Hacker News new | past | comments | ask | show | jobs | submit login
How to Use Secure Sockets in C on Linux (netprivacypro.com)
42 points by fairlight1337 10 months ago | hide | past | favorite | 6 comments



I would have liked to see the logic on client side to decide if the certificate presented by the server is valid.


I'm a little surprised the OpenSSL API doesn't force you to consider this by default, but indeed it does not: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_new.html...

> On session establishment, by default, no peer credentials verification is done. This must be explicitly requested, typically using SSL_CTX_set_verify(3).

Aside: According to those docs, SSLv23_client_method() is deprecated.


Yeah, not verifying server cert or OCSP/CRLs is a problem. DNS attacks can redirect and you'd be none the wiser.


The page was updated to include that.


Well done!


This is a really nice part 1. I think a series building from this up to what would be considered "secure" in modern day, with the other topics already mentioned in comments here and on the article, would be awesome. I could easily see it becoming a very popular resource among students or new devs who are solving these problems for the first time themselves. The writing is very clear and concise.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: