[noPoll] Doubt Clearance Request

Tue Jun 5 09:45:48 CEST 2018

Hi,

Thank you for the response.

Requesting to consider one more doubt regarding basic Server-certificate Verification.

Does the package nopoll/Openssl (in client side) verify the public certificate received from Server using the entry in Client Global Store [/etc/ssl/certs] ?

Currently, as per the nopoll code, what could we see is Server certificate is verified on the go (irrespective of the file either in Global Store or what mentioned as root.pem in the command).

nopoll_conn_opts_set_ssl_certs<http://www.aspl.es/nopoll/html/group__nopoll__conn__opts_gaafe59c8b7baa3ed10cee191de98193cd.html#gaafe59c8b7baa3ed10cee191de98193cd> (opts,
// certificate
"client.pem",
// private key
"client.pem",
NULL,
// ca certificate
"root.pem");

Could you please explain how the certificate is being verified? Even with the wrong certificate file mentioned as root.pem in the above command, connection is getting successful when tried to implement HTTPS-MA.

Regards,
Jawada Pallipath
TATA ELXSI
www.tataelxsi.com<http://www.tataelxsi.com/>

________________________________
From: Francis Brosnan Blázquez <francis.brosnan at aspl.es>
Sent: Tuesday, June 5, 2018 1:00:18 PM
To: Jawada Pallipath
Cc: nopoll at lists.aspl.es
Subject: Re: [noPoll] Doubt Clearance Request

Hi Jawada.

No. That function takes all certificate information from the files you
provide at the function. The content of these files are passed in into
OpenSSL engine.

It has no connection to any global store (unless OpenSSL does so, which
I think it is not the case).

Best Regards.

El mar, 05-06-2018 a las 06:40 +0000, Jawada Pallipath escribió:
Hi,

Requesting kindly to respond to our query below .

Does this command

nopoll_conn_opts_set_ssl_certs<http://www.aspl.es/nopoll/html/group__nopoll__conn__opts_gaafe59c8b7baa3ed10cee191de98193cd.html#gaafe59c8b7baa3ed10cee191de98193cd> (opts,
// certificate
"client.pem",
// private key
"client.pem",
NULL,
// ca certificate
"root.pem");
takes root/ca/server certificate from Global store automatically ?

Regards,
Jawada Pallipath
TATA ELXSI

www.tataelxsi.com<http://www.tataelxsi.com/>

________________________________
From: Francis Brosnan Blázquez <francis.brosnan at aspl.es>
Sent: Monday, May 21, 2018 12:32:13 PM
To: Jawada Pallipath
Cc: nopoll at lists.aspl.es
Subject: Re: [noPoll] Doubt Clearance Request

Hello.

You documentation about this in the manual:

http://www.aspl.es/nopoll/html/nopoll_core_library_manual.html#nopoll_implementing_mutual_auth

You have also regression test check this support with working examples:

https://github.com/ASPLes/nopoll/blob/master/test/nopoll-regression-client.c#L2080

Best Regards.

El sáb, 19-05-2018 a las 08:28 +0000, Jawada Pallipath escribió:
Hi,

This is to request to clear a technical doubt regarding noPoll package.

Doubt :

Does this have any function to support HTTPS Mutual Authentication.

Detail : As per Mutual Authentication Protocol, both Client and server have to authenticated from opposite sides and so, Client has to send it's certificate to Server, when server requests for it.

Is there any function to support this ?

Kindly requesting to respond for the same .

Regards,
Jawada Pallipath
TATA ELXSI

www.tataelxsi.com<http://www.tataelxsi.com/>

_______________________________________________
noPoll mailing list
noPoll at lists.aspl.es<mailto:noPoll at lists.aspl.es>
http://lists.aspl.es/cgi-bin/mailman/listinfo/nopoll

--
Francis Brosnan Blázquez  -  ASPL
http://www.asplhosting.com/
http://www.aspl.es/
https://twitter.com/aspl_es
https://twitter.com/asplhosting
https://twitter.com/francisbrosnanb
https://es.linkedin.com/in/francis-brosnan-blázquez-1353a218

91 134 14 22 - 91 134 14 45 - 91 116 07 57
Av. Juan Carlos I 13, 2ºC, Torre Garena
28806 - Alcalá de Henares (España)

AVISO LEGAL

En virtud de lo dispuesto en la Ley Orgánica 15/1999, de 13 de
diciembre, de Protección de Datos de Carácter Personal, le informamos de
que sus datos de carácter personal, recogidos de fuentes accesibles al
público o datos que usted nos ha facilitado previamente, proceden de
bases de datos propiedad de Advanced Software Production Line, S.L.
(ASPL).

ASPL garantiza que los datos serán tratados con la finalidad de mantener
las oportunas relaciones comerciales o promocionales con usted o la
entidad que usted representa. No obstante, usted puede ejercitar sus
derechos de acceso, rectificación, cancelación y oposición dispuestos en
la mencionada Ley Orgánica, notificándolo por escrito a ASPL -
Protección Datos, Av. Juan Carlos I 13, 2ºC, Alcalá de Henares
(Madrid).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.aspl.es/pipermail/nopoll/attachments/20180605/d1c418f7/attachment-0001.html>