OpenSSL: SSL Client/Server Example
June 23, 2009 | Filed Under Networking | 7 CommentsI’m experimenting a bit with the new iPhone 3.0 SDK, Core Data, Game Kit, Push Notification Service and so on…
I’m using C, so today a little Example of SSL Client/Server written in C using OpenSSL, I’ve written a small wrapper for SSL Socket, and here is How to use it.
/* SERVER CODE
* ==============================
*/
SFSocketGlobalInit(); /* Initialize SSL */
/* Alloc Socket, Initialize SSL and Listen */
SFSocket *socket = SFSocketAlloc();
SFSocketInit(socket, CA_FILE, DH_FILE, KEY_FILE, KEY_PASSWORD, NULL);
SFSocketListen(socket, INADDR_ANY, PORT);
do {
SFSocket *clientSocket;
char buffer[64];
int rdSize;
/* Accept Client Connection */
if ((clientSocket = SFSocketAccept(socket)) == NULL)
break;
/* Read Data from Client */
if ((rdSize = SFSocketRead(clientSocket, buffer, 64 - 1)) > 0) {
buffer[rdSize] = '\0';
printf("Client: %s\n", buffer);
}
/* Write to Client */
strcpy(buffer, "Hello Client!");
SFSocketWrite(clientSocket, buffer, strlen(buffer));
/* Disconnect Client */
SFSocketRelease(clientSocket);
} while (1);
/* Close and Release Socket Resources */
SFSocketRelease(socket);
Above you’ve the simplified server code (without error check!) and below you’ve the client code. The client try to connects to server, send an “Hello” message and the server reply with other greetings.
/* CLIENT CODE
* ==============================
*/
SFSocketGlobalInit(); /* Initialize SSL */
/* Alloc Socket, Initialize SSL */
SFSocket *socket = SFSocketAlloc();
SFSocketInit(socket, CA_FILE, NULL, KEY_FILE, KEY_PASSWORD, NULL);
/* Connect to Host */
SFSocketConnectToHost(socket, HOSTNAME, PORT);
/* Send Message to Server */
char buffer[64];
strcpy(buffer, "Hello from Client!");
SFSocketWrite(socket, buffer, strlen(buffer));
/* Read Message from Server */
if ((rdSize = SFSocketRead(socket, buffer, 64 - 1)) > 0) {
buffer[rdSize] = '\0';
printf("Server: %s\n", buffer);
}
/* Close and Release Socket Resources */
SFSocketRelease(socket);
Remember that you need to generate, at least, the Authority Certificate, Server Certificate and Clients Certificates. and here is How to do it.
- AUTHORITY Certificate:
openssl genrsa -des3 -out ca.key 1024
openssl req -new -x509 -key ca.key -out ca.crt
- SERVER Certificate
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -in server.csr -out server.crt -sha1 \
-CA ca.crt -CAkey ca.key -CAcreateserial
- CLIENT Certificate
openssl genrsa -des3 -out client.key 1024
openssl req -new -key client.key -out client.csr
openssl x509 -req -in client.csr -out client.crt -sha1 \
-CA ca.crt -CAkey ca.key -CAcreateserial
The Full Source Code is Available Here: SSL Client/Server Example Source Code.