Turn a simple socket into an SSL socket

by

There are several steps when using OpenSSL. You must have an SSL certificate made which can contain the certificate with the private key be sure to specify the exact location of the certificate (this example has it in the root). There are a lot of good tutorials out there.

Some includes:

#include <openssl/applink.c>
#include <openssl/bio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>

You will need to initialize OpenSSL:

void InitializeSSL()
{
    SSL_load_error_strings();
    SSL_library_init();
    OpenSSL_add_all_algorithms();
}

void DestroySSL()
{
    ERR_free_strings();
    EVP_cleanup();
}

void ShutdownSSL()
{
    SSL_shutdown(cSSL);
    SSL_free(cSSL);
}

Now for the bulk of the functionality. You may want to add a while loop on connections.

int sockfd, newsockfd;
SSL_CTX *sslctx;
SSL *cSSL;

InitializeSSL();
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd< 0)
{
    //Log and Error
    return;
}
struct sockaddr_in saiServerAddress;
bzero((char *) &saiServerAddress, sizeof(saiServerAddress));
saiServerAddress.sin_family = AF_INET;
saiServerAddress.sin_addr.s_addr = serv_addr;
saiServerAddress.sin_port = htons(aPortNumber);

bind(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr));

listen(sockfd,5);
newsockfd = accept(sockfd, (struct sockaddr *) &cli_addr, &clilen);

sslctx = SSL_CTX_new( SSLv23_server_method());
SSL_CTX_set_options(sslctx, SSL_OP_SINGLE_DH_USE);
int use_cert = SSL_CTX_use_certificate_file(sslctx, "/serverCertificate.pem" , SSL_FILETYPE_PEM);

int use_prv = SSL_CTX_use_PrivateKey_file(sslctx, "/serverCertificate.pem", SSL_FILETYPE_PEM);

cSSL = SSL_new(sslctx);
SSL_set_fd(cSSL, newsockfd );
//Here is the SSL Accept portion.  Now all reads and writes must use SSL
ssl_err = SSL_accept(cSSL);
if(ssl_err <= 0)
{
    //Error occurred, log and close down ssl
    ShutdownSSL();
}

You are then able read or write using:

SSL_read(cSSL, (char *)charBuffer, nBytesToRead);
SSL_write(cSSL, "Hi :3\n", 6);

Update
The SSL_CTX_new should be called with the TLS method that best fits your needs in order to support the newer versions of security, instead of SSLv23_server_method(). See:
OpenSSL SSL_CTX_new description

TLS_method(), TLS_server_method(), TLS_client_method().
These are the general-purpose version-flexible SSL/TLS methods. The actual protocol version used will be negotiated to the highest version mutually supported by the client and the server. The supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3.

More Related Contents:

  1. What can cause a “Resource temporarily unavailable” on sock send() command
  2. Connection refused – tcp socket in linux [closed]
  3. How to capture Control+D signal?
  4. How to set socket timeout in C when making multiple connections?
  5. Why does this program print “forked!” 4 times?
  6. In C how do you redirect stdin/stdout/stderr to files when making an execvp() or similar call?
  7. listen() ignores the backlog argument?
  8. Get IP address of an interface on Linux
  9. What does the brk() system call do?
  10. Why does ENOENT mean “No such file or directory”?
  11. Merge multiple .so shared libraries
  12. Why do we cast sockaddr_in to sockaddr when calling bind()?
  13. Re-opening stdout and stdin file descriptors after closing them
  14. Linux: is there a read or recv from socket with timeout?
  15. How do I get a thread ID from an arbitrary pthread_t?
  16. Are there any platforms where using structure copy on an fd_set (for select() or pselect()) causes problems?
  17. How can I convert a file pointer ( FILE* fp ) to a file descriptor (int fd)?
  18. After forking, are global variables shared?
  19. Set environment variables in C
  20. Are file descriptors shared when fork()ing?
  21. Detecting 64bit compile in C
  22. Receiving multiple multicast feeds on the same port – C, Linux
  23. Socketpair() in C/Unix
  24. Problems with SO_BINDTODEVICE Linux socket option
  25. fd leak, custom Shell
  26. Questions about putenv() and setenv()
  27. how to bind raw socket to specific interface
  28. bind socket to network interface
  29. How to use SO_KEEPALIVE option properly to detect that the client at the other end is down?
  30. What is the difference between AF_INET and PF_INET in socket programming?

Leave a Comment