From francis.brosnan at aspl.es Tue Jun 5 09:30:18 2018 From: francis.brosnan at aspl.es (Francis Brosnan =?ISO-8859-1?Q?Bl=E1zquez?=) Date: Tue, 05 Jun 2018 09:30:18 +0200 Subject: [noPoll] Doubt Clearance Request In-Reply-To: References: ,<1526886133.15866.5.camel@aspl.es> Message-ID: <1528183818.19281.48.camel@aspl.es> Hi Jawada. No. That function takes all certificate information from the files you provide at the function. The content of these files are passed in into OpenSSL engine. It has no connection to any global store (unless OpenSSL does so, which I think it is not the case). Best Regards. El mar, 05-06-2018 a las 06:40 +0000, Jawada Pallipath escribi?: > Hi, > > Requesting kindly to respond to our query below . > > > Does this command > > > > > nopoll_conn_opts_set_ssl_certs (opts, > // certificate > "client.pem", > // private key > "client.pem", > NULL, > // ca certificate > "root.pem"); > > takes root/ca/server certificate from Global store automatically ? > > > > > > > > > > > > > Regards, > Jawada Pallipath > TATA ELXSI > > > www.tataelxsi.com > > > > > > ______________________________________________________________________ > > From: Francis Brosnan Bl?zquez > Sent: Monday, May 21, 2018 12:32:13 PM > To: Jawada Pallipath > Cc: nopoll at lists.aspl.es > Subject: Re: [noPoll] Doubt Clearance Request > > > Hello. > > You documentation about this in the manual: > > http://www.aspl.es/nopoll/html/nopoll_core_library_manual.html#nopoll_implementing_mutual_auth > > You have also regression test check this support with working > examples: > > https://github.com/ASPLes/nopoll/blob/master/test/nopoll-regression-client.c#L2080 > > Best Regards. > > > El s?b, 19-05-2018 a las 08:28 +0000, Jawada Pallipath escribi?: > > > Hi, > > > > This is to request to clear a technical doubt regarding noPoll > > package. > > > > > > Doubt : > > > > Does this have any function to support HTTPS Mutual Authentication. > > > > Detail : As per Mutual Authentication Protocol, both Client and > > server have to authenticated from opposite sides and so, Client has > > to send it's certificate to Server, when server requests for it. > > > > > > Is there any function to support this ? > > > > > > Kindly requesting to respond for the same . > > > > > > > > > > > > > > > > > > > > > > > > Regards, > > Jawada Pallipath > > TATA ELXSI > > > > www.tataelxsi.com > > > > > > > > _______________________________________________ > > noPoll mailing list > > noPoll at lists.aspl.es > > http://lists.aspl.es/cgi-bin/mailman/listinfo/nopoll > > > > > -- Francis Brosnan Bl?zquez - ASPL http://www.asplhosting.com/ http://www.aspl.es/ https://twitter.com/aspl_es https://twitter.com/asplhosting https://twitter.com/francisbrosnanb https://es.linkedin.com/in/francis-brosnan-bl?zquez-1353a218 91 134 14 22 - 91 134 14 45 - 91 116 07 57 Av. Juan Carlos I 13, 2?C, Torre Garena 28806 - Alcal? de Henares (Espa?a) AVISO LEGAL En virtud de lo dispuesto en la Ley Org?nica 15/1999, de 13 de diciembre, de Protecci?n de Datos de Car?cter Personal, le informamos de que sus datos de car?cter personal, recogidos de fuentes accesibles al p?blico o datos que usted nos ha facilitado previamente, proceden de bases de datos propiedad de Advanced Software Production Line, S.L. (ASPL). ASPL garantiza que los datos ser?n tratados con la finalidad de mantener las oportunas relaciones comerciales o promocionales con usted o la entidad que usted representa. No obstante, usted puede ejercitar sus derechos de acceso, rectificaci?n, cancelaci?n y oposici?n dispuestos en la mencionada Ley Org?nica, notific?ndolo por escrito a ASPL - Protecci?n Datos, Av. Juan Carlos I 13, 2?C, Alcal? de Henares (Madrid). -------------- next part -------------- An HTML attachment was scrubbed... URL: From jawada.p at tataelxsi.co.in Tue Jun 5 09:45:48 2018 From: jawada.p at tataelxsi.co.in (Jawada Pallipath) Date: Tue, 5 Jun 2018 07:45:48 +0000 Subject: [noPoll] Doubt Clearance Request In-Reply-To: <1528183818.19281.48.camel@aspl.es> References: ,<1526886133.15866.5.camel@aspl.es> , <1528183818.19281.48.camel@aspl.es> Message-ID: Hi, Thank you for the response. Requesting to consider one more doubt regarding basic Server-certificate Verification. Does the package nopoll/Openssl (in client side) verify the public certificate received from Server using the entry in Client Global Store [/etc/ssl/certs] ? Currently, as per the nopoll code, what could we see is Server certificate is verified on the go (irrespective of the file either in Global Store or what mentioned as root.pem in the command). nopoll_conn_opts_set_ssl_certs (opts, // certificate "client.pem", // private key "client.pem", NULL, // ca certificate "root.pem"); Could you please explain how the certificate is being verified? Even with the wrong certificate file mentioned as root.pem in the above command, connection is getting successful when tried to implement HTTPS-MA. Regards, Jawada Pallipath TATA ELXSI www.tataelxsi.com ________________________________ From: Francis Brosnan Bl?zquez Sent: Tuesday, June 5, 2018 1:00:18 PM To: Jawada Pallipath Cc: nopoll at lists.aspl.es Subject: Re: [noPoll] Doubt Clearance Request Hi Jawada. No. That function takes all certificate information from the files you provide at the function. The content of these files are passed in into OpenSSL engine. It has no connection to any global store (unless OpenSSL does so, which I think it is not the case). Best Regards. El mar, 05-06-2018 a las 06:40 +0000, Jawada Pallipath escribi?: Hi, Requesting kindly to respond to our query below . Does this command nopoll_conn_opts_set_ssl_certs (opts, // certificate "client.pem", // private key "client.pem", NULL, // ca certificate "root.pem"); takes root/ca/server certificate from Global store automatically ? Regards, Jawada Pallipath TATA ELXSI www.tataelxsi.com ________________________________ From: Francis Brosnan Bl?zquez Sent: Monday, May 21, 2018 12:32:13 PM To: Jawada Pallipath Cc: nopoll at lists.aspl.es Subject: Re: [noPoll] Doubt Clearance Request Hello. You documentation about this in the manual: http://www.aspl.es/nopoll/html/nopoll_core_library_manual.html#nopoll_implementing_mutual_auth You have also regression test check this support with working examples: https://github.com/ASPLes/nopoll/blob/master/test/nopoll-regression-client.c#L2080 Best Regards. El s?b, 19-05-2018 a las 08:28 +0000, Jawada Pallipath escribi?: Hi, This is to request to clear a technical doubt regarding noPoll package. Doubt : Does this have any function to support HTTPS Mutual Authentication. Detail : As per Mutual Authentication Protocol, both Client and server have to authenticated from opposite sides and so, Client has to send it's certificate to Server, when server requests for it. Is there any function to support this ? Kindly requesting to respond for the same . Regards, Jawada Pallipath TATA ELXSI www.tataelxsi.com _______________________________________________ noPoll mailing list noPoll at lists.aspl.es http://lists.aspl.es/cgi-bin/mailman/listinfo/nopoll -- Francis Brosnan Bl?zquez - ASPL http://www.asplhosting.com/ http://www.aspl.es/ https://twitter.com/aspl_es https://twitter.com/asplhosting https://twitter.com/francisbrosnanb https://es.linkedin.com/in/francis-brosnan-bl?zquez-1353a218 91 134 14 22 - 91 134 14 45 - 91 116 07 57 Av. Juan Carlos I 13, 2?C, Torre Garena 28806 - Alcal? de Henares (Espa?a) AVISO LEGAL En virtud de lo dispuesto en la Ley Org?nica 15/1999, de 13 de diciembre, de Protecci?n de Datos de Car?cter Personal, le informamos de que sus datos de car?cter personal, recogidos de fuentes accesibles al p?blico o datos que usted nos ha facilitado previamente, proceden de bases de datos propiedad de Advanced Software Production Line, S.L. (ASPL). ASPL garantiza que los datos ser?n tratados con la finalidad de mantener las oportunas relaciones comerciales o promocionales con usted o la entidad que usted representa. No obstante, usted puede ejercitar sus derechos de acceso, rectificaci?n, cancelaci?n y oposici?n