To verify a server as trustworthy, you must obtain the server's certificate, and certificate chain leading up to a trusted CA, or explicitly trust the server's certificate as presented.
You can avoid the C problem by using Perl or another language which can speak TLS/SSL, but you cannot avoid TLS/SSL to get the server's certificate. If you're looking for something that you can use via expect, I suppose you could use some combination of options to openssl s_server and openssl s_client, but those are not designed for this application. -Kyle H On 3/13/06, michael Dorrian <[EMAIL PROTECTED]> wrote: > > I want to create a sample program which connects to the server and reads in > various information to verify that this server is trustworthy and then when > i verify its the correct one ,connect and transfer data. I have only seen > client and server examples which use a client and server pair made by a CA > but i want to basically do the same thing as in a web browser but using > client and server c programs . Can i use the same file as used in the > browser to verify the servers authenticity or how would i go about doing > it?. > > > ________________________________ > Relax. Yahoo! Mail virus scanning helps detect nasty viruses! > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
