[Top] [All Lists]

Re: RFC 3207 (STARTTLS) question

2005-09-01 04:38:30

--On 1. september 2005 10:52 +0200 thomas schorpp 
<t(_dot_)schorpp(_at_)gmx(_dot_)de> wrote:

How does my server know which certificate to present to the client, so
that the above general rule is satisfied?

by the requested peerDN. script or implement it.

which field specified in RFC 2246 do you mean?

it would have to be sent in/with a ClientHello (since this is the only message that goes across before the server presents its ceritficate following a ServerHello), but there is no such field in the ClientHello message.

There's a proposal in draft-ietf-tls-rfc3546bis-01 to add a hostname, but that would hardly fit the name of "peerDN".

or did you mean the DN of the client? How would that help, given that any peer can send mail to any of the domains and addresses my server works for?


Attachment: pgpnQTiZp9pkO.pgp
Description: PGP signature

<Prev in Thread] Current Thread [Next in Thread>