[sldev] [POLICY] Development by consensus (Re: Question regarding upcoming maintenance on 11/27-

Matthew Dowd matthew.dowd at hotmail.co.uk
Thu Nov 29 06:13:17 PST 2007


Intriguing.

You don't need a client side certificate to do server side validation so it is unlikely that this is being used to check which server you are authenticating against (a good check would be to see if the viewer can still work with OpenSim).

A client side certificate is normally used to authenticate the client, but that is unlikely to be the case as that would break third party clients connecting to SL.

Of course, a self-signed certificate is not much use authenticating anything. My guess is that it is just there for seeding the creation of encrypted connections and nothing more.

Matthew

----------------------------------------
> Date: Thu, 29 Nov 2007 21:13:43 +0900
> From: alissa_sabre at yahoo.co.jp
> To: sldev at lists.secondlife.com
> Subject: Re: [sldev] [POLICY] Development by consensus (Re: Question regarding	upcoming maintenance on 11/27-
> 
>> I'm not convinced that there's a certificate check taking place. There
>> _might_ be, but that's one aspect I'm not certain about.
> 
> I recently noticed that SL viewer comes with a certificate.  (In a
> past it didn't.)  It is installed in the "app_settings" subdirectory
> of your viewer install directory.
> 
> The certificate is a self-signed CA certificate (aka root cert) for
> the following DN:
> 
>     C=BR
>     O=ICP-Brasil
>     OU=Instituto Nacional de Tecnologia da Informacao - ITI
>     L=Brasilia
>     ST=DF
>     CN=Autoridade Certificadora Raiz Brasileira
> 
> If you remove this certificate or alter it, you can't login to the
> grid.  (Unless you pass a command line option -no-verify-ssl-cert.)
> 
> It appears that the viewer validates something against this
> certificate, most likely the login server's identity (certificate.)
> 
>     Alissa
> --------------------------------------
> New Design Yahoo! JAPAN  2008/01/01
> http://pr.mail.yahoo.co.jp/newdesign/
> _______________________________________________
> Click here to unsubscribe or manage your list subscription:
> /index.html

_________________________________________________________________
Who's friends with who and co-starred in what?
http://www.searchgamesbox.com/celebrityseparation.shtml


More information about the SLDev mailing list