dispuestos en la mencionada Ley Org?nica, notific?ndolo por escrito a ASPL - Protecci?n Datos, Av. Juan Carlos I 13, 2?C, Alcal? de Henares (Madrid). -------------- next part -------------- An HTML attachment was scrubbed... URL: From jawada.p at tataelxsi.co.in Tue Jun 5 10:39:42 2018 From: jawada.p at tataelxsi.co.in (Jawada Pallipath) Date: Tue, 5 Jun 2018 08:39:42 +0000 Subject: [noPoll] Doubt Clearance Request In-Reply-To: References: ,<1526886133.15866.5.camel@aspl.es> , <1528183818.19281.48.camel@aspl.es>, Message-ID: Regards, Jawada Pallipath TATA ELXSI www.tataelxsi.com ________________________________ From: nopoll-bounces at lists.aspl.es on behalf of Jawada Pallipath Sent: Tuesday, June 5, 2018 1:15:48 PM To: francis.brosnan at aspl.es Cc: nopoll at lists.aspl.es Subject: Re: [noPoll] Doubt Clearance Request Hi, Thank you for the response. Requesting to consider one more doubt regarding basic Server-certificate Verification. Does the package nopoll/Openssl (in client side) verify the public certificate received from Server using the entry in Client Global Store [/etc/ssl/certs] ? Currently, as per the nopoll code, what could we see is Server certificate is verified on the go (irrespective of the file either in Global Store or what mentioned as root.pem in the command). nopoll_conn_opts_set_ssl_certs (opts, // certificate "client.pem", // private key "client.pem", NULL, // ca certificate "root.pem"); Could you please explain how the certificate is being verified? Even with the wrong certificate file mentioned as root.pem in the above command, connection is getting successful when tried to implement HTTPS-MA. Regards, Jawada Pallipath TATA ELXSI www.tataelxsi.com ________________________________ From: Francis Brosnan Bl?zquez Sent: Tuesday, June 5, 2018 1:00:18 PM To: Jawada Pallipath Cc: nopoll at lists.aspl.es Subject: Re: [noPoll] Doubt Clearance Request Hi Jawada. No. That function takes all certificate information from the files you provide at the function. The content of these files are passed in into OpenSSL engine. It has no connection to any global store (unless OpenSSL does so, which I think it is not the case). Best Regards. El mar, 05-06-2018 a las 06:40 +0000, Jawada Pallipath escribi?: Hi, Requesting kindly to respond to our query below . Does this command nopoll_conn_opts_set_ssl_certs (opts, // certificate "client.pem", // private key "client.pem", NULL, // ca certificate "root.pem"); takes root/ca/server certificate from Global store automatically ? Regards, Jawada Pallipath TATA ELXSI www.tataelxsi.com ________________________________ From: Francis Brosnan Bl?zquez Sent: Monday, May 21, 2018 12:32:13 PM To: Jawada Pallipath Cc: nopoll at lists.aspl.es Subject: Re: [noPoll] Doubt Clearance Request Hello. You documentation about this in the manual: http://www.aspl.es/nopoll/html/nopoll_core_library_manual.html#nopoll_implementing_mutual_auth You have also regression test check this support with working examples: https://github.com/ASPLes/nopoll/blob/master/test/nopoll-regression-client.c#L2080 Best Regards. El s?b, 19-05-2018 a las 08:28 +0000, Jawada Pallipath escribi?: Hi, This is to request to clear a technical doubt regarding noPoll package. Doubt : Does this have any function to support HTTPS Mutual Authentication. Detail : As per Mutual Authentication Protocol, both Client and server have to authenticated from opposite sides and so, Client has to send it's certificate to Server, when server requests for it. Is there any function to support this ? Kindly requesting to respond for the same . Regards, Jawada Pallipath TATA ELXSI www.tataelxsi.com _______________________________________________ noPoll mailing list noPoll at lists.aspl.es http://lists.aspl.es/cgi-bin/mailman/listinfo/nopoll -- Francis Brosnan Bl?zquez - ASPL http://www.asplhosting.com/ http://www.aspl.es/ https://twitter.com/aspl_es https://twitter.com/asplhosting https://twitter.com/francisbrosnanb https://es.linkedin.com/in/francis-brosnan-bl?zquez-1353a218 91 