Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?

Re: Using SSL with fixed public key

by idsfa (Vicar)
on Apr 30, 2006 at 15:47 UTC ( #546586=note: print w/ replies, xml ) Need Help??

in reply to Using SSL with fixed public key

If you already have a copy of the server cert and the CA chain that signed it (public keys all), you simply need to verify on the client:

$socket = IO::Socket::SSL->new ( PeerAddr => $ip, PeerPort => $port, Proto => 'tcp', SSL_version => 'SSLv3', SSL_verify_mode => 0x02 );

The above will fail if the client does not already have a copy of the server's public key in whatever directory your openssl.cnf file says they should reside. If you need to do additional verifications on your own, use SSL_verify_callback to specify your own additional code.

If you were looking for some way of setting up a server without having it even send a public key, you're no longer talking SSL. Consider the Crypt:: modules in that case ...

Updated: It would have been polite for you to mention that your update occurred after I had posted this ...

The intelligent reader will judge for himself. Without examining the facts fully and fairly, there is no way of knowing whether vox populi is really vox dei, or merely vox asinorum. — Cyrus H. Gordon

Comment on Re: Using SSL with fixed public key
Select or Download Code

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://546586]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (4)
As of 2015-10-09 03:46 GMT
Find Nodes?
    Voting Booth?

    Does Humor Belong in Programming?

    Results (233 votes), past polls