Re: SSL

monit-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL

From:	Christian Hopp
Subject:	Re: SSL
Date:	Fri, 11 Oct 2002 19:19:31 +0200 (CEST)

On 11 Oct 2002, Jan-Henrik Haukeland wrote:

> Christian Hopp <address@hidden> writes:
>
> > > > What do you think... should I commit?
> > >
> > > I'm not sure I got all that. Do you mean that monit should only accept
> > > connections to its http server if the client sends a valid ca signed
> > > certificate? I'm not sure, maybe, probably. The safest is to leave it
> > > as a monitrc configure option. (Since not all have a CA signed cert
> > > and will have to make up their own it could be a problem for a monit
> > > client to speak with a monit daemon over SSL to get status and such)
> > >
> >
> > This only happens if you turn on client pem files.  If not monit
> > does not need any client side certificates.
>
> I'm nitpicking but you do need a client and server cert for
> encryption/decryption in a secure client/server SSL communication. But
> maybe if no client pem files exist a monit client is using the same
> cert as the monit daemon? (I have to read up on your new SSL code to
> get this :)

Netscape cannot use a "server" purpose cert for client auth.  It would
simply not send the cert.  It has to be "client" purpose.

> > I can put a statement like "allowselfcertification" (or what ever
> > term) to allow self certified certificates.
>
> Sounds good

Included.

> > Anyways, somebody should tidy up the "set httpd" statement.  Because
> > everything is right now order dependent. )-: Unfortunatly I go on
> > vacation for the next week, if please somebody else could do me the
> > favor of tiding it up. (-:
>
> Do not be suprised if it's fixed when you get back. Have a nice
> vacation and take it easy with that karate stuff :-)

Grrr... Aikido... you are like my colleagues.  (-:


I can sync then this evening.

Christian



-- 
Christian Hopp                                email: address@hidden
Institut für Elektrische Informationstechnik             fon: +49-5323-72-2113
Technische Universität Clausthal                         fax: +49-5323-72-3197
  pgpkey: https://www.iei.tu-clausthal.de/pgp-keys/chopp.key.asc  (2001-11-22)

[Prev in Thread]

Current Thread

[Next in Thread]

SSL, Christian Hopp, 2002/10/11
- Re: SSL, Jan-Henrik Haukeland, 2002/10/11
  - Re: SSL, Christian Hopp, 2002/10/11
    - Re: SSL, Jan-Henrik Haukeland, 2002/10/11
    - Re: SSL, Christian Hopp <=
    - Re: SSL, rory, 2002/10/11

Prev by Date: Re: SSL
Next by Date: monit ./control.c ./l.l ./monit.pod ./monitor.h...
Previous by thread: Re: SSL
Next by thread: Re: SSL
Index(es):
- Date
- Thread