I haven't done anything with this code since 2002. Hence the code has bit rotted. It still mostly works but there are (at least) two important caveats:
strcasecmpto extract and compare the CN but this get confused if there are multiple CNs and more importantly, if there is a 0 byte in the domain name, which Moxie Marlinspike has shown can lead to vulnerabilities. CAs hopefully aren't issuing certificates where these issues lead to confusion, but you would be better off migrating to the new OpenSSL APIs, as documented here.
Of course, there may be other stuff I don't know about or have forgotten. Like I said, unmaintained.
Someday I may get around to really fixing these issues and deploying a new version
of the code, but it's at the end of a long stack of things and in the meantime
This is a set of example programs demonstrating how to perform basic tasks with OpenSSL. There are five programs:
|wclient||a simple web client emulator|
|wserver||a simple web server emulator|
|wclient2||a version of wclient with some extra options including setting the cipher suite and session caching|
|wserver2||a version of wserver2 with some extra options including setting the cipher suite, client authentication, rehandshake, and session caching|
|sclient||a simple client program that echos from the keyboard to the server and vice versa. sclient is a simple model of a terminal client such as Telnet.|
Although the programs are extensively commented they are not completely self-explanatory. Rather, they are intended to be used as a companion to a series of articles published in Linux Journal. The first article was published in the September issue and the second article was published on the Web on October. Updated versions of both are included in this package in PDF form.
This explains why we have both wclient and wclient2 (and wserver and wserver2). The first editions appear in the first article and the second ones in the second article. This structure also lets the reader learn the basics without advanced features getting in the way.
The latest source can be found here. I'll periodically publish new editions of the source with bug fixes and improvements. The current version is 20020110 (January 10, 2002). You can download just the article in PDF form: part 1 and part 2. Currently they are only available in PDF. If you're interested in producing an HTML version, contact me. I have bad HTML generated by groff but it will require surgery to be usable.
SSL and TLS: Designing and Building Secure Systems
The programs found here were excerpted from the book.