| commit | 46cc584152ab76ac4f0fc2f78d0ecf0f4163b4f1 | |
| author | Ben Kibbey <bjk@luxsci.net> | |
| Sun, 7 Sep 2008 00:34:57 +0000 (6 20:34 -0400) | ||
| committer | Ben Kibbey <bjk@luxsci.net> | |
| Sun, 7 Sep 2008 00:34:57 +0000 (6 20:34 -0400) | ||
| tree | 9536ed795cdc58cbdf18e1ff9e2a1a954c3a2be4 | treesnapshot (tar.gz zip) |
| parent | eae20018bdf880c9123a73c2323e6ce4c02e8988 | commitdiff |
Certificate authentication works. pwmd will require a client to send a
certificate that has been signed by the certificate authority located in
~/.pwmd/ca-cert.pem. There is no Assuan tcp support yet, so libpwmd
will have to wait. In the mean time, socat does work:
socat openssl:host:port,cafile=ca-cert.pem,cert=client-cert.pem,key=client-key.pem -
Be sure to keep the private key that generated ca-cert.pem secure.
This is needed to sign client certificates. If compromised, an
attacker will be able to connect from anywhere. Same goes for your
client certificate and key, of course.
certificate that has been signed by the certificate authority located in
~/.pwmd/ca-cert.pem. There is no Assuan tcp support yet, so libpwmd
will have to wait. In the mean time, socat does work:
socat openssl:host:port,cafile=ca-cert.pem,cert=client-cert.pem,key=client-key.pem -
Be sure to keep the private key that generated ca-cert.pem secure.
This is needed to sign client certificates. If compromised, an
attacker will be able to connect from anywhere. Same goes for your
client certificate and key, of course.
| src/pwmd.c | diffblobblamehistory | |
| src/tls.c | diffblobblamehistory | |
| src/tls.h | diffblobblamehistory |