[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SSL support
From: |
Jan-Henrik Haukeland |
Subject: |
Re: SSL support |
Date: |
19 Sep 2002 19:54:09 +0200 |
User-agent: |
Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.4 (Civil Service) |
Very cool! Oddly enough I'm also working with implementing SSL
support, not for monit though but for my zervlet system and I thought
about moving some code over to monit when I'm done. But this means I
don't have to :-)
Adding SSL to monit is a very good idea and your listed rational below
for doing this is just my thoughts.
Two hints
1) I'm learning SSL from this book http://www.opensslbook.com/ It's
not a particulary good book, but okay and the only one about openssl.
There are also code examples at the web-site, but also not particulary
good..
2) I just browsed through your code (very fast) and I think you will
need two things at least, properly seeding the openssl prng and Thread
locking support since monit uses threads. The last one is tricky but I
have enclosed some of my current code from zervlet, check out
especially Crypto_start/Crypto_stop. It won't compile since there are
some dependencies to other functions in the zervlet lib but will give
you a good start on initializing the ssl library properly. You can use
this code in monit if you want to, never mind the licensing header :-)
(I use two defines you will need to know about.
#define Thread_T pthread_t
#define Mutex_T pthread_mutex_t
I'm doing it like this since I'm planing on using zervlet on Win32 as well
)
Christian Hopp <address@hidden> writes:
> ... maybe I was again programming to early before asking the other
> developers, but the code was flowing too fast from my fingers so I
> can't stop it. (-:
>
> I have made a client/server (open)ssl wrapper library for monit. It
> is able to initiate complete ssl connections (including the net stuff)
> or it can add a ssl layer on exiting sockets. Create, close, accept,
> send, recv, gc is implemented. (see ssl.c/ssl.h)
>
> Why...
> - to check services which are forged via ssl (imaps, https, pop3s...)
> - to check the actual ssl service (e.g. cert issuer, cert age)
> - to give the monit http server ssl support (maybe also with auth over
> client cert check)
>
> It is not yet integrated in any code but it already uses monits code
> for the network stuff. I have attached the actual code with two demo
> progs to inspire you. They are test_cli.c and testsrv.c and it should
> be obvious what they do. (-: Simply unpack it in the monit source,
> compile instruction is in the code.
>
> Development was done with openssl-0.9.6e. Btw, I was inspired by two
> demos in the openssl code.
>
>
> Bye,
>
> Christian
>
> --
> Christian Hopp email: address@hidden
> Institut für Elektrische Informationstechnik fon: +49-5323-72-2113
> Technische Universität Clausthal fax: +49-5323-72-3197
> pgpkey: https://www.iei.tu-clausthal.de/pgp-keys/chopp.key.asc (2001-11-22)
>
ssl.tgz
Description: ssl.tgz
--
Jan-Henrik Haukeland
- SSL support, Christian Hopp, 2002/09/19
- Re: SSL support,
Jan-Henrik Haukeland <=