* [9fans] certificates and tlssrv @ 2004-03-30 23:48 Brantley Coile 2004-03-31 1:43 ` David Presotto 0 siblings, 1 reply; 5+ messages in thread From: Brantley Coile @ 2004-03-30 23:48 UTC (permalink / raw) To: 9fans I'm running a custom https server and I'm using tlssrv to setup the session. How do I specify all the certificates to show the client that I'm in a known chain of certificates? I have three certificates that chain all the way back to someone all the browers trust, but it appears that tlssrv is only telling them about the first one. Brantley ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9fans] certificates and tlssrv 2004-03-30 23:48 [9fans] certificates and tlssrv Brantley Coile @ 2004-03-31 1:43 ` David Presotto 2004-03-31 1:47 ` Geoff Collyer 2004-03-31 20:28 ` boyd, rounin 0 siblings, 2 replies; 5+ messages in thread From: David Presotto @ 2004-03-31 1:43 UTC (permalink / raw) To: 9fans We don't follow chains, we just believe any x.509 fingerprints we have. Is that what you are asking? ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9fans] certificates and tlssrv 2004-03-31 1:43 ` David Presotto @ 2004-03-31 1:47 ` Geoff Collyer 2004-03-31 13:20 ` Brantley Coile 2004-03-31 20:28 ` boyd, rounin 1 sibling, 1 reply; 5+ messages in thread From: Geoff Collyer @ 2004-03-31 1:47 UTC (permalink / raw) To: 9fans I think he wants to have tlssrv present multiple certificates to clients, so that they can follow the chain back to the root. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9fans] certificates and tlssrv 2004-03-31 1:47 ` Geoff Collyer @ 2004-03-31 13:20 ` Brantley Coile 0 siblings, 0 replies; 5+ messages in thread From: Brantley Coile @ 2004-03-31 13:20 UTC (permalink / raw) To: 9fans > I think he wants to have tlssrv present multiple certificates to > clients, so that they can follow the chain back to the root. I should know better than to compose a 9fans request at 8pm! Geoff is correct. I want web browsers not to complain about the certificate I give them. I have a chain we bought from somewhere. Under openSSL (don't get me started : ) I put them all into a single file that was loaded. The readcert(2) seems to stop after reading a single cert. Should I hack it to catenate them togeter and set the TLSconn->cert to that whole thing? Thanks Brantley ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9fans] certificates and tlssrv 2004-03-31 1:43 ` David Presotto 2004-03-31 1:47 ` Geoff Collyer @ 2004-03-31 20:28 ` boyd, rounin 1 sibling, 0 replies; 5+ messages in thread From: boyd, rounin @ 2004-03-31 20:28 UTC (permalink / raw) To: 9fans > We don't follow chains, we just believe any x.509 fingerprints we > have. good call. the PKI is a disaster and a monopoly. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2004-03-31 20:28 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2004-03-30 23:48 [9fans] certificates and tlssrv Brantley Coile 2004-03-31 1:43 ` David Presotto 2004-03-31 1:47 ` Geoff Collyer 2004-03-31 13:20 ` Brantley Coile 2004-03-31 20:28 ` boyd, rounin
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).