Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Re: Using SSL with fixed public key

by idsfa (Vicar)
on Apr 30, 2006 at 15:47 UTC ( #546586=note: print w/ replies, xml ) Need Help??


in reply to Using SSL with fixed public key

If you already have a copy of the server cert and the CA chain that signed it (public keys all), you simply need to verify on the client:

$socket = IO::Socket::SSL->new ( PeerAddr => $ip, PeerPort => $port, Proto => 'tcp', SSL_version => 'SSLv3', SSL_verify_mode => 0x02 );

The above will fail if the client does not already have a copy of the server's public key in whatever directory your openssl.cnf file says they should reside. If you need to do additional verifications on your own, use SSL_verify_callback to specify your own additional code.

If you were looking for some way of setting up a server without having it even send a public key, you're no longer talking SSL. Consider the Crypt:: modules in that case ...

Updated: It would have been polite for you to mention that your update occurred after I had posted this ...


The intelligent reader will judge for himself. Without examining the facts fully and fairly, there is no way of knowing whether vox populi is really vox dei, or merely vox asinorum. — Cyrus H. Gordon


Comment on Re: Using SSL with fixed public key
Select or Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://546586]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (6)
As of 2014-09-03 04:11 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite cookbook is:










    Results (35 votes), past polls