 |
cryptlib secure sessions can include SSH, SSL, and TLS sessions, and general
communications sessions can include protocols such as the certificate
management protocol (CMP), simple certificate enrolment protocol (SCEP), real-
time certificate status protocol (RTCS), online certificate status protocol
(OCSP), and timestamping (TSP). As with S/MIME and PGP/OpenPGP envelopes,
cryptlib takes care of the session details for you so that all you need to do
is provide basic communications information such as the name of the server or
host to connect to and any other information required for the session such as
a password or certificate. cryptlib takes care of establishing the session
and managing the details of the communications channel and its security
parameters.
|
|
cryptlib provides both client and server implementations of all session types.
By tying a key or certificate store to the session, you can let cryptlib take
care of any key management issues for you. For example, with an SSH, SSL or
TLS server session cryptlib will use the key/certificate store to authenticate
incoming connections, and with a CMP or SCEP server session cryptlib will use
the certificate store to handle the certificate management process. In this
way a complete CMP-based CA that handles enrolment, certificate update and
renewal, and certificate revocation, can be implemented with only a handful of
function calls.
|
|
Sample code to create an SSL/TLS session is as follows:
CRYPT_SESSION cryptSession;
/* Create the session */
cryptCreateSession( &cryptSession, cryptUser, CRYPT_SESSION_SSL );
/* Add the server name and activate the session */
cryptSetAttributeString( cryptSession, CRYPT_SESSINFO_SERVER_NAME, serverName, serverNameLength );
cryptSetAttribute( cryptSession, CRYPT_SESSINFO_ACTIVE, 1 );
The corresponding SSL/TLS server is:
CRYPT_SESSION cryptSession;
/* Create the session */
cryptCreateSession( &cryptSession, cryptUser, CRYPT_SESSION_SSL_SERVER );
/* Add the server key/certificate and activate the session */
cryptSetAttribute( cryptSession, CRYPT_SESSINFO_PRIVATEKEY, privateKey );
cryptSetAttribute( cryptSession, CRYPT_SESSINFO_ACTIVE, 1 );
That's all that's necessary (you can copy this code directly into your
application to SSL-enable it).
|
