I am.
> -----Original Message-----
> From: Wade L. Scholine [mailto:[EMAIL PROTECTED]]
> Sent: Monday, May 22, 2000 12:26 PM
> To: '[EMAIL PROTECTED]'
> Subject: RE: Shall you help me!
>
>
> Is anybody else getting lots and lots of copies of mail fom this guy?
>
> > -----Original Message-----
> > From: Raaj Krissna [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, May 22, 2000 7:56 AM
> > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > Subject: Shall you help me!
> >
> >
> > I installed openssl-0.9.5a on Linux System
> > Iam new to this OpenSSL concept.That's why i tried to
> > bind the openssl connection to the socket without
> > sending the certificate from the server to the
> > client.Later i came to know that if anybody wants to
> > form the communication between the client and server
> > then the server must send the certificate to the
> > client.
> > I tried in so many ways(by writing the programs in "C"
> > using OpenSSL API's) to establish a communication link
> > between the server and client.(I even tried the
> > example client/server applications which are given in
> > the "/apps" directory.But none of them worked out
> > well.
>
> Look at the demos/ssl directory. The cli and serv programs
> there do work. (with some modification... to cli.c: see below)
>
> You should rename the source files to "cli.c"
> and "serv.c" though. I don't know why sampo named the originals
> .cpp.
>
> The changes you need have to do with seeding the PRNG.
>
> Here are some diffs that make it work:
>
> $ diff cli.c cli.c~
> 28d27
> <
> 38c37
> < char buf [4096], randfname[4096];
> ---
> > char buf [4096];
> 63,71c62
> <
> < if (!RAND_file_name(randfname, 4096)) {
> < printf("Can't get rand file name: set env var RANDOM\n");
> < exit (1);
> < }
> < if (!RAND_load_file(randfname, -1)) {
> < printf("Can't load random bytes\n");
> < exit(1);
> < }
> ---
> >
> 118,121d108
> < if (!RAND_write_file(randfname)) {
> < printf("Can't write random state\n");
> < exit(1);
> < }
>
>
> >
> > 1)Shall anybody tell me "if i want to send the
> > certificate of the server to the client which ".pem "
> > file i have to mention in the server?" and
>
> Any well-formed server cert should work. Try the file
> server.pem in the apps
> directory. Copy it to where the serv program is and rename it to
> "foo-cert.pem."
>
> >
> > 2)Once the client receives the server certificate how
> > it has to check that server's certificate?
>
> In order to check the server's cert, the usual thing to do is
> to verify the
> issuer's signature. To do this, the client needs a copy of
> the issuer's CA
> cert.
>
> If the client is going to verify the server cert (which the
> cli.c program
> doesn't do) it needs to call SSL_CTX_load_verify_locations()
> to specify
> where the issuer cert is located. The client should also call
> SSL_CTX_set_verify() with the flag SSL_VERIFY_PEER.
>
> >
> > There are a lot of doubts in my mind regarding the
> > certificates and "key"files.
>
> Look at the "SSLeay Certificate Cookbook" at
> http://www.ultranet.com/~fhirsch/Papers/cook/ssl_cook.html
>
>
> > Shall anybody send me a simple client/server
> > application which is written in "C" and that works
> > perfectly on Linux?
>
> See above.
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
