Theodore Hope wrote: > > I'll elaborate on my previous post. What I want is to implement a poor > > man's SSL client which doesn't know what a certificate is but is capable > > to connect to any secure Web server out there (Apache, IIS, Netscape). > > > > I see it has to support Diffie-Hellman, Triple-DES and SHA1 (goodbye to > > RC4 and MD5). Is it correct? > > What about "s_client"? I use the SSLeay s_client (haven't moved up > to openssl yet!) to connect to ssl web servers; it dumps the cert > into that the server sends, and ignores it. After that you can > do sophisticated things like "HEAD / HTTP/1.0\n\n" ;-) Ok, there's a little detail I forgot to mention: the thing I'm programming for is a specialized machine, not a PC. I don't have anything even remotely resembling Unix. It's a custom OS, the PC is only for development. I do have TCP/IP connectivity and a BSD Sockets C interface, though. I tried to compile OpenSSL in its entirety for the new platform (or at least the interesting ciphersuites, like RSA, MD5, RC4). But I couldn't do that whitout including things like asn1 and x509. The compiler coughed at the size of some sources (it's DOS-based :( ). Now I researched and learned (correct me if I'm wrong please) that I can't ignore the server certificate if I'm using RSA as the key exchanger. I'll have to use DH if I want a "thin" SSL client. Another thing: I used "openssl s_client -connect XXX:xx -cipher NNN" against an Apache/OpenSSL I installed myself (with the default options). It refuses any cipher that has DH in it. I don't want my thin client not to be able to connect to the vast majority of the https servers out there. Also, I don't want to mess with the certificate data sent by the server (for the planned applications, it's O.K. to ignore it altogether). I don't want to deal with ASN1 more than strictly necessary, either. Do I want too much? Can somebody shed some light on this subject? L8R,
begin:vcard n:Castro;Juan tel;work:540-9100 Ramal 46 x-mozilla-html:FALSE url:http://www.appi.com.br/~jcastro org:APPI Informática;Desenvolvimento adr:;;Av. Ataulfo de Paiva, 135/1410 - Leblon;Rio de Janeiro;RJ;22499-900;Brasil version:2.1 email;internet:[EMAIL PROTECTED] title:Consultor note;quoted-printable:One man alone cannot fight the future. USE LINUX!=0D=0A=0D=0A -- The X Racer fn:Juan Carlos Castro y Castro end:vcard
