Validating server certificate only

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Validating server certificate only

michael Dorrian
I want to create a sample program which connects to the server and reads in various information to verify that this server is trustworthy and then when i verify its the correct one ,connect and transfer data. I have only seen client and server examples which use a client and server pair made by a CA but i want to basically do the same thing as in a web browser but using client and server c programs . Can i use the same file as used in the browser to verify the servers authenticity or how would i go about doing it?.


Relax. Yahoo! Mail virus scanning helps detect nasty viruses!
Reply | Threaded
Open this post in threaded view
|

Re: Validating server certificate only

Kyle Hamilton
To verify a server as trustworthy, you must obtain the server's
certificate, and certificate chain leading up to a trusted CA, or
explicitly trust the server's certificate as presented.

You can avoid the C problem by using Perl or another language which
can speak TLS/SSL, but you cannot avoid TLS/SSL to get the server's
certificate.

If you're looking for something that you can use via expect, I suppose
you could use some combination of options to openssl s_server and
openssl s_client, but those are not designed for this application.

-Kyle H

On 3/13/06, michael Dorrian <[hidden email]> wrote:

>
> I want to create a sample program which connects to the server and reads in
> various information to verify that this server is trustworthy and then when
> i verify its the correct one ,connect and transfer data. I have only seen
> client and server examples which use a client and server pair made by a CA
> but i want to basically do the same thing as in a web browser but using
> client and server c programs . Can i use the same file as used in the
> browser to verify the servers authenticity or how would i go about doing
> it?.
>
>
>  ________________________________
> Relax. Yahoo! Mail virus scanning helps detect nasty viruses!
>
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]