Is anybody else getting lots and lots of copies of mail fom this guy?
> -----Original Message-----
> From: Raaj Krissna [mailto:[EMAIL PROTECTED]]
> Sent: Monday, May 22, 2000 7:56 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Shall you help me!
>
>
> I installed openssl-0.9.5a on Linux System
> Iam new to this OpenSSL concept.That's why i tried to
> bind the openssl connection to the socket without
> sending the certificate from the server to the
> client.Later i came to know that if anybody wants to
> form the communication between the client and server
> then the server must send the certificate to the
> client.
> I tried in so many ways(by writing the programs in "C"
> using OpenSSL API's) to establish a communication link
> between the server and client.(I even tried the
> example client/server applications which are given in
> the "/apps" directory.But none of them worked out
> well.
Look at the demos/ssl directory. The cli and serv programs
there do work. (with some modification... to cli.c: see below)
You should rename the source files to "cli.c"
and "serv.c" though. I don't know why sampo named the originals
.cpp.
The changes you need have to do with seeding the PRNG.
Here are some diffs that make it work:
$ diff cli.c cli.c~
28d27
<
38c37
< char buf [4096], randfname[4096];
---
> char buf [4096];
63,71c62
<
< if (!RAND_file_name(randfname, 4096)) {
< printf("Can't get rand file name: set env var RANDOM\n");
< exit (1);
< }
< if (!RAND_load_file(randfname, -1)) {
< printf("Can't load random bytes\n");
< exit(1);
< }
---
>
118,121d108
< if (!RAND_write_file(randfname)) {
< printf("Can't write random state\n");
< exit(1);
< }
>
> 1)Shall anybody tell me "if i want to send the
> certificate of the server to the client which ".pem "
> file i have to mention in the server?" and
Any well-formed server cert should work. Try the file server.pem in the apps
directory. Copy it to where the serv program is and rename it to
"foo-cert.pem."
>
> 2)Once the client receives the server certificate how
> it has to check that server's certificate?
In order to check the server's cert, the usual thing to do is to verify the
issuer's signature. To do this, the client needs a copy of the issuer's CA
cert.
If the client is going to verify the server cert (which the cli.c program
doesn't do) it needs to call SSL_CTX_load_verify_locations() to specify
where the issuer cert is located. The client should also call
SSL_CTX_set_verify() with the flag SSL_VERIFY_PEER.
>
> There are a lot of doubts in my mind regarding the
> certificates and "key"files.
Look at the "SSLeay Certificate Cookbook" at
http://www.ultranet.com/~fhirsch/Papers/cook/ssl_cook.html
> Shall anybody send me a simple client/server
> application which is written in "C" and that works
> perfectly on Linux?
See above.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
