[JDEV] Re: SSL and jabbernaut

[Max Horn]

>  > SSL for Server-to-server is a very problematic issue, though. Either
>>  we force to use *only* SSL connections, but this is unrealistic. Or
>>  we allow both, but then we can as well not use SSL as well, because
>>  the user can never know if his data is only submitted via a secure
>>  route...
>The proper route is to only use SSL. Once the RSA patent expires
>in the US in September, this will be easier to accomplish. The IETF
>is now not approving any new protocols that aren't secure.

That are good news indeed! I was not aware of the patent expiring so soon.



>I don't think so. It only costs money to get a Verisign signed cert.
>The last time I checked openSSL included the master certs for
>most of the major CAs.

Ah yes, I just found them. To be true, my first SSL support was kind 
of a hack, I looked at the examples and tried to copy what they do. 
Unfortunatly, I looked at an example that doesn't use certs, that's 
why I at first overlooked it all. I'll see how I can incorporate them 
in mac-like fashion.



>  > As I stated above, I added SSL (using OpenSSL 0.9.5a) to my client.
>>  In fact, to do this, I reactived the (abandoned) Macintosh port of
>>  OpenSSL :-)
>>  But I lack knowledge of SSL :-(. I will have to dig into the docs...
>While I'm not an SSL programmer, I have a pretty good
>understanding of the protocol (I've been issuing & managing SSL
>certificats for nearly 4 years). If you have questions, you can send
>them to me and I'll try to help.

Thank you very much, mark, that is very kind!


>BTW It would really rock if you could get Stunnel to compile on a
>Mac. :)

I'm not sure this is easily possible. I know that there are one or 
two commercial apps for the mac that implement SSL tunneling. But I'm 
not sure a straight port is possible... But then, I dunno how stunnel 
on unix/windows works, I can't judge it before looking at the 
source/docs.

I'm trying to get the OpenSSL app to compile currently. I'll have to 
"emulate" some timing functions it seems.


>I have the basic SSL outline at
>http://developer.iplanet.com/viewsource/wilcox_protect/wilcox_prote
>ct.html

Thanks, this article was helpful.


>There's also a good book "SSL and TLS Essentials" by Stepehn
>Thomas.

I'' check it out, thanks.


>You might also want to look at the IO::SSL module in Perl because
>it has the verify code in it, which is all that it sounds like you're
>missing.

OK.



Thanks for your help,


Max
-- 
-----------------------------------------------------------
Max "The Black Fingolfin" Horn
<mailto:max at quendi.de>
<http://www.quendi.de> - please use my guestbook!