9.2. Creating an SSL Server
Problem
You want to write a network server that can accept SSL connections from clients.
Solution
Creating a server that speaks SSL is not that different from creating
a client that speaks SSL (see Recipe 9.1). A small amount of
additional setup work is required for servers. In particular, you
need to create an spc_x509store_t
object (see
Recipe 10.5) with a certificate and a private key. The information
contained in this object is sent to clients during the initial
handshake. In addition, the
SPC_X509STORE_USE_CERTIFICATE
flag needs to be set
in the spc_x509store_t
object. With the
spc_x509store_t
created, calls need to be made to
create the listening BIO
object, put it into a
listening state, and accept new connections. (See Recipe 9.1 for a
brief discussion regarding BIO
objects.)
Discussion
Once an spc_x509store_t
object has been created
and fully initialized, the first step in creating an SSL server is to
call spc_listen( )
. The hostname may be specified as
NULL
, which indicates that the created socket
should be bound to all interfaces. Anything else should be specified
in string form as an IP address for the interface to bind to. For
example, “127.0.0.1” would cause
the server BIO
object to bind only to the local
loopback interface.
#include <stdlib.h> #include <string.h> #include <openssl/bio.h> #include <openssl/ssl.h> BIO *spc_listen(char *host, int port) { BIO *acpt = 0; int addr_length; char *addr; if (port < 1 || port > 65535) return 0; if (!host) ...
Get Secure Programming Cookbook for C and C++ now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.