[Previous] [Next] [Index]
[Thread]
Summary of certifying Apache-SSL problems
Well, its an easy enough summary to write.
The answer is "No, it can't be done" ;-)
This is because Verisign apparently won't certify anything thats not on its
"tried and tested" list - they have to ensure that the code meets certain
quality standards. Actually, thinking about this now, it would be very
difficult for them to test the Apache-SSL using non-RSA libraries, as they're
based in the US and therefore can't run the program without being in breach of
RSAs patent... Christ, the legal profession has a lot to answer for...
Anyway, there are rumours of the guy who wrote the SSLeay library trying to
negotiate with Verisign to get the library, and therefore the server, certified.
However, don't hold your breath.
Thanks to everyone that replied.
Cheers... Mike