Viktor Dukhovni wrote in <YgbYie7Gr3hdhweO@xxxxxxxxxxxxxxxxxxx>: |On Fri, Feb 11, 2022 at 09:13:05PM +0000, Joseph Chen via openssl-users \ |wrote: |> Could someone point me to some good reads or C code examples for |> creating a TLS client/server with best practices? ... |In Postfix, you'll find clean, well commented code that handles |the SMTP use-case, and supports strict verification modes, but |defaults to unauthenticated TLS. So you'd have to understand |which knobs to set to get the behaviour you want. ... | https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_cl\ | ient.c | https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_se\ | rver.c There is also Network Security with OpenSSL from O'Reilly from 2002, free PDF around. I think it is a good read still, especially for a beginner. You surely have to adapt it regarding TLS_(client|server)_method, algorithms etc. It also misses the new SSL_CONF_CTX and CONF_modules_load_file() that unfortunately is not convincingly mediated. But then again OpenSSL forks like ressl do not support them anyway. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
