Boost logo

Boost :

From: Christopher Kohlhoff (chris_at_[hidden])
Date: 2006-06-15 08:56:52


Hi Scott,

Scott <cheesy4poofs_at_[hidden]> wrote:
> When I'm done, I hope you (or someone with SSL experience)
> wouldn't mind answering a few questions about getting SSL
> working.

My knowledge of SSL is pretty limited, so I'll do my best.

> I basically just want a simple encrypted tcp stream, with a
> minimal of fuss. I don't need certificates (at least I don't
> think I do). All I want is the server and client to generate
> keys on startup automatically and use those keys to negotiate
> the symmetric cypher during handshaking. If there's an easy
> way to hook that up, please let me know.

For the client, you can remove the need for certificates by
making the following change to the example program:

--- client.cpp 3 May 2006 13:12:46 -0000 1.10
+++ client.cpp 15 Jun 2006 12:47:19 -0000
@@ -115,8 +115,7 @@
     asio::ip::tcp::resolver::iterator iterator = resolver.resolve(query);

     asio::ssl::context ctx(io_service, asio::ssl::context::sslv23);
- ctx.set_verify_mode(asio::ssl::context::verify_peer);
- ctx.load_verify_file("ca.pem");
+ ctx.set_verify_mode(asio::ssl::context::verify_none);

     client c(io_service, ctx, iterator);

> The example client/server SSL seems unwieldy. It actually
> makes you type a pass phrase when the server starts. I really
> don't want that.

According to the O'Reilly OpenSSL book, the passphrase is used to
protect the private key if it's in PEM format. Private key files
that use the ASN.1 format are not encrypted, so if you use one
of these you shouldn't be prompted for a passphrase. I.e. the
server would be changed to use:

  context_.use_private_key_file(
      "privatekey.asn1", asio::ssl::context::asn1);

I don't know if it's possible to have a server without a private
key. The examples in the book all seem to use one.

Cheers,
Chris


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk