[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]
Phil Dibowitz phil@usc.edu
Wed, 1 Jun 2005 23:45:36 -0700 (PDT)
On Wed, Jun 01, 2005 at 11:29:18PM -0700, Bryan Stansell wrote: > it all started with an innocent enough question: > > On Thu, May 26, 2005 at 11:00:35PM +0100, Michael Doyle wrote: > > Can anyone give me an example of using conserver with generated ssl cert's > > (i.e. -c file) for both the server and client. I've compiled conserver with > > openssl support and a tcpdump confirms that traffic is encrypted between > > server and client but when I start the daemon with a ' -c' pointing to a > > self signed certificate file I created, the client happily connects to > > consoles even though I've not specified the equivalent on the client side. > > My understanding is that if I use a cert then the server and client need to > > be using the same. Any pointers appreciated. > > and in looking into it, i notice certs weren't working right. the good > news is, being on a plane gave me time enough to really dig into this > and i found the problem (pretty simple, actually). i've included the > patch below, for those who'd actually like to use certs before the next > release. Oh - that explains why it "worked" for me - I was allowing unauthenticated ciphers.... I assume that was the part that _wasn't_ broken. OK. Cool. -- Phil Dibowitz Systems Architect and Administrator Enterprise Infrastructure / ISD / USC UCC 174 - 213-821-5427
Attachment:
pgp00000.pgp
Description: PGP signature