Home > Archive > Tcl > November 2007 > example for tls please
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
example for tls please
|
|
| Michael Reichenbach 2007-11-20, 10:18 pm |
| The short story: examples for tcl with server and client are very rare.
If you want to help me you could write or direct me to a short client to
server example.
Now the long story...
It`s just about communicating from one client to server. I already did
create two different self signed certificates.
I did also not set up a password, I don`t see need for. Because if
someone is getting access to the server/client and steals the
certificates then the security is broken so or so. A password stored in
plaintext would not help also. But maybe I did also misunderstand how
ssl works.
Certificate authority files would be overkill in my situation and just
make it unnecessary complicated. http://www.sensus.org/tcl/tls.htm also
does not say them are a must. I think standard webbrowsers come with
some certificate authority files, for example if the client connects to
an encrypted website the browser will ask the ca first if the
certificate of the encrypted website is valid. But if I got it right,
then ssl connections can be also secure without a web of trust and with
just checking the sha1 hash (the way I wanted to do it).
Tested it on localhost first with two different tclsh console. This
worked before for standard sockets fine.
servercode:
set socket [tls::socket -server on_connect -require 1 -certfile
server.crt 3000]
error: peer did not return a certificate.
clientcode:
set socket [tls::socket -certfile client.crt 127.0.0.1 3000]
error: software caused connection abort
| |
| Pat Thoyts 2007-11-21, 8:13 am |
| Michael Reichenbach <Reichenbach@discardmail.com> writes:
>The short story: examples for tcl with server and client are very
>rare. If you want to help me you could write or direct me to a short
>client to server example.
There is a simple sample on the wiki: http://wiki.tcl.tk/9414
For a larger sample, the tcllib SMTPD server supports SSL connections.
There is a demo in the tcllib/examples/smtpd directory
CA files are required if you want to validate a certificate and the
server most likely needs one. For the simplest case the server needs a
certificate pair and the client doesn't.
--
Pat Thoyts http://www.patthoyts.tk/
To reply, rot13 the return address or read the X-Address header.
PGP fingerprint 2C 6E 98 07 2C 59 C8 97 10 CE 11 E6 04 E0 B9 DD
|
|
|
|
|