--On 1. september 2005 10:52 +0200 thomas schorpp
<t(_dot_)schorpp(_at_)gmx(_dot_)de> wrote:
How does my server know which certificate to present to the client, so
that the above general rule is satisfied?
by the requested peerDN. script or implement it.
which field specified in RFC 2246 do you mean?
it would have to be sent in/with a ClientHello (since this is the only
message that goes across before the server presents its ceritficate
following a ServerHello), but there is no such field in the ClientHello
message.
There's a proposal in draft-ietf-tls-rfc3546bis-01 to add a hostname, but
that would hardly fit the name of "peerDN".
or did you mean the DN of the client? How would that help, given that any
peer can send mail to any of the domains and addresses my server works for?
Harald
pgpnQTiZp9pkO.pgp
Description: PGP signature