[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: SSL, certs, and conserver (fix included)

Phil Dibowitz phil@usc.edu
Wed, 1 Jun 2005 23:45:36 -0700 (PDT)


On Wed, Jun 01, 2005 at 11:29:18PM -0700, Bryan Stansell wrote:
> it all started with an innocent enough question:
> 
> On Thu, May 26, 2005 at 11:00:35PM +0100, Michael Doyle wrote:
> > Can anyone give me an example of using conserver with generated ssl cert's
> > (i.e. -c file) for both the server and client. I've compiled conserver with
> > openssl support and a tcpdump confirms that traffic is encrypted between
> > server and client but when I start the daemon with a ' -c' pointing to a
> > self signed certificate  file I created, the  client happily connects to
> > consoles even though I've not specified the equivalent on the client side.
> > My understanding is that if I use a cert then the server and client need to
> > be using the same. Any pointers appreciated.
> 
> and in looking into it, i notice certs weren't working right.  the good
> news is, being on a plane gave me time enough to really dig into this
> and i found the problem (pretty simple, actually).  i've included the
> patch below, for those who'd actually like to use certs before the next
> release.

Oh - that explains why it "worked" for me - I was allowing unauthenticated
ciphers.... I assume that was the part that _wasn't_ broken.

OK. Cool.

-- 
Phil Dibowitz
Systems Architect and Administrator
Enterprise Infrastructure / ISD / USC
UCC 174 - 213-821-5427

Attachment: pgp00000.pgp
Description: PGP signature