Re: Best Practice of Creating TLS Client /Server in C?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Viktor Dukhovni wrote in
 <YgbYie7Gr3hdhweO@xxxxxxxxxxxxxxxxxxx>:
 |On Fri, Feb 11, 2022 at 09:13:05PM +0000, Joseph Chen via openssl-users \
 |wrote:
 |> Could someone point me to some good reads or C code examples for
 |> creating a TLS client/server with best practices?
 ...
 |In Postfix, you'll find clean, well commented code that handles
 |the SMTP use-case, and supports strict verification modes, but
 |defaults to unauthenticated TLS.  So you'd have to understand
 |which knobs to set to get the behaviour you want.
 ...
 |    https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_cl\
 |    ient.c
 |    https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_se\
 |    rver.c

There is also Network Security with OpenSSL from O'Reilly from
2002, free PDF around.  I think it is a good read still,
especially for a beginner.  You surely have to adapt it regarding
TLS_(client|server)_method, algorithms etc.  It also misses the
new SSL_CONF_CTX and CONF_modules_load_file() that unfortunately
is not convincingly mediated.  But then again OpenSSL forks like
ressl do not support them anyway.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux