Replies inlined. Pls correct me if wrong.
Hey all,
I've been trying to put together a simple secure pop3 client (just login
and check number of available messages) to test out the openSSL library
but I can't seem to find any good tutorials or examples that really
explains what's going on with certificates. Can someone point me in the
direction of some documentation that might help me get started? Or at
least outline the process of setting up a tcp/ip client like this?
I expected that the process would be something like:
1. login
2. retrieve server's certificate
3. do something to decide if the client should trust it
---
I think you have to implement the callback function to determine whether the
client accepts the server cert
or rejects it.
---
4. then continue on my merry little way with pop transactions
From the documentation available, I can't quite wrap my head around the
SSL_CTX_load_verify_locations step (which, evidently, comes before
connecting to the server). It seems like this function is used to load
and validate some certificates, but I can't figure out whose.
----
Those are CA certificate(s), which would be reqd to verify the server cert.
----
Are these
stored copies of servers' certificates or are they certificates to
identify the client computer?
---
Server cert need not be stored in the client computer. The server cert will
be presented to the client
during the SSL handshake.
---
When the program first runs, these
certificates wont exist, correct? What needs to be verified at this
point?
---
Nothing is verified at this point. At this time, we say that these are my CA
certs and the incoming server cert
has to be validated against these CA certs.
---
Is there a way to generate an empty certificate store if it
doesn't exist yet (first run case)?
Any help would be appreciated.
Josh Bialkowski
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the
property of Persistent Systems Ltd. It is intended only for the use of the
individual or entity to which it is addressed. If you are not the intended
recipient, you are not authorized to read, retain, copy, print, distribute or
use this message. If you have received this communication in error, please
notify the sender and delete all copies of this message. Persistent Systems
Ltd. does not accept any liability for virus infected mails.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
