OpenSSL Examples

http://www.rtfm.com/openssl-examples/

WARNING: THIS CODE IS UNMAINTAINED

I haven't done anything with this code since 2002. Hence the code has bit rotted. It still mostly works but there are (at least) two important caveats:

• The certificate issued with the code have expired. Trying to use them will cause connection failures with confusing diagnostics. Here is a goodwriteup about how to set up an OpenSSL-based CA so you can issue fresh certificates.
• This code uses legacy APIs to pull out the common name from the certificate. In particular, it doesn't handle embedded zeros in the common name properly because it usesX509_NAME_get_text_by_NID() and strcasecmp to extract and compare the CN but this get confused if there are multiple CNs and more importantly, if there is a 0 byte in the domain name, which Moxie Marlinspike has shown can lead to vulnerabilities. CAs hopefully aren't issuing certificates where these issues lead to confusion, but you would be better off migrating to the new OpenSSL APIs, as documentedhere.

Of course, there may be other stuff I don't know about or have forgotten. Like I said, unmaintained.

Someday I may get around to really fixing these issues and deploying a new version of the code, but it's at the end of a long stack of things and in the meantimecaveat emptor!

---

 

OpenSSL Examples

This is a set of example programs demonstrating how to perform basic tasks with OpenSSL. There are five programs:wclienta simple web client emulatorwservera simple web server emulatorwclient2a version of wclient with some extra options including setting the cipher suite and session cachingwserver2a version of wserver2 with some extra options including setting the cipher suite, client authentication, rehandshake, and session cachingsclienta simple client program that echos from the keyboard to the server and vice versa. sclient is a simple model of a terminal client such as Telnet.

Although the programs are extensively commented they are not completely self-explanatory. Rather, they are intended to be used as a companion to a series of articles published inLinux Journal. The first article was published in the September issue and the second article was published on the Web on October. Updated versions of both are included in this package in PDF form.

This explains why we have both wclient and wclient2 (and wserver and wserver2). The first editions appear in the first article and the second ones in the second article. This structure also lets the reader learn the basics without advanced features getting in the way.

Downloading

The latest source can be found here. I'll periodically publish new editions of the source with bug fixes and improvements. The current version is 20020110 (January 10, 2002). You can download just the article in PDF form:part 1 and part 2. Currently they are only available in PDF. If you're interested in producing an HTML version,contact me. I have bad HTML generated by groff but it will require surgery to be usable.

Shameless Plug

Extremely detailed coverage of SSL/TLS can be found in

SSL and TLS: Designing and Building Secure Systems
Eric Rescorla
Addison-Wesley, 2001
ISBN 0-201-61598-3

The programs found here were excerpted from the book.