openPGP vs x509

Anonymous Sender anonymous at remailer.metacolo.com
Thu Apr 15 01:44:05 CEST 2004


Werner Koch:
> On Wed, 14 Apr 2004 06:18:55 +0000 (UTC), Anonymous Sender said:
> > 'curl' and 'libcurl' do support TLS client authentication:
> Sure, but I was not talking about hackers but average computer users.

Another data point:

'lftp' (when compiled with the OpenSSL library) does support client
authentication for both ftps and https:

$ lftp --version
Lftp | Version 3.0.1 | Copyright (c) 1996-2004 Alexander V. Lukyanov
[ ... ]
$ lftp
lftp :~> set ssl:key-file /path/to/certs/user1.key
lftp :~> set ssl:cert-file /path/to/certs/user1.cert
lftp :~> set ssl:verify-certificate true
lftp :~> set ssl:ca-file /path/to/certs/CAs.cert
lftp :~> open https://localhost
lftp localhost:/> dir
-rw-r--r--  --  a.html
-rw-r--r--  --  b.html
-rw-r--r--  --  c.html
-rw-r--r--  --  d.txt
-rw-r--r--  --  e.html
lftp localhost:/>

and the logs clearly show that client authentication did occur:

www connected from 127.0.0.1:2264
VERIFY OK: depth=1, /C=XX/CN=xxxxxxxxx Certification Authority
VERIFY OK: depth=0, /C=XX/CN=user1
Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
Connection closed: 1487 bytes sent to SSL, 96 bytes sent to socket





More information about the Gnupg-users mailing list