134 14 22 - 91 134 14 45 - 91 116 07 57 Av. Juan Carlos I 13, 2?C, Torre Garena 28806 - Alcal? de Henares (Espa?a) AVISO LEGAL En virtud de lo dispuesto en la Ley Org?nica 15/1999, de 13 de diciembre, de Protecci?n de Datos de Car?cter Personal, le informamos de que sus datos de car?cter personal, recogidos de fuentes accesibles al p?blico o datos que usted nos ha facilitado previamente, proceden de bases de datos propiedad de Advanced Software Production Line, S.L. (ASPL). ASPL garantiza que los datos ser?n tratados con la finalidad de mantener las oportunas relaciones comerciales o promocionales con usted o la entidad que usted representa. No obstante, usted puede ejercitar sus derechos de acceso, rectificaci?n, cancelaci?n y oposici?n dispuestos en la mencionada Ley Org?nica, notific?ndolo por escrito a ASPL - Protecci?n Datos, Av. Juan Carlos I 13, 2?C, Alcal? de Henares (Madrid). -------------- next part -------------- An HTML attachment was scrubbed... URL: From jawada.p at tataelxsi.co.in Tue Jun 5 08:40:26 2018 From: jawada.p at tataelxsi.co.in (Jawada Pallipath) Date: Tue, 5 Jun 2018 06:40:26 +0000 Subject: [noPoll] Doubt Clearance Request In-Reply-To: <1526886133.15866.5.camel@aspl.es> References: , <1526886133.15866.5.camel@aspl.es> Message-ID: Hi, Requesting kindly to respond to our query below . Does this command nopoll_conn_opts_set_ssl_certs (opts, // certificate "client.pem", // private key "client.pem", NULL, // ca certificate "root.pem"); takes root/ca/server certificate from Global store automatically ? Regards, Jawada Pallipath TATA ELXSI www.tataelxsi.com ________________________________ From: Francis Brosnan Bl?zquez Sent: Monday, May 21, 2018 12:32:13 PM To: Jawada Pallipath Cc: nopoll at lists.aspl.es Subject: Re: [noPoll] Doubt Clearance Request Hello. You documentation about this in the manual: http://www.aspl.es/nopoll/html/nopoll_core_library_manual.html#nopoll_implementing_mutual_auth You have also regression test check this support with working examples: https://github.com/ASPLes/nopoll/blob/master/test/nopoll-regression-client.c#L2080 Best Regards. El s?b, 19-05-2018 a las 08:28 +0000, Jawada Pallipath escribi?: Hi, This is to request to clear a technical doubt regarding noPoll package. Doubt : Does this have any function to support HTTPS Mutual Authentication. Detail : As per Mutual Authentication Protocol, both Client and server have to authenticated from opposite sides and so, Client has to send it's certificate to Server, when server requests for it. Is there any function to support this ? Kindly requesting to respond for the same . Regards, Jawada Pallipath TATA ELXSI www.tataelxsi.com _______________________________________________ noPoll mailing list noPoll at lists.aspl.es http://lists.aspl.es/cgi-bin/mailman/listinfo/nopoll -- Francis Brosnan Bl?zquez - ASPL http://www.asplhosting.com/ http://www.aspl.es/ https://twitter.com/aspl_es https://twitter.com/asplhosting https://twitter.com/francisbrosnanb https://es.linkedin.com/in/francis-brosnan-bl?zquez-1353a218 91 134 14 22 - 91 134 14 45 - 91 116 07 57 Av. Juan Carlos I 13, 2?C, Torre Garena 28806 - Alcal? de Henares (Espa?a) AVISO LEGAL En virtud de lo dispuesto en la Ley Org?nica 15/1999, de 13 de diciembre, de Protecci?n de Datos de Car?cter Personal, le informamos de que sus datos de car?cter personal, recogidos de fuentes accesibles al p?blico o datos que usted nos ha facilitado previamente, proceden de bases de datos propiedad de Advanced Software Production Line, S.L. (ASPL). ASPL garantiza que los datos ser?n tratados con la finalidad de mantener las oportunas relaciones comerciales o promocionales con usted o la entidad que usted representa. No obstante, usted puede ejercitar sus derechos de acceso, rectificaci?n, cancelaci?n y oposici?n dispuestos en la mencionada Ley Org?nica, notific?ndolo por escrito a ASPL - Protecci?n Datos, Av. Juan Carlos I 13, 2?C, Alcal? de Henares (Madrid). -------------- next part -------------- An HTML attachment was scrubbed... URL: