On Sat, Sep 26, 2009 at 03:49:34PM +0200, Michael Prinzinger wrote:
> Once I will have a first working prototype of the protocol, you will be able
> to check it our here:
> http://code.google.com/p/phantom/
Thanks for the offer, but I try avoid using security software written
by implementers new
Thank You for your help!
I understand now, that the client would not be able to offer a certificate
unless it owns the corresponding private key.
So it is enough to check that the certificate offered (or its fingerprint),
matches the certificate (resp. finger print) send to the server on a secure
Michael Prinzinger:
> I wrote a customized "check certificate" method, that simply compares
> the certificate the client offered during the connection build up, to
> the certificate we know it should be using. This works fine.
That works so long as you already know the certificate the client sho
On Fri, Sep 25, 2009 at 01:49:25PM +0200, Michael Prinzinger wrote:
> Dear Victor,
>
> thanks for your help.
> The problem is that I need to understand OpenSSL and its mechanisms and
No you need to understand SSL/TLS in general, and how to make use of
SSL in your protocol. The OpenSSL part will
On Fri September 25 2009, Michael Prinzinger wrote:
> Dear Victor,
>
> thanks for your help.
> The problem is that I need to understand OpenSSL and its mechanisms and
> possibilities in order to find a way to implement the design of the
> protocol.
> It would be nice if you could help a little bit
Dear Victor,
thanks for your help.
The problem is that I need to understand OpenSSL and its mechanisms and
possibilities in order to find a way to implement the design of the
protocol.
It would be nice if you could help a little bit further still, but I will
understand if you should choose not to.
sorry!
I mean BIO_do_connect()
this function automatically checks the client verificate,
so I need to overwrite the verifiction callback BIO_do_connect uses
thx
On Thu, Sep 24, 2009 at 5:13 PM, Michael Prinzinger wrote:
> Thank You very much Victor,
>
> I think I understand now how it can be don
Thank You very much Victor,
I think I understand now how it can be done.
If you could give me one last pointer, how to overwrite the verification
callback function,
that is called when executing "BIO_do_handshake", I'd be very grateful.
sorry for using misguiding vocanulary :)
Michael
On Thu, S
On Thu, Sep 24, 2009 at 04:23:03PM +0200, Michael Prinzinger wrote:
> > Are you saying that the accepting system expects X.509 client credentials
> > from the connecting system, but that the payload (encrypted to the
> > receiving node's public key) also contains the same certificate, and
> > you
Thank You again Victor for your answer,
You are right, I am not to firm with OpenSSL terminology.
I tried to find some tutorials and introduction, but found relatively few,
and thus tried to understand OpenSSL from looking at the man pages and the
code,
which makes it a little hard to get the big
On Thu, Sep 24, 2009 at 12:00:05AM +0200, Michael Prinzinger wrote:
> > "Certificates" are useless without corresponding signed messages. What
> > messages are signed by the private key of the "previous" node, that the
> > current node can forward to the next?
> >
>
> I only want to verify that t
* Victor Duchovni wrote on Wed, Sep 23, 2009 at 16:18 -0400:
> On Wed, Sep 23, 2009 at 10:04:48PM +0200, Michael Prinzinger wrote:
>
> > I have a somewhat curious setting (without CAs) about [...]
> >
> > > //check certificate
>
> This only verifies the server's *trust chain*, but not its
> i
Hope this helps.
Ashish.
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Michael Prinzinger
Sent: Wednesday, September 23, 2009 2:02 PM
To: openssl-users@openssl.org
Subject: Re: verify client certificate at a later point
Thank You Ashish for your answ
Dear Victor,
On Wed, Sep 23, 2009 at 11:33 PM, Victor Duchovni <
victor.ducho...@morganstanley.com> wrote:
> On Wed, Sep 23, 2009 at 10:43:11PM +0200, Michael Prinzinger wrote:
>
> "Certificates" are useless without corresponding signed messages. What
> messages are signed by the private key of t
On Wed, Sep 23, 2009 at 10:43:11PM +0200, Michael Prinzinger wrote:
> I am trying to establish a routing path for an anonymity protocol (
> http://en.wikipedia.org/wiki/Phantom_Anonymity_Protocol).
> This is a one way procedure: the node that wants to be anonymized selects a
> couple of other node
Thank You Ashish for your answer!
On Wed, Sep 23, 2009 at 10:30 PM, Ashish Thapliyal <
ashish.thapli...@citrix.com> wrote:
> I set the following for the global context which is used to create the
> connection:
>
> // Set the SSL certificate verify mode
>
> SSL_CTX_set_verify(_glo
Thank you for your answer Victor,
I am trying to establish a routing path for an anonymity protocol (
http://en.wikipedia.org/wiki/Phantom_Anonymity_Protocol).
This is a one way procedure: the node that wants to be anonymized selects a
couple of other nodes and sends an array with setup packages (
I set the following for the global context which is used to create the
connection:
// Set the SSL certificate verify mode
SSL_CTX_set_verify(_globalContext, SSL_VERIFY_PEER, NULL);
Then the server requests the peer (i.e. the client) for a certificate during
the handshake, which t
On Wed, Sep 23, 2009 at 10:04:48PM +0200, Michael Prinzinger wrote:
> and let the client verify the servers certificate, like this
>
> X509* x509 = SSL_get_peer_certificate(s);
> > CHECK(x509 != NULL);
> >
> > //check certificate
> > long certVerifyResults = SSL_get_verify_resul
19 matches
Mail list logo