| To: | pcp@xxxxxxxxxxx |
|---|---|
| Subject: | Re: [pcp] Secure connections writeup - please review |
| From: | Dave Brolley <brolley@xxxxxxxxxx> |
| Date: | Fri, 01 Feb 2013 11:46:17 -0500 |
| Delivered-to: | pcp@xxxxxxxxxxx |
| In-reply-to: | <y0m7gmsawtz.fsf@xxxxxxxx> |
| References: | <2057809854.14927739.1359699701197.JavaMail.root@xxxxxxxxxx> <1786528910.14930673.1359700203435.JavaMail.root@xxxxxxxxxx> <y0m7gmsawtz.fsf@xxxxxxxx> |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 |
On 02/01/2013 10:16 AM, Frank Ch. Eigler wrote: Nathan Scott <nathans@xxxxxxxxxx> writes:[...] http://oss.sgi.com/projects/pcp/pcp-gui.git/man/html/lab.secure.html- add code to the code (client-side changes only?) to enable clients to download the server certificate during a first connection, and store it in $HOME/.pcp/ssl, to eliminate the manual steps in the "Monitor Setup" section. I haven't yet reviewed this, but I can add to Frank's comments.You can find code which does this in systemtap/csclient.cxx. The server's certificate is obtained by calling SSL_PeerCertificate (sslSocket) once a connection has been established. Have a look at the function trustNewServer to see how the certificate is then added to the client-side database of trusted servers. Dave |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: Secure connections writeup - please review, Frank Ch. Eigler |
|---|---|
| Next by Date: | Re: pcp Digest, Vol 55, Issue 1, Chandana De Silva |
| Previous by Thread: | Re: Secure connections writeup - please review, Frank Ch. Eigler |
| Next by Thread: | Re: Secure connections writeup - please review, Nathan Scott |
| Indexes: | [Date] [Thread] [Top] [All Lists] |