[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [iaik-ssl] Hw to do client authentication only?
> Whlie it is true that the SSL protocol itself cannot force the client to
> authenticate itself, you can augment the handshaking phase to effectively
> force the client to authenticate itself.
> Take a look at the iaik.security.ssl.ServerTrustDecider. This is called
> whenever a new session is established on your server. If the client has not
> presented a certificate chain or the chain is not trusted, return false.
> The end result: the client is forced to authenticate itself.
This is not a part of the SSL standard. That is what is at issue here.
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
To unsubscribe send an email to firstname.lastname@example.org with the folowing content: UNSUBSCRIBE iaik-ssl