Help getting started - Openssl

This is a discussion on Help getting started - Openssl ; Hey all, I've been trying to put together a simple secure pop3 client (just login and check number of available messages) to test out the openSSL library but I can't seem to find any good tutorials or examples that really ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Help getting started

  1. Help getting started

    Hey all,

    I've been trying to put together a simple secure pop3 client (just login
    and check number of available messages) to test out the openSSL library
    but I can't seem to find any good tutorials or examples that really
    explains what's going on with certificates. Can someone point me in the
    direction of some documentation that might help me get started? Or at
    least outline the process of setting up a tcp/ip client like this?

    I expected that the process would be something like:
    1. login
    2. retrieve server's certificate
    3. do something to decide if the client should trust it
    4. then continue on my merry little way with pop transactions

    From the documentation available, I can't quite wrap my head around the
    SSL_CTX_load_verify_locations step (which, evidently, comes before
    connecting to the server). It seems like this function is used to load
    and validate some certificates, but I can't figure out whose. Are these
    stored copies of servers' certificates or are they certificates to
    identify the client computer? When the program first runs, these
    certificates wont exist, correct? What needs to be verified at this
    point? Is there a way to generate an empty certificate store if it
    doesn't exist yet (first run case)?

    Any help would be appreciated.

    Josh Bialkowski
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  2. RE: Help getting started

    Replies inlined. Pls correct me if wrong.


    Hey all,

    I've been trying to put together a simple secure pop3 client (just login
    and check number of available messages) to test out the openSSL library
    but I can't seem to find any good tutorials or examples that really
    explains what's going on with certificates. Can someone point me in the
    direction of some documentation that might help me get started? Or at
    least outline the process of setting up a tcp/ip client like this?

    I expected that the process would be something like:
    1. login
    2. retrieve server's certificate
    3. do something to decide if the client should trust it

    ---
    I think you have to implement the callback function to determine whether the
    client accepts the server cert
    or rejects it.
    ---
    4. then continue on my merry little way with pop transactions

    From the documentation available, I can't quite wrap my head around the
    SSL_CTX_load_verify_locations step (which, evidently, comes before
    connecting to the server). It seems like this function is used to load
    and validate some certificates, but I can't figure out whose.

    ----
    Those are CA certificate(s), which would be reqd to verify the server cert.
    ----

    Are these
    stored copies of servers' certificates or are they certificates to
    identify the client computer?

    ---
    Server cert need not be stored in the client computer. The server cert will
    be presented to the client
    during the SSL handshake.
    ---

    When the program first runs, these
    certificates wont exist, correct? What needs to be verified at this
    point?

    ---
    Nothing is verified at this point. At this time, we say that these are my CA
    certs and the incoming server cert
    has to be validated against these CA certs.
    ---

    Is there a way to generate an empty certificate store if it
    doesn't exist yet (first run case)?

    Any help would be appreciated.

    Josh Bialkowski


    DISCLAIMER
    ==========
    This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  3. RE: Help getting started

    Hi,

    > I've been trying to put together a simple secure pop3 client
    > (just login
    > and check number of available messages) to test out the
    > openSSL library
    > but I can't seem to find any good tutorials or examples that really
    > explains what's going on with certificates.


    AFAIK there aren't really any online tutorials for OpenSSL that
    explain how to get started. I would recommend you buy the Open
    SSL book "Network Security with OpenSSL".

    You really need to understand how SSL works before trying to start
    coding anything. OpenSSL has a /very/ steep learning curve IMHO.

    Good Luck!

    Mark

    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  4. Re: Help getting started

    Thanks for the suggestion. I was hoping I could slap together something
    simple and quick but if that is not the case, well, it's not the case.
    My library has that book so I'll check it out and get started with that.

    Thanks again.

    Mark wrote:
    > Hi,
    >
    >
    >> I've been trying to put together a simple secure pop3 client
    >> (just login
    >> and check number of available messages) to test out the
    >> openSSL library
    >> but I can't seem to find any good tutorials or examples that really
    >> explains what's going on with certificates.
    >>

    >
    > AFAIK there aren't really any online tutorials for OpenSSL that
    > explain how to get started. I would recommend you buy the Open
    > SSL book "Network Security with OpenSSL".
    >
    > You really need to understand how SSL works before trying to start
    > coding anything. OpenSSL has a /very/ steep learning curve IMHO.
    >
    > Good Luck!
    >
    > Mark
    >
    > __________________________________________________ ____________________
    > OpenSSL Project http://www.openssl.org
    > User Support Mailing List openssl-users@openssl.org
    > Automated List Manager majordomo@openssl.org
    >


    --

    Joshua J Bialkowski
    Graduate Student
    Department of Aeronautics and Astronautics
    Massachusetts Institute of Technology

    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


+ Reply to Thread