OpenSSL programming (Part 1) Eric Rescorlartfm, Inc.EKR@rtfm.comVersion 1.0: October 5, 20011 Introduction to Protecting a TCP-based network program is the fastest-easier way to use SSL. If you use C work, then your best choice may use OpenSSL (URL: http://www.openssl.org). OpenSSL is an SSL / TLS execution tool on an Eric Yongs-based SSLAY package. Unfortunately, the documentation and sample code released by OpenSSL is far less than worth looking forward to. In the existing document, the man page is very good, but they have lack big pictures because the manual page is just used as a reference instead of a guide. We offer an introduction to OpenSSL programming. The OpenSSL API is very large and complicated, so we don't want to provide a comprehensive description of a coverage. However, I hope to teach you how to use the manual to make the work more effectively. In this section, the first two sections, we will generate a simple web client and server team to demonstrate the basic features of OpenSSL. In the second part, we introduce some advanced features, such as Session's recovery and customer authentication. We assume that you are already familiar with SSL and HTTP or at least this concept. If not, please start with RFCS (Refer to this section) 2 Source code Due to space limitations, this section contains only the excerpt of the source code. Complete machine readable format Source code can be found on the author's website. Our program Our client is a simple HTTPS (see RFC2818) client, Initialize a SSL connection to the server, then transmit HTTP requests on this connection, waiting for the server feedback and display it on the screen. This is a very simple function in the program. The server-side program is a simple HTTPS server waiting to connect from the client TCP connection. When a connection is accepted, it is connected via an SSL connection. Once this connection is established, it starts to read the client's HTTP request, then transfer HTTP feedback to the client. Once the feedback is transmitted, this connection will be turned off. 3.1 Context Initialization Our First Task is to set a context object (SSL_CTX). This context object creates a new connection object for each SSL connection. And that these connection objects are used to perform SSL handshake, read and write operations. This method has two advantages. First, the object of this context allows the structure to initialize once to improve performance. In most applications, each SSL connection will use the same report information, a certificate (CA) list, and the like. Instead of loading this information for each connection, we are simply loaded into the context object when the program starts. The second advantage of only one context is to allow multiple SSL connections to share data, such as SSL session cache is used to restore sessions. Context initialization contains four basic tasks, all tasks are executed in the initialize_ctx () function.
