Menu
▾
▴
Re: [Synalist] How to: Client Certificates ?
|
From: <ma...@wb...> - 2005-12-04 10:32:37
|
Thanks so if connecting to a domain (eg. 2k or 2k3) the cert should be generated by the CA in the domain for that client only - is this correct ? Just thinking how the verification process works that's all ? Mark Quoting Lukas Gebauer <geb...@ml...>: > > sock.SSL.verifycert := true; > > sock.SSLDoConnect; > > ... > > > > however this does not work, I think I need to use the following > > > > ... > > sock.SSL.certificatefile := 'certs\cacert.pem'; > > sock.SSL.privatekeyfile := 'certs\cakey.pem'; > > sock.SSL.certcafile := 'certs\ca-bundle.crt'; > > ... > > > > for example, before I call the SSLDoConnect method, however, this does not > work. > > Is there something I'm missing, is the client certificate different in > somewaty > > to the server certificate (these are generated via OpenSSL with the > synacert.zip > > examples). > > Client certificate must be requested by SSL server. When it is not > explicitly requested by server, then OpenSSL do nothink with client > certificate. > > So, just set your key and certificate before connecting to SSl server. It > is right way. But when your server not explicitly requesting client > certificate, then it still do nothink. > > When your SSl server is written by Synapse too, then you must use > sock.SSL.verifycert := true; on server side. (!) It enable client > certificate request for connected clients. > > Enabling sock.SSL.verifycert on client side just enable verification of > server's certificate. > > > -- > Lukas Gebauer. > > E-mail: geb...@ml... > WEB: http://www.ararat.cz/synapse - Synapse Delphi and Kylix TCP/IP > Library > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > _______________________________________________ > synalist-public mailing list > syn...@li... > https://lists.sourceforge.net/lists/listinfo/synalist-public > |
