Wednesday, June 5, 2013

OpenSSL vs the Me

I have been working on openSSL integration for some time. And its been quite some experience. I knew openSSL by name only. I was aware of SSL certificates - you know how sometimes things fail when you get some invalid certificate error.
So I have learned a lot about both OpenSSL and authentication. I have also learned about public key encryption. But this has not been easy. I got stuck at almost every step.
The problem was OpenSSL looks easy to use and as long as you are generating some certificates and using them with your web hosts. Look towards integration with existing software and then you need to take some easy chill pill.
Basically I didn't even wanted to touch openSSL. I wanted to use Qt's inbuilt openSSL support and be done with it. But the requirements changed midway and Qt just couldn't extend far enough. I tried everything till inheriting QSslCertificate but it just wasn't designed to serve our requirement.
So after going through some OpenSSL research I decided to bite the bullet and went for it. That meant I needed to build openssl with my setup. Thankfully I got hold of a good tutorial which asked me to install perl and then after a few steps my openssl was ready. Next I created a sample certificate and went about reading it. Here I hit a wall. Since openssl integration is a rare thing, there are so few pointers out on the net. But after struggling around for a few days I finally picked up a few pieces here n there and made them work together to read my sample certificate.
After getting there I integrated my existing authentication code to it and made that work together.
You must be thinking, wow! He has done it. But that's just the first half. Since I wanted almost no human interaction I had to create a program to generate the certificate as well. There I hit few more snags. But after some time I even got that to work. But by then the requirement has changed again and so that invalidated my code.
So now I am stuck where I have the certificate creator and authenticator working properly but the reader isn't able to read the generated certificate. I know few more hours of headbang is going to solve this too. But just so you know, openssl sucks! C n C++ suck even more. But I'm happy fighting!

No comments:

Post a Comment