From: "John R Pierce" <pie...@hogranch.com>
this task was very easy in Java, as Java's SecureSocket hides all the
complexity, up to and including full support for PKCS#11 plugins.
Weren't you lucky.
I gave up trying to do that sort of thing in Java when I ran across its
habit of doing reverse DNS lookups on every IP address it came across, just
in case it needed the FQDN for anything (I think it was stuck in the mindset
of "people only use SSL to talk to web servers, don't they, and the only way
of validating a web server is a certificate containing an FDQN, isn't it, so
whenever I see an IP address I'd better get the FQDN, hadn't I, because I'm
bound to need it soon, aren't I").
Well, no, actually. Guess what: sometimes people use SSL for purposes other
than talking to web severs, and in the cases of embedded devices with no DNS
records talking to each other by explicitly configured IP address the DNS
lookup took minutes to time out before Java would deign to get on with doing
what it was told. With no way of switching this nonsense off. Hence I used a
C++ DLL to do the crypto stuff.
Tim Ward - Brett Ward Limited - 07801 703 600
www.brettward.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
