Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things

Re: Using SSL with fixed public key

by idsfa (Vicar)
on Apr 30, 2006 at 15:47 UTC ( #546586=note: print w/replies, xml ) Need Help??

in reply to Using SSL with fixed public key

If you already have a copy of the server cert and the CA chain that signed it (public keys all), you simply need to verify on the client:

$socket = IO::Socket::SSL->new ( PeerAddr => $ip, PeerPort => $port, Proto => 'tcp', SSL_version => 'SSLv3', SSL_verify_mode => 0x02 );

The above will fail if the client does not already have a copy of the server's public key in whatever directory your openssl.cnf file says they should reside. If you need to do additional verifications on your own, use SSL_verify_callback to specify your own additional code.

If you were looking for some way of setting up a server without having it even send a public key, you're no longer talking SSL. Consider the Crypt:: modules in that case ...

Updated: It would have been polite for you to mention that your update occurred after I had posted this ...

The intelligent reader will judge for himself. Without examining the facts fully and fairly, there is no way of knowing whether vox populi is really vox dei, or merely vox asinorum. — Cyrus H. Gordon

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://546586]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (2)
As of 2018-05-25 02:27 GMT
Find Nodes?
    Voting Booth?