[One of open source projects]
The first information security system of open source world -OpenSSL in the world of Open Source, in addition to the household name Linux and MySQL, PHP, etc., I am afraid that the number OpenSSL is most famous. In recent years, people who study and develop OpenSSL are not in a small number, even many companies have also begun to "suck" open source software. I also encountered SSL when a company did safety project, and the line of sight could not help but turn to OpenSSL. The following is some of my opinion and understanding of OpenSSL. The OpenSSL project is a cooperative security project. Its goal is to develop a robust, commercial, complete open source toolkit, with powerful encryption algorithms to achieve secure Sockets (SSL V2 / V3) with powerful encryption algorithms (Secure Sockets Layer, SSL V2 / V3 ) And the safety of the transport layer (Transport Layer Security, TLS V1). It contains a complete encryption algorithm, digital signature algorithm and certificate algorithm. It is possible to ensure complete, confidentiality and correctness of the data. OpenSSL can be in a commercial use, but the user should consider whether the algorithm they use is limited by the patent. For example: RSA Data Security has patents for RSA and RC5 algorithms in the US and Japan. You must contact RSA Data Security to get a license regulation. Its homepage is: http://www.rsa.com/. RC4 is a trademark of RSA Data Security, using this flag must be licensed by RSA Data Security. Idea algorithm in Australia, France, Germany, Italy, Japan, Netherlands, Spain, Sweden, Switzerland, UK and the United States are protected by patent protection. If you want to use this algorithm, you must get a license, whose homepage is: http://www.ascom.ch/. OpenSSL is a library, its current version is 0.96 You can download the nearest installer and source code from http://www.openssl.org. It provides encrypted features for applications such as a safe web server. OpenSSL has a complete document and a reference manual (in the OpenSSL (1) man page, you have a description. The documentation used by the developer is writing. There are several manual pages that can be used; LibCrypto and LibssL library Overview Overview in Crypto 3) The .openssl man page is installed in / usr / local / ssl / man) in the manual page of SSL (3). If you are safely developed under Linux, you may easily install it successfully. If you develop with VC, C Builder under Windows, the configuration is relatively annoying, and the reference materials are relatively less. Please read it carefully when you use it. The install file explains how to install this library. OpenSSL contains a command line tool that can be used to perform encryption. And contain a large number of sample programs, these examples provide help for beginners. In the OpenSSL library, similar APIs mimic the traditional socket call, use the SSL context object instead of the file descriptor. For example, the traditional write sleeve is called with the following features: size_t write (int file_descriptor, void * buf, size_t len) OpenSSL Change the type of each parameter, but the semantics of each parameter constant: int SSL_WRITE (SSL * Socket_INFO, Char * BUF, INT LEN
In fact, other types of all types and initial calls are compatible in addition to the SSL object. Ideally, developers can make smaller modifications to the program, simply add some code to initialize the SSL context from the file descriptor. Of course, OpenSSL still has some problems, such as: Developers want to write a lot of additional code to make OpenSSL work in multithreaded environments. In fact, in order to integrate this library into the code, most developing organizations cost more energy than they expect, and the results may be confusing. Fortunately, Stunnel appeared. It can seamlessly add encryption functionality to the network connection without messing your original code segment. Stunnel is a program that can encrypt any TCP session using the OpenSSL library. It can operate as the server outside the program. Of course, Stunnel requires OpenSSL installed. Today, StuUnel has been transplanted to the Windows operating system and most UNIX platforms. Reference OpenSSL Official Website: www.openssl.org You can get Stunnel / China Unix: www.chinaunix.net wSSL Professional Forum: OpenSSL.126.com
