I haven't done a lot with SSL before, but most of the interfaces in openssl seem reasonably straightforward and I have gotten some basic examples and test cases up and running. My question pertains to SSL methods ( SSL_METHOD ) and the difference between the different methods. I would like to know what the real difference between server, client, and generic methods is. Does it have to do with the way that authentication is performed? Here's a simplified version of the situation I have and the problem I'm trying to solve: I have two machines, I'll refer to them as machines A and B for the sake of discussion. Both of these machines are listening on a particular port and know about one another (IP address and listening port). Both of them have the same private key and certificate files (for now at least). If one of them encounters a certain situation it will send a message to the other. The machine sending the message will use an exiting connection (if already connected to the other machine) otherwise it creates a new connection to the remote machine so that it can send the message. When done the connection is kept alive for a period of time, but lets just say indefinitely for now. If machine A and B start out disconnected and machine A wants to send a message to machine B, should machine A set up the SSL connection in client mode after negotiating the TCP connection and machine B set the corresponding SSL connection on its end to server mode? What happens if they both set themselves up in server mode? Can one still do an SSL_connect and the other an SSL_accept? Can I make them both verify the others certificate, and does one mode over the other change the way verification is done? I would like to have auto negotiation done if possible, but if not what do I have to do to make sure that the handshaking occurs? I'd appreciate any information you can send my way: answers, code, FAQ's, etc. that you can refer me to. Thanks, Nick Woods ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
