Best Practice of Creating TLS Client /Server in C?
Steffen Nurpmeso
steffen at sdaoden.eu
Fri Feb 11 22:49:06 UTC 2022
Viktor Dukhovni wrote in
<YgbYie7Gr3hdhweO at straasha.imrryr.org>:
|On Fri, Feb 11, 2022 at 09:13:05PM +0000, Joseph Chen via openssl-users \
|wrote:
|> Could someone point me to some good reads or C code examples for
|> creating a TLS client/server with best practices?
...
|In Postfix, you'll find clean, well commented code that handles
|the SMTP use-case, and supports strict verification modes, but
|defaults to unauthenticated TLS. So you'd have to understand
|which knobs to set to get the behaviour you want.
...
| https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_cl\
| ient.c
| https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_se\
| rver.c
There is also Network Security with OpenSSL from O'Reilly from
2002, free PDF around. I think it is a good read still,
especially for a beginner. You surely have to adapt it regarding
TLS_(client|server)_method, algorithms etc. It also misses the
new SSL_CONF_CTX and CONF_modules_load_file() that unfortunately
is not convincingly mediated. But then again OpenSSL forks like
ressl do not support them anyway.
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
More information about the openssl-users
mailing list