Turn a simple socket into an SSL socket

Question

I wrote simple C programs  which are using sockets   client  and  server      UNIX Linux usage   The server side simply creates a socket   sockfd   socket AF INET  SOCK STREAM  0     And then binds it to sockaddr   bind sockfd   struct sockaddr     amp serv addr  sizeof serv addr      And listens  and accepts and reads    listen sockfd 5   newsockfd   accept sockfd   struct sockaddr     amp cli addr   amp clilen   read newsockfd buffer 255     The client creates the socket  and then writes to it   Now  I want to convert this simple connection into an SSL connection  in the plainest  most idyllic  neatest and quickest way     I ve tried to add OpenSSL to my project  but I can t find an easy way to implement what I want

User · Answer

OpenSSL is quite difficult  It s easy to accidentally throw away all your security by not doing negotiation exactly right   Heck  I ve been personally bitten by a bug where curl wasn t reading the OpenSSL alerts exactly right  and couldn t talk to some sites    If you really want quick and simple  put stud in front of your program an call it a day   Having SSL in a different process won t slow you down  http   vincent bernat im en blog 2011-ssl-benchmark html

User · Answer

There are several steps when using OpenSSL  You must have an SSL certificate made which can contain the certificate with the private key be sure to specify the exact location of the certificate  this example has it in the root   There are a lot of good tutorials out there    Some documentation and tools from HP  see chapter 2  Command line for OpenSSL   Some includes    include  lt openssl applink c gt   include  lt openssl bio h gt   include  lt openssl ssl h gt   include  lt openssl err h gt    You will need to initialize OpenSSL   void InitializeSSL         SSL load error strings        SSL library init        OpenSSL add all algorithms       void DestroySSL         ERR free strings        EVP cleanup       void ShutdownSSL         SSL shutdown cSSL       SSL free cSSL       Now for the bulk of the functionality  You may want to add a while loop on connections   int sockfd  newsockfd  SSL CTX  sslctx  SSL  cSSL   InitializeSSL    sockfd   socket AF INET  SOCK STREAM  0   if  sockfd lt  0          Log and Error     return    struct sockaddr in saiServerAddress  bzero  char     amp saiServerAddress  sizeof saiServerAddress    saiServerAddress sin family   AF INET  saiServerAddress sin addr s addr   serv addr  saiServerAddress sin port   htons aPortNumber    bind sockfd   struct sockaddr     amp serv addr  sizeof serv addr     listen sockfd 5   newsockfd   accept sockfd   struct sockaddr     amp cli addr   amp clilen    sslctx   SSL CTX new  SSLv23 server method     SSL CTX set options sslctx  SSL OP SINGLE DH USE   int use cert   SSL CTX use certificate file sslctx    serverCertificate pem    SSL FILETYPE PEM    int use prv   SSL CTX use PrivateKey file sslctx    serverCertificate pem   SSL FILETYPE PEM    cSSL   SSL new sslctx   SSL set fd cSSL  newsockfd      Here is the SSL Accept portion   Now all reads and writes must use SSL ssl err   SSL accept cSSL   if ssl err  lt   0          Error occurred  log and close down ssl     ShutdownSSL        You are then able read or write using   SSL read cSSL   char   charBuffer  nBytesToRead   SSL write cSSL   Hi  3 n   6     Update The SSL CTX new should be called with the TLS method that best fits your needs in order to support the newer versions of security  instead of SSLv23 server method     See  OpenSSL SSL CTX new description     TLS method    TLS server method    TLS client method      These are the general-purpose version-flexible SSL TLS methods  The actual protocol version used will be negotiated to the highest version mutually supported by the client and the server  The supported protocols are SSLv3  TLSv1  TLSv1 1  TLSv1 2 and TLSv1 3

User · Answer

Here my example ssl socket server threads  multiple connection  https   github com breakermind CppLinux blob master QtSslServerThreads breakermindsslserver cpp    include  lt pthread h gt   include  lt stdio h gt   include  lt stdlib h gt   include  lt string gt   include  lt unistd h gt   include  lt iostream gt    include  lt breakermindsslserver h gt   using namespace std   int main int argc  char  argv          BreakermindSslServer boom      boom Start 123   home user c   qt BreakermindServer certificate crt     home user c   qt BreakermindServer private key        return 0

User · Answer

For others like me   There was once an example in the SSL source in the directory demos ssl  with example code in C    Now it s available only via the history  https   github com openssl openssl tree 691064c47fd6a7d11189df00a0d1b94d8051cbe0 demos ssl  You probably will have to find a working version  I originally posted this answer at Nov 6 2015  And I had to edit the source -- not much   Certificates   pem in demos certs apps   https   github com openssl openssl tree master demos certs apps

[c] Turn a simple socket into an SSL socket

Examples related to c

Examples related to linux

Examples related to sockets

Examples related to unix

Examples related to ssl