SSL socket

hello

I'm supposed to create a SSL socket. I googled a lot and found out that I have two ways:

1- use openSSL library
2- use windows' winsock

and I want to use socket (second way). I found this link:

http://msdn.microsoft.com/en-us/library/aa916117.aspx

but it's in Windows CE. how can I set my socket to SSL and then, get & accept certificate?

thank you very much

yours sincerely
LVL 17
CSecurityAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CSecurityAuthor Commented:
oh!
I think I should use setsockopt and WSAIoctl functions but dunno how

regards
0
jkrCommented:
If you want to use Windows APIs, I'd suggest taking a look at http://www.codeproject.com/KB/IP/ssl_sockets.aspx ("SSL : Convert your Plain Sockets to SSL Sockets in an Easy Way") which comes with full source code and explains that quite well. However, I'd really recommend going the OpenSSL way, since this is the more universal approach. See http://www.linuxjournal.com/article/4822 ("An Introduction to OpenSSL Programming, Part I of II") - even thiugh this article addresses Linux, the code applies to Windows as well.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CSecurityAuthor Commented:
thank you jkr
I'll check it out and tell ya tomorrow :)

regards
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

CSecurityAuthor Commented:
sorry for delay :D

well, I'll do it in openSSL but your link was not good openSSL example :(
can you give me a nice one? :D

regards
0
CSecurityAuthor Commented:
I actually want to develop an IRC client that supports SSL.

I used openSSL, as you did recommend. I googled and found a code. in this function, SSL_get_verify_result does not return X509_V_OK.

I  think I have problem with SSL_CTX_load_verify_locations function. dunno how to use that.

any idea?

thank you very much
best regards
BIO* connect_encrypted(char* host_and_port, char* store_path, char store_type, SSL_CTX** ctx, SSL** ssl) {  
  
    BIO* bio = NULL;  
    int r = 0;  
  
    /* Set up the SSL pointers */  
    *ctx = SSL_CTX_new(SSLv23_client_method());  
    *ssl = NULL;  
  
    /* Load the trust store from the pem location in argv[2] */  
    //r = SSL_CTX_load_verify_locations(*ctx, store_path, "server.req.pem");
	if (store_type == 'f')  
        r = SSL_CTX_load_verify_locations(*ctx, store_path, NULL);  
    else  
        r = SSL_CTX_load_verify_locations(*ctx, NULL, store_path);
    if (r == 0) {  
  
        print_ssl_error_2("Unable to load the trust store from %s.\n", store_path, stdout);  
        return NULL;  
    }  
  
    /* Setting up the BIO SSL object */  
    bio = BIO_new_ssl_connect(*ctx);  
    BIO_get_ssl(bio, ssl);  
    if (!(*ssl)) {  
  
        print_ssl_error("Unable to allocate SSL pointer.\n", stdout);  
        return NULL;  
    }  
    SSL_set_mode(*ssl, SSL_MODE_AUTO_RETRY);  
  
    /* Attempt to connect */  
    BIO_set_conn_hostname(bio, host_and_port);  
  
    /* Verify the connection opened and perform the handshake */  
    if (BIO_do_connect(bio) < 1) {  
  
        print_ssl_error_2("Unable to connect BIO.%s\n", host_and_port, stdout);  
        return NULL;  
    }  
  
 	if (SSL_get_verify_result(*ssl) != X509_V_OK) {  
  
        printf("Error: %s\n", ERR_reason_error_string(ERR_get_error()));
		print_ssl_error("Unable to verify connection result.\n", stdout);  
    }  
  
    return bio;  
}

Open in new window

0
jkrCommented:
Do you have valid SSL certificates installed on yout test machines?
0
CSecurityAuthor Commented:
no. I want to add UnrealIRCd's certificate that is IRC chat server and it's certificate is self-signed. so, my problem is how to add self-signed certificate?

thank you
0
jkrCommented:
Take a look at http://devsec.org/info/ssl-cert.html ("Simple SSL cert HOWTO") which shows you how to create and install OpenSSL certificates - at least it worked for me ;o)

BTW, I admit that these K&R-style OpenSSL samples are hard to read, but they're the base to every sample out there on the net. Yet if you prefer a more C++ like way, take a look at boost's SSL:

http://www.boost.org/doc/libs/1_36_0/doc/html/boost_asio/overview/ssl.html
http://www.boost.org/doc/libs/1_40_0/doc/html/boost_asio/example/ssl/client.cpp
http://www.boost.org/doc/libs/1_40_0/doc/html/boost_asio/example/ssl/server.cpp
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
C

From novice to tech pro — start learning today.