[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

SSL: how to tell client what certificate to expect?

Thor Simon tls@coyotepoint.com
Mon, 1 Nov 2010 22:19:34 GMT


I don't quite understand Conserver's SSL support.  What is the purpose
of specifying a certificate for a client, if the server cannot use it to
identify a particular user?

How do I tell the client what certificate to expect (or what CA to expect
to have signed it) for the server?  If there's no way to do that, then
there is no real protection from using SSL, since it is trivial to conduct
a man-in-the-middle attack using any certificate that one happens to have
handy...

-- 
Thor Lancelot Simon
Coyote Point Systems, Inc.			<tls@coyotepoint.com>
Millerton, NY, USA