Difference between revisions of "How to handle OpenSSL and not get hurt"

From PDP/Grid Wiki
Jump to navigationJump to search
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Stuff you wished to know before you every needed to touch the OpenSSL library ==
+
== Intro ==
 +
 
 +
=== Stuff you wished to know before you every needed to touch the OpenSSL library ===
  
 
This page is constructed as a personal '''braindump''' to be able to share some point of reference with those involved with OpenSSL. On the web OpenSSL is poorly documented and even the book '''Network Security with OpenSSL''' doesn't touch the advanced inner workings of the library. The library and its CLI tools are a part of our everyday Grid life and working with it, as intimately as developing callback functions and home-brew proxy certificate verification routines, has let me research how stuff works deeply from within the rabbit hole of the library itself.
 
This page is constructed as a personal '''braindump''' to be able to share some point of reference with those involved with OpenSSL. On the web OpenSSL is poorly documented and even the book '''Network Security with OpenSSL''' doesn't touch the advanced inner workings of the library. The library and its CLI tools are a part of our everyday Grid life and working with it, as intimately as developing callback functions and home-brew proxy certificate verification routines, has let me research how stuff works deeply from within the rabbit hole of the library itself.
  
== Tip #1 ==
+
=== Use the source! ===
  
 
When in true doubt: Use the source! When you're '''looking for anything particular or specialized''' and you really wish to know how OpenSSL is handling this: '''Use the Source!'''. There are more gems in the documentation of the OpenSSL source tarballs and it's easily grep-able.
 
When in true doubt: Use the source! When you're '''looking for anything particular or specialized''' and you really wish to know how OpenSSL is handling this: '''Use the Source!'''. There are more gems in the documentation of the OpenSSL source tarballs and it's easily grep-able.
  
 +
== Down the rabbit hole...  ==
  
== Background information ==
+
=== Background information ===
  
 
This section will have all kinds of background information regarding OpenSSL, Proxy certificates, CAs, formatting details and other (hopefully) useful tidbits.
 
This section will have all kinds of background information regarding OpenSSL, Proxy certificates, CAs, formatting details and other (hopefully) useful tidbits.
Line 14: Line 17:
 
Go to: [[How to handle OpenSSL and not get hurt background information]]
 
Go to: [[How to handle OpenSSL and not get hurt background information]]
  
== What does that library call really do? ==
+
=== What does that library call really do? ===
  
 
So, how does that library call REALLY work and what am I expect to do? To free, or not to free, that is the question...
 
So, how does that library call REALLY work and what am I expect to do? To free, or not to free, that is the question...
Line 20: Line 23:
 
Go to: [[How to handle OpenSSL and not get hurt and what does that library call really do?]]
 
Go to: [[How to handle OpenSSL and not get hurt and what does that library call really do?]]
  
== Interesting OpenSSL CLI need-to-knows ==
+
Also added some OCSP related information.
 +
 
 +
=== Interesting OpenSSL CLI need-to-knows ===
  
 
This page hold all kinds of OpenSSL CLI tool tips and tricks.
 
This page hold all kinds of OpenSSL CLI tool tips and tricks.

Latest revision as of 21:10, 23 November 2012

Intro

Stuff you wished to know before you every needed to touch the OpenSSL library

This page is constructed as a personal braindump to be able to share some point of reference with those involved with OpenSSL. On the web OpenSSL is poorly documented and even the book Network Security with OpenSSL doesn't touch the advanced inner workings of the library. The library and its CLI tools are a part of our everyday Grid life and working with it, as intimately as developing callback functions and home-brew proxy certificate verification routines, has let me research how stuff works deeply from within the rabbit hole of the library itself.

Use the source!

When in true doubt: Use the source! When you're looking for anything particular or specialized and you really wish to know how OpenSSL is handling this: Use the Source!. There are more gems in the documentation of the OpenSSL source tarballs and it's easily grep-able.

Down the rabbit hole...

Background information

This section will have all kinds of background information regarding OpenSSL, Proxy certificates, CAs, formatting details and other (hopefully) useful tidbits.

Go to: How to handle OpenSSL and not get hurt background information

What does that library call really do?

So, how does that library call REALLY work and what am I expect to do? To free, or not to free, that is the question...

Go to: How to handle OpenSSL and not get hurt and what does that library call really do?

Also added some OCSP related information.

Interesting OpenSSL CLI need-to-knows

This page hold all kinds of OpenSSL CLI tool tips and tricks.

Go to: How to handle OpenSSL and not get hurt using the CLI.

Contact and contribute

I'd like to invite everybody who reads this to contribute tips, tricks, {code,wiki}-patches, need-to-knows, pitfalls, quirks, interesting routines, &c to this page directly or for external to Nikhef people through my email address.

You can contact me via email: okoeroo apestaartje nikhef punt nl.