Hmm ok I get it.
So, to be able to get the fingerprint for the used certificates during a
TLS handshake is possible by using the SSL_set_verify callbacks in the
application or is the mentioned postfix useful for this purpose?
_
On Mon, Mar 15, 2021 at 12:23:54PM +0100, Robert Ionescu wrote:
> I already found the callbacks for the verification process and I am
> still trying to figure it out if it is possible to change them in a
> way that they will print some certificate information to determine
> which certificate was u
I already found the callbacks for the verification process and I am still
trying to figure it out if it is possible to change them in a way that they
will print some certificate information to determine which certificate was
used?
On Fri, Mar 12, 2021 at 09:06:57AM +0100, Robert Ionescu wrote:
> With "wrong" certificate I meant "invalid certificate". So the idea
> was in a bigger environment with a lot of certificates, to make the
> invalid certificate debugging easier by getting more information from
> openssl to identify
Thu, Mar 11, 2021 at 8:40 PM Michael Wojcik <
michael.woj...@microfocus.com> wrote:
> > From: openssl-users On Behalf Of
> Viktor
> > Dukhovni
> > Sent: Thursday, 11 March, 2021 10:39
> > To: openssl-users@openssl.org
> > Subject: Re: Client certificate a
> From: openssl-users On Behalf Of Viktor
> Dukhovni
> Sent: Thursday, 11 March, 2021 10:39
> To: openssl-users@openssl.org
> Subject: Re: Client certificate authentication
>
> > On Mar 11, 2021, at 2:16 PM, Robert Ionescu
> wrote:
> >
> > I am searchi
If he's trying to muck with the library, he's probably struggling with a
precompiled binary he doesn't have the source code to.
-Kyle H
On Thu, Mar 11, 2021, 11:48 Viktor Dukhovni
wrote:
> > On Mar 11, 2021, at 2:16 PM, Robert Ionescu
> wrote:
> >
> > I am searching for the functions in openss
> On Mar 11, 2021, at 2:16 PM, Robert Ionescu
> wrote:
>
> I am searching for the functions in openssl used to verify the clients
> certificate when using mutual authentication.
The same code verifies peer certificate chains, whether client or server.
> My intention is to find a way to log a w
[EMAIL PROTECTED] wrote:
Is there a (reasonable) way to authenticate a client (browser)
certificate from a CGI without having to modify the web server
configuration.
What we are up against is that we produce a package that is supported
on a variety of platforms and web servers. We have been inf
Benjamin Grosman <[EMAIL PROTECTED]>:
> I am able to fetch the issue and subject details of the client certificate
> from inside the server, but how do I know that someone hasn't simply
> generated their own certificate with the same details?
If you initialize the verification settings with abou
10 matches
Mail list logo
