Re: Stunnel Client Mode / No Certificate

On Wed, 17 Dec 2003 10:19:26 +0100 (MET), Uli Schroeder 
<uli.schroeder@xxxxxxx> wrote:

> Hi,
>
> I'm using stunnel to create an LDAPS solution from Linux to Windows 2000.
> From the FAQ I learned that I don't need a certificate on Linux if I run 
> in
> client mode and not as a server. Unfortunately the FAQ doesn't give more 
> details
> about it and I want to understand the background for that. Is the mode of
> operation when I run in client mode explained somewhere? I would 
> appreciate if
> someone could tell me where to look for it or explain the details to me.
> Maybe I simply overlooked it the documentation.
>
> Thanks.
>
> Kind regards,
> Uli

Basic SSL operation ...

1.  Client requests SSL startup.
2.  Server sends certificate with indentity details and public key.
3.  Client confirms identity and encrypts new session key with public key.
4.  Server decrypts client's session key using its private key.
5.  Both sides use session key to encrypt data and everyone is happy.  :)

... Therefore client doesn't need certificate unless it wants to prove its 
identity to the server (another story).

James.