Signed Source® Project wrote: > I don't think I need to read any books.
In order to understand SSL/TLS basics it's enough to ask, for instance, wikipedia: http://en.wikipedia.org/wiki/Transport_Layer_Security In order to understand OpenSSL the mentioned book is very helpful though. > I am just trying to understand the demo in the ICS v7 first. In case of SSL/TLS I would not recommend this way. Usually a component wraps and hides the ugly details, but the ICS-SSL components are not foolproof, just like any other SSL components I'm aware of, means that the component user is able to make the SSL/TLS working with many security leaks. That's fine as long the user knows what he is doing. > > There is already everything I need. I don't need to create any > certificates for now. > > How can I use the existed certificates in the demo? > When I run the server demo, > There is: 01cert.pem, 01key.pem, cacert.pem --> What are they supposed > to do? > Are they supposed to be like PUTTY? --> one key for the server and > another for the client? A starting point may be: http://en.wikipedia.org/wiki/X.509 > > How about this? > Acceptable hosts? --> www.overbyte.be;www.borland.com > What Acceptable host means? It's just a storage place that you might want to use to accept some DNS names without verifying the peer certificate, for example. > > And at the client part there is a box called "URL", > what that exactly does? What demo exactly? > My understanding of SSL, > Server has a certificate, Correct, for servers a certificate is mandatory, for clients it's an option. > When the client/clients need to connect server asks for the > certificate. The demo in the ICS v7 isn't asking anything at all! That's what OpenSSL does under the hood if TSslContext.SslVerifyPeer property is set to TRUE. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
