[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SSL connection issues

To: "HTTPAPI and FTPAPI Projects" <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: SSL connection issues
From: "Barry Shrum" <barry@xxxxxxxxxxxxxxx>
Date: Mon, 27 Aug 2007 11:27:14 -0700
Importance: Normal
In-reply-to: <17D1E21589322546A739DD2A573517320D7F05E4@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:ftpapi-request@lists.scottklement.com?subject=help>
List-id: HTTPAPI and FTPAPI Projects <ftpapi.lists.scottklement.com>
List-post: <mailto:ftpapi@lists.scottklement.com>
List-subscribe: <http://www.scottklement.com/mailman/listinfo/ftpapi>, <mailto:ftpapi-request@lists.scottklement.com?subject=subscribe>
List-unsubscribe: <http://www.scottklement.com/mailman/listinfo/ftpapi>, <mailto:ftpapi-request@lists.scottklement.com?subject=unsubscribe>
Reply-to: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Sender: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx

Charles,

That's what I'm hoping, but they are very specific in their documentation -
even if the cert is from a trusted authority, we need to check the URL in
it.  Seems redundant to me...

Barry

-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx]On Behalf Of Wilt, Charles
Sent: Monday, August 27, 2007 10:48 AM
To: HTTPAPI and FTPAPI Projects
Subject: RE: SSL connection issues




> Our business partner has specific requirements that we must
> fulfill in terms of security.  One of them is that we examine
> the certificate returned and if the address in it (the
> hostname.com part) does not match their web address, then we
> need to reject the transaction as false.  The only way I can
> see this occurring is if the cert is from a trusted authority
> that is spoofing our business partner.  That seems unlikely,
> but it's their requirement, nonetheless.

Isn't this check part of the validation done by the OS when accepting the
certificate?

Seems like it wouldn't make much sense otherwise.

Perhaps you don't need to do anything else in your application, simply
provide documentation about
what OS/400 is doing for you.

Charles


This e-mail transmission contains information that is intended to be
confidential and privileged.  If you receive this e-mail and you are not a
named addressee you are hereby notified that you are not authorized to read,
print, retain, copy or disseminate this communication without the consent of
the sender and that doing so is prohibited and may be unlawful.  Please
reply to the message immediately by informing the sender that the message
was misdirected.  After replying, please delete and otherwise erase it and
any attachments from your computer system.  Your assistance in correcting
this error is appreciated.
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

--
This message has been scanned and appears to be clean.

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

References:
- RE: SSL connection issues
  - From: Wilt, Charles

Prev by Date: RE: SSL connection issues
Next by Date: "Call stack" and "Connection Reset" issues.
Previous by thread: RE: SSL connection issues
Next by thread: Re: call stack entry not found CPF2479
Index(es):
- Date
- Thread