[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "known in advance" public key authentication?
From: |
Florian Weimer |
Subject: |
Re: "known in advance" public key authentication? |
Date: |
Wed, 07 Nov 2012 22:52:33 +0100 |
* Ivan Shmakov:
> Hence, the question is: is there a way to specify the local key
> pair and the remote public key to GnuTLS “directly”, just prior
> to connecting the remote?
I recommend to use self-signed X.509 certificates, this way you can
port your software to other crypto libraries. It is possible to
override the certificate verification function and replace the
PKI-based verificiation with something that performs a database
lookup, for instance. You can use the subject DN or a hash to look up
the certificate in the database, and perform a bit-wise comparison
between the peer certificate and what is found in the database.
Make sure your certificates are valid X.509v3. GNUTLS is extremely
forgiving, and if you've got a widely deployed certificate which
cannot be used with Java (for instance), this can be annoying.
- Re: "known in advance" public key authentication?, (continued)
- Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/07
- Re: "known in advance" public key authentication?, Daniel Kahn Gillmor, 2012/11/07
- Re: "known in advance" public key authentication?, Nikos Mavrogiannopoulos, 2012/11/07
- Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/11
- Re: "known in advance" public key authentication?, Nikos Mavrogiannopoulos, 2012/11/13
- Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/13
- Re: "known in advance" public key authentication?, Nikos Mavrogiannopoulos, 2012/11/14
- Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/19
Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/07
Re: "known in advance" public key authentication?, Ilari Liusvaara, 2012/11/07
Re: "known in advance" public key authentication?,
Florian Weimer <=
Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/07