Hi Scott, Scott <cheesy4poofs@cox.net> wrote:
When I'm done, I hope you (or someone with SSL experience) wouldn't mind answering a few questions about getting SSL working.
My knowledge of SSL is pretty limited, so I'll do my best.
I basically just want a simple encrypted tcp stream, with a minimal of fuss. I don't need certificates (at least I don't think I do). All I want is the server and client to generate keys on startup automatically and use those keys to negotiate the symmetric cypher during handshaking. If there's an easy way to hook that up, please let me know.
For the client, you can remove the need for certificates by making the following change to the example program: --- client.cpp 3 May 2006 13:12:46 -0000 1.10 +++ client.cpp 15 Jun 2006 12:47:19 -0000 @@ -115,8 +115,7 @@ asio::ip::tcp::resolver::iterator iterator = resolver.resolve(query); asio::ssl::context ctx(io_service, asio::ssl::context::sslv23); - ctx.set_verify_mode(asio::ssl::context::verify_peer); - ctx.load_verify_file("ca.pem"); + ctx.set_verify_mode(asio::ssl::context::verify_none); client c(io_service, ctx, iterator);
The example client/server SSL seems unwieldy. It actually makes you type a pass phrase when the server starts. I really don't want that.
According to the O'Reilly OpenSSL book, the passphrase is used to protect the private key if it's in PEM format. Private key files that use the ASN.1 format are not encrypted, so if you use one of these you shouldn't be prompted for a passphrase. I.e. the server would be changed to use: context_.use_private_key_file( "privatekey.asn1", asio::ssl::context::asn1); I don't know if it's possible to have a server without a private key. The examples in the book all seem to use one. Cheers, Chris