* [9fans] certificates and tlssrv
@ 2004-03-30 23:48 Brantley Coile
2004-03-31 1:43 ` David Presotto
0 siblings, 1 reply; 5+ messages in thread
From: Brantley Coile @ 2004-03-30 23:48 UTC (permalink / raw)
To: 9fans
I'm running a custom https server and I'm using
tlssrv to setup the session. How do I specify
all the certificates to show the client that I'm
in a known chain of certificates? I have
three certificates that chain all the way back
to someone all the browers trust, but it appears
that tlssrv is only telling them about the first one.
Brantley
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9fans] certificates and tlssrv
2004-03-30 23:48 [9fans] certificates and tlssrv Brantley Coile
@ 2004-03-31 1:43 ` David Presotto
2004-03-31 1:47 ` Geoff Collyer
2004-03-31 20:28 ` boyd, rounin
0 siblings, 2 replies; 5+ messages in thread
From: David Presotto @ 2004-03-31 1:43 UTC (permalink / raw)
To: 9fans
We don't follow chains, we just believe any x.509 fingerprints we
have.
Is that what you are asking?
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9fans] certificates and tlssrv
2004-03-31 1:43 ` David Presotto
@ 2004-03-31 1:47 ` Geoff Collyer
2004-03-31 13:20 ` Brantley Coile
2004-03-31 20:28 ` boyd, rounin
1 sibling, 1 reply; 5+ messages in thread
From: Geoff Collyer @ 2004-03-31 1:47 UTC (permalink / raw)
To: 9fans
I think he wants to have tlssrv present multiple certificates to
clients, so that they can follow the chain back to the root.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9fans] certificates and tlssrv
2004-03-31 1:47 ` Geoff Collyer
@ 2004-03-31 13:20 ` Brantley Coile
0 siblings, 0 replies; 5+ messages in thread
From: Brantley Coile @ 2004-03-31 13:20 UTC (permalink / raw)
To: 9fans
> I think he wants to have tlssrv present multiple certificates to
> clients, so that they can follow the chain back to the root.
I should know better than to compose a 9fans request at 8pm!
Geoff is correct. I want web browsers not to complain about the
certificate I give them. I have a chain we bought from somewhere.
Under openSSL (don't get me started : ) I put them all into a single
file that was loaded. The readcert(2) seems to stop after reading a
single cert. Should I hack it to catenate them togeter and set the
TLSconn->cert to that whole thing?
Thanks
Brantley
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9fans] certificates and tlssrv
2004-03-31 1:43 ` David Presotto
2004-03-31 1:47 ` Geoff Collyer
@ 2004-03-31 20:28 ` boyd, rounin
1 sibling, 0 replies; 5+ messages in thread
From: boyd, rounin @ 2004-03-31 20:28 UTC (permalink / raw)
To: 9fans
> We don't follow chains, we just believe any x.509 fingerprints we
> have.
good call. the PKI is a disaster and a monopoly.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2004-03-31 20:28 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-03-30 23:48 [9fans] certificates and tlssrv Brantley Coile
2004-03-31 1:43 ` David Presotto
2004-03-31 1:47 ` Geoff Collyer
2004-03-31 13:20 ` Brantley Coile
2004-03-31 20:28 ` boyd, rounin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).