Hi everyone.
I'm developing a generic network layer for some of the applications we make
and the need for 'transparent' encryption has led me to use SSL. However SSL
is certificate centric, and we can't have our clients going around creating,
signing & installing new certificates every once in a while so I was
thinking about doing the following :
Look into openssl.c and friends and figure out a way of making the server
generate a CA cert and server cert on the fly (no questions asked) [We could
even generate the cert with the license information the client provided when
he bought the software] and like other protocols when the client connected
it would ask for the certificate and check that it matched the license
information the client had and if it did then it would start talking with
the server encrypting everything from then on.
This is only being done to secure a channel between a client and server that
will speak the same protocol, it has nothing to do with HTTP.
Has anyone done anything similar to this ? Are there any obvious obstacles
or flaws in my reasoning that I'm not seeing ?
Any kind of input (useful input being preferred) is welcome.
Thank you for your time,
Marco Cunha
PS : The server & CA cert would be created at server startup and be valid
for a year or so... I doubt anyone has Windows running for that long and I
could put some kind of system to create a new server & CA cert when there
were no connections.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
