9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed
* [9fans] multiple certs
@ 2004-03-31 22:11 Brantley Coile
  2004-04-01  0:51 ` bs
  2004-04-01 13:20 ` Russ Cox
  0 siblings, 2 replies; 8+ messages in thread
From: Brantley Coile @ 2004-03-31 22:11 UTC (permalink / raw)
  To: 9fans

So, maybe I missed it.  Did anyone have a suggestion
on how to send a certificate chain in tlssrv?

 Brantley




^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [9fans] multiple certs
  2004-03-31 22:11 [9fans] multiple certs Brantley Coile
@ 2004-04-01  0:51 ` bs
  2004-04-01  0:54   ` Brantley Coile
  2004-04-01 13:20 ` Russ Cox
  1 sibling, 1 reply; 8+ messages in thread
From: bs @ 2004-04-01  0:51 UTC (permalink / raw)
  To: 9fans

Brantley Coile wrote:
> So, maybe I missed it.  Did anyone have a suggestion
> on how to send a certificate chain in tlssrv?
> 
I don't think it can do certs as you see it.

What you can do is send the fingerprint of your cert,
which it can lookup and authorize.

This is similar to what some telnet clients do:
(a) someone must have had the authorization to the
     fp on the server
(b) you are presenting me with that, so, you are OK

http://www.vandyke.com/products/securecrt/public_key.html




^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [9fans] multiple certs
  2004-04-01  0:51 ` bs
@ 2004-04-01  0:54   ` Brantley Coile
  2004-04-01  2:10     ` bs
  2004-04-01  2:14     ` bs
  0 siblings, 2 replies; 8+ messages in thread
From: Brantley Coile @ 2004-04-01  0:54 UTC (permalink / raw)
  To: 9fans

> Brantley Coile wrote:
>> So, maybe I missed it.  Did anyone have a suggestion
>> on how to send a certificate chain in tlssrv?
>> 
> I don't think it can do certs as you see it.
> 
> What you can do is send the fingerprint of your cert,
> which it can lookup and authorize.

I want to do https without having the browser fuss.
How can figerprints help with that?



^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [9fans] multiple certs
  2004-04-01  0:54   ` Brantley Coile
@ 2004-04-01  2:10     ` bs
  2004-04-01  2:14     ` bs
  1 sibling, 0 replies; 8+ messages in thread
From: bs @ 2004-04-01  2:10 UTC (permalink / raw)
  To: 9fans

Brantley Coile wrote:
>>Brantley Coile wrote:
>>
>>>So, maybe I missed it.  Did anyone have a suggestion
>>>on how to send a certificate chain in tlssrv?
>>>
>>
>>I don't think it can do certs as you see it.
>>
>>What you can do is send the fingerprint of your cert,
>>which it can lookup and authorize.
> 
> 
> I want to do https without having the browser fuss.
> How can figerprints help with that?
> 
I misunderstood: I assumed that you wanted the server
(https) to validate a clients cert. Fingerprints cannot
help you there.
I don't know this https server to tell you how to make it
present the cert chain.



^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [9fans] multiple certs
  2004-04-01  0:54   ` Brantley Coile
  2004-04-01  2:10     ` bs
@ 2004-04-01  2:14     ` bs
  1 sibling, 0 replies; 8+ messages in thread
From: bs @ 2004-04-01  2:14 UTC (permalink / raw)
  To: 9fans

Brantley Coile wrote:
>>Brantley Coile wrote:
>>
>>>So, maybe I missed it.  Did anyone have a suggestion
>>>on how to send a certificate chain in tlssrv?
>>>
>>
>>I don't think it can do certs as you see it.
>>
>>What you can do is send the fingerprint of your cert,
>>which it can lookup and authorize.
> 
> 
> I want to do https without having the browser fuss.
> How can figerprints help with that?
> 
If your browser is like Mozilla/Netscape, you can import
the server cert as a .pem file. So, if you know the cert it
presents, you can make the browser aware of it.
Simplest is to issue a self signed cert and import it
in the browser.



^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [9fans] multiple certs
  2004-03-31 22:11 [9fans] multiple certs Brantley Coile
  2004-04-01  0:51 ` bs
@ 2004-04-01 13:20 ` Russ Cox
  2004-04-01 13:38   ` Brantley Coile
  2004-04-01 14:28   ` boyd, rounin
  1 sibling, 2 replies; 8+ messages in thread
From: Russ Cox @ 2004-04-01 13:20 UTC (permalink / raw)
  To: 9fans

Brantley Coile wrote:

>So, maybe I missed it.  Did anyone have a suggestion
>on how to send a certificate chain in tlssrv?
>  
>

use the source, luke.




^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [9fans] multiple certs
  2004-04-01 13:20 ` Russ Cox
@ 2004-04-01 13:38   ` Brantley Coile
  2004-04-01 14:28   ` boyd, rounin
  1 sibling, 0 replies; 8+ messages in thread
From: Brantley Coile @ 2004-04-01 13:38 UTC (permalink / raw)
  To: 9fans

> Brantley Coile wrote:
> 
>>So, maybe I missed it.  Did anyone have a suggestion
>>on how to send a certificate chain in tlssrv?
>>  
>>
> 
> use the source, luke.

I am.

Can I just decode the pem, stick all the certs together and turn
them back into a pem and point tlssrv at that?



^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [9fans] multiple certs
  2004-04-01 13:20 ` Russ Cox
  2004-04-01 13:38   ` Brantley Coile
@ 2004-04-01 14:28   ` boyd, rounin
  1 sibling, 0 replies; 8+ messages in thread
From: boyd, rounin @ 2004-04-01 14:28 UTC (permalink / raw)
  To: 9fans

> use the source, luke.

as one with the knowledge and magic of the source.



^ permalink raw reply	[flat|nested] 8+ messages in thread
end of thread, other threads:[~2004-04-01 14:28 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-03-31 22:11 [9fans] multiple certs Brantley Coile
2004-04-01  0:51 ` bs
2004-04-01  0:54   ` Brantley Coile
2004-04-01  2:10     ` bs
2004-04-01  2:14     ` bs
2004-04-01 13:20 ` Russ Cox
2004-04-01 13:38   ` Brantley Coile
2004-04-01 14:28   ` boyd, rounin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).