NetBurner Community Forum

I admit I know little about encryption. As I understand it though, my SB70LC uses encryption (via the paid NB crypto libraries) to talk to public email servers. My question: When I call SSL_SendMail(), does it verify the email servers' certificates via various Certificate Authority (CA) servers? If so, won't these CAs change over the years? If so, are they automatically updated somehow within the SB70LC such that it can use future ones?

The only example I have of this is that my web browser has a list of trusted CAs. Many years from now, I assume some of these will no longer be valid. Does the SB70LC have such an issue that I need to address so that my product will work well into the future?

Do you want to be permissive or secure?
You can choose to not authenticate CA's or you can manage a list of CA's.

The choice is in how you choose to compile the SSL/TLS library.....
Are you using a stock netburner code build?
If you can be specific about which one, I can answer for that stock firmware...

I assume "permissive" means not to authenticate servers via CAs, whereas "secure" means authenticating them. That is, the connection is encrypted no matter what, but without authentication of the server, I really don't know to whom I am connecting.

I honestly never thought of the certificates before as I used the NB cryptography library (NB-CL) as it was out of the box. So, I guess you've already answered my questions: The NB-CL does not verify the server via certificates out of the box, but can if it's configured to do so during compilation. If I configure it to check the server's identity during compilation, I'll have to write some mechanism to maintain certificates/CAs on the SB70LC for future CA changes.

Does this sound correct?

Yes your understanding is exactly correct,..

Thank you!

For future readers: Apparently, my version of NB-CL (v2.5.3) does try to at least find the signature in a server's certificate by default.