Crypto libraries
OpenSSL II (cont.)
Milan Brož
xbroz@fi.muni.cz
PV181, FI MUNI, Brno
Today’s exercise
 Continue with OpenSSL on Linux
 Work with certificates
 More complex example
 Trivial TLS client with https cert. validation
Example 6:
Signing and certificates
PKCS12
- PKCS12_verify_mac, PKCS12_parse
PKCS7
- PKCS7_sign, PKCS7_verify
X509
- X509_STORE_add_lookup
BIO
- BIO_new, BIO_new_mem_buf, BIO_new_file
- BIO_push, BIO_f_cipher, BIO_set_cipher
- BIO_flush, BIO_free_all
- d2i_PKCS12_bio, d2i_PKCS7_bio
See 6_cert_sign_openssl directory.
Ex6: prepare CA signed cert.
script: 6_cert_sign_openssl/create_CA
Example 7:
TLS connection & certificates
BIO TLS connection
- SSL_CTX_set_verify, SSL_get_peer_certificate,
SSL_get_verify_result
- BIO_new_ssl_connect, BIO_get_ssl, BIO_do_connect,
BIO_do_handshake
X509
- X509_STORE_CTX_get_current_cert, X509_print_ex_fp,
X509_NAME_get_entry, …
Connect to https://www.google.com.
Read and validate certificates.
Sent HTTP GET and receive /robots.txt through a secured connection.
See 7_tls_client_openssl directory.