Re: SSL/TLS - am I doing it right?
- From: Sybren Stuvel <sybrenUSE@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 13 Mar 2006 14:57:04 +0100
Paul Rubin enlightened us with:
for example, OpenSSL (www.openssl.org) comes with a simple Perl
script that acts as a rudimentary CA.
I never understood those CA scripts. I mean, creating a new CA
certificate only has to be done once, and is:
openssl req -new -x509 -key $KEY -out $OUT -days 365 -config $CONF
Signing a certificate request is easier:
openssl ca -in some.req
Why do people feel the need to wrap that up in some Perl script?
Note that TLSLite at the moment doesn't know how to authenticate
certificate chains all by itself without external libraries. I
didn't look at your code sample closely enough to figure out whether
you were using OpenSSL or M2Crypto in a way that takes care of that.
TLS Lite can use both, and cryptlib_py too. For proper verification,
you need the latter. My CRL checks also require cryptlib.
Sybren
--
The problem with the world is stupidity. Not saying there should be a
capital punishment for stupidity, but why don't we just take the
safety labels off of everything and let the problem solve itself?
Frank Zappa
.
- References:
- SSL/TLS - am I doing it right?
- From: Frank Millman
- Re: SSL/TLS - am I doing it right?
- From: Sybren Stuvel
- Re: SSL/TLS - am I doing it right?
- From: Frank Millman
- Re: SSL/TLS - am I doing it right?
- From: Sybren Stuvel
- Re: SSL/TLS - am I doing it right?
- From: Frank Millman
- Re: SSL/TLS - am I doing it right?
- From: Paul Rubin
- SSL/TLS - am I doing it right?
- Prev by Date: Re: Can't simultaneously read/write from ossaudio dsp device
- Next by Date: Re: Speed of data structures in python
- Previous by thread: Re: SSL/TLS - am I doing it right?
- Next by thread: Implement EJBs in Python/Jython
- Index(es):
Relevant Pages
|
