Eric Rescorla RTFM, Inc. firstname.lastname@example.org Version 1.0: October 5, 2001
The quickest and easiest way to secure a TCP-based network application is with SSL. If you’re working in C, your best choice is probably to use OpenSSL, (the web site is at http://www.openssl.org/). OpenSSL is a free (BSD-style license) implementation ofSSL/TLS based on Eric Young’s SSLeay package. Unfortunately, the documentation and sample code distributed with OpenSSL leaves something to be desired. Where they exist, the manual pages are pretty good, but they often miss the big picture, as manual pages are intended as a reference, not a tutorial. We provide an introduction to OpenSSL programming. The OpenSSL API is vast and complicated so wedon’t attempt to provide anything like complete coverage. Rather, the idea is to teach you enough to work effectively from the manual pages. In this article, the ﬁrst of two, we build a simple Web client and server pair that demonstrates the basic features of OpenSSL. In the second article we introduce a number of advanced features, such as session resumption and client authentication. We assumethat you’re already familiar with SSL and HTTP at least at a conceptual level. If you’re not, a good place to start is with the RFCs (see the end of this article for references).
For space reasons, this article only includes excerpts from the source code. The complete source code is available in machine-readable format from the author’s web site athttp://www.rtfm.com/openssl-examples/
Our client is a simple HTTPS (see RFC 2818) client. It initiates an SSL connection to the server and then transmits an HTTP request over that connection. It then waits for the response from the server and prints it to the screen. This is a vastly simpliﬁed version of the functionality found in programs like fetch and cURL. The server program is a simpleHTTPS server. It waits for TCP connections from clients. When it accepts one it negotiates an SSL connection. Once the connection is negotiated, it reads the client’s HTTP request. It then transmits the HTTP response to the client. Once the response is transmitted it closes the connection.
Our ﬁrst task is to set up a context object (an SSL_CTX). This contextobject is then used to create a new connection object for each new SSL connection. It is these connection objects which are used to do SSL handshakes, reads, and writes. This approach has two advantages. First, the context object allows many structures to be initialized only once, improving performance. In most applications, every SSL connection will use
This article is Copyright © 2001 EricRescorla. It may be redistributed for any purpose and without fee provided that this notice is retained. An earlier version of this article ﬁrst appeared in the September 2001 issue of Linux Journal.
the same keying material, certiﬁcate authority (CA) list, etc. Rather than reloading this material for every connection, we simply load it into the context object at program startup. When we wish tocreate a new connection, we can simply point that connection to the context object. The second advantage of having a single context object is that it allows multiple SSL connections to share data, such as the SSL session cache used for session resumption. Context initialization consists of four primary tasks, all performed by the initialize_ctx() function, shown in Figure 1.
42 43 44 45 46 47 4849 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 } return ctx; /* Load the CAs we trust*/ if(!(SSL_CTX_load_verify_locations(ctx, CA_LIST,0))) berr_exit("Ca’t read CA list"); #if (OPENSSL_VERSION_NUMBER < 0x0090600fL) SSL_CTX_set_verify_depth(ctx,1); #endif pass=password; SSL_CTX_set_default_passwd_cb(ctx, password_cb);...