right?
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent: Wednesday, October 10, 2012 12:48 PM
To: openssl-users@openssl.o
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Monday, 08 October, 2012 07:47
> Dave, any thoughts on my original question? My thread kind of
> got hi-jacked.
Not much, but since you ask:
> -Original Message-
> From: Charles Mills [mailto:charl...@mcn.org]
>
oth the client and server can perform the
additional validations.
Jeff
> -Original Message-
> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jeffrey Walton
> Sent: Monday, October 08, 2012 11:13 AM
> To: OpenSSL Users List
>
sl-us...@openssl.org]
On Behalf Of Jeffrey Walton
Sent: Monday, October 08, 2012 11:13 AM
To: OpenSSL Users List
Subject: Re: Best practice for client cert name checking
On Mon, Oct 8, 2012 at 9:25 AM, Mark H. Wood wrote:
> On Mon, Oct 08, 2012 at 07:42:04AM +, Marco Molteni (mmolteni) wrot
On Mon, Oct 8, 2012 at 9:25 AM, Mark H. Wood wrote:
> On Mon, Oct 08, 2012 at 07:42:04AM +, Marco Molteni (mmolteni) wrote:
>> try searching for "certificate pinning". If you are familiar with ssh, it
>> is the same concept of the StrictHostKeyChecking option (although
>> obviously SSH and TLS
On Mon, Oct 08, 2012 at 07:42:04AM +, Marco Molteni (mmolteni) wrote:
> try searching for "certificate pinning". If you are familiar with ssh, it
> is the same concept of the StrictHostKeyChecking option (although
> obviously SSH and TLS are completely distinct protocols and by default SSH
> do
Dave, any thoughts on my original question? My thread kind of got hi-jacked.
Charles
-Original Message-
From: Charles Mills [mailto:charl...@mcn.org]
Sent: Saturday, October 06, 2012 9:52 AM
To: openssl-users@openssl.org
Subject: Best practice for client cert name checking
I have recent
On 06.10.2012 23:41 , "Charles Mills" wrote:
>Thanks. I'm a relative newbie to this whole topic. Can you point me to a
>resource that describes "pin" in the sense you use it below? The word is
>too common for the Google to be much help.
try searching for "certificate pinning". If you are famili
> From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
> Sent: Saturday, 06 October, 2012 19:11
> On Sat, Oct 6, 2012 at 5:41 PM, Charles Mills
> wrote:
> > Thanks. I'm a relative newbie to this whole topic. Can you
> point me to a resource that describes "pin" in the sense you
>
0:38 AM
To: openssl-users@openssl.org
Subject: Re: Best practice for client cert name checking
On Sat, Oct 6, 2012 at 2:52 PM, Charles Mills wrote:
> I have recently written a product that incorporates SSL/TLS server
> code that processes client certificates. I designed what I thought
>
On Sat, Oct 6, 2012 at 2:52 PM, Charles Mills wrote:
> I have recently written a product that incorporates SSL/TLS server code that
> processes client certificates. I designed what I thought made sense at the
> time but now I am wondering if what I did was best.
>
> In the product's configuration
ign certificate[0] (some hand
waiving since certificates can't sign one another).
Jeff
> -Original Message-
> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jeffrey Walton
> Sent: Saturday, October 06, 2012 4:40 PM
> To: o
wner-openssl-us...@openssl.org]
On Behalf Of Jeffrey Walton
Sent: Saturday, October 06, 2012 4:40 PM
To: openssl-users@openssl.org
Subject: Re: Best practice for client cert name checking
On Sat, Oct 6, 2012 at 9:52 AM, Charles Mills wrote:
> I have recently written a product that incorporates SSL/
On Sat, Oct 6, 2012 at 9:52 AM, Charles Mills wrote:
> I have recently written a product that incorporates SSL/TLS server code that
> processes client certificates. I designed what I thought made sense at the
> time but now I am wondering if what I did was best.
>
> In the product's configuration
15 matches
Mail list logo
