SSL socket

hello

I'm supposed to create a SSL socket. I googled a lot and found out that I have two ways:

1- use openSSL library
2- use windows' winsock

and I want to use socket (second way). I found this link:

http://msdn.microsoft.com/en-us/library/aa916117.aspx

but it's in Windows CE. how can I set my socket to SSL and then, get & accept certificate?

thank you very much

yours sincerely
LVL 17
CSecurityAsked:
Who is Participating?
 
jkrCommented:
If you want to use Windows APIs, I'd suggest taking a look at http://www.codeproject.com/KB/IP/ssl_sockets.aspx ("SSL : Convert your Plain Sockets to SSL Sockets in an Easy Way") which comes with full source code and explains that quite well. However, I'd really recommend going the OpenSSL way, since this is the more universal approach. See http://www.linuxjournal.com/article/4822 ("An Introduction to OpenSSL Programming, Part I of II") - even thiugh this article addresses Linux, the code applies to Windows as well.
0
 
CSecurityAuthor Commented:
oh!
I think I should use setsockopt and WSAIoctl functions but dunno how

regards
0
 
CSecurityAuthor Commented:
thank you jkr
I'll check it out and tell ya tomorrow :)

regards
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
CSecurityAuthor Commented:
sorry for delay :D

well, I'll do it in openSSL but your link was not good openSSL example :(
can you give me a nice one? :D

regards
0
 
CSecurityAuthor Commented:
I actually want to develop an IRC client that supports SSL.

I used openSSL, as you did recommend. I googled and found a code. in this function, SSL_get_verify_result does not return X509_V_OK.

I  think I have problem with SSL_CTX_load_verify_locations function. dunno how to use that.

any idea?

thank you very much
best regards
BIO* connect_encrypted(char* host_and_port, char* store_path, char store_type, SSL_CTX** ctx, SSL** ssl) {  
  
    BIO* bio = NULL;  
    int r = 0;  
  
    /* Set up the SSL pointers */  
    *ctx = SSL_CTX_new(SSLv23_client_method());  
    *ssl = NULL;  
  
    /* Load the trust store from the pem location in argv[2] */  
    //r = SSL_CTX_load_verify_locations(*ctx, store_path, "server.req.pem");
	if (store_type == 'f')  
        r = SSL_CTX_load_verify_locations(*ctx, store_path, NULL);  
    else  
        r = SSL_CTX_load_verify_locations(*ctx, NULL, store_path);
    if (r == 0) {  
  
        print_ssl_error_2("Unable to load the trust store from %s.\n", store_path, stdout);  
        return NULL;  
    }  
  
    /* Setting up the BIO SSL object */  
    bio = BIO_new_ssl_connect(*ctx);  
    BIO_get_ssl(bio, ssl);  
    if (!(*ssl)) {  
  
        print_ssl_error("Unable to allocate SSL pointer.\n", stdout);  
        return NULL;  
    }  
    SSL_set_mode(*ssl, SSL_MODE_AUTO_RETRY);  
  
    /* Attempt to connect */  
    BIO_set_conn_hostname(bio, host_and_port);  
  
    /* Verify the connection opened and perform the handshake */  
    if (BIO_do_connect(bio) < 1) {  
  
        print_ssl_error_2("Unable to connect BIO.%s\n", host_and_port, stdout);  
        return NULL;  
    }  
  
 	if (SSL_get_verify_result(*ssl) != X509_V_OK) {  
  
        printf("Error: %s\n", ERR_reason_error_string(ERR_get_error()));
		print_ssl_error("Unable to verify connection result.\n", stdout);  
    }  
  
    return bio;  
}

Open in new window

0
 
jkrCommented:
Do you have valid SSL certificates installed on yout test machines?
0
 
CSecurityAuthor Commented:
no. I want to add UnrealIRCd's certificate that is IRC chat server and it's certificate is self-signed. so, my problem is how to add self-signed certificate?

thank you
0
 
jkrCommented:
Take a look at http://devsec.org/info/ssl-cert.html ("Simple SSL cert HOWTO") which shows you how to create and install OpenSSL certificates - at least it worked for me ;o)

BTW, I admit that these K&R-style OpenSSL samples are hard to read, but they're the base to every sample out there on the net. Yet if you prefer a more C++ like way, take a look at boost's SSL:

http://www.boost.org/doc/libs/1_36_0/doc/html/boost_asio/overview/ssl.html
http://www.boost.org/doc/libs/1_40_0/doc/html/boost_asio/example/ssl/client.cpp
http://www.boost.org/doc/libs/1_40_0/doc/html/boost_asio/example/ssl/server.cpp
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.