SSL/TLS Programming. sslclient.c. /* A simple SSL client. It connects and then forwards data from/to the terminal to/from the server */



Similar documents
Angels (OpenSSL) and D(a)emons. Athula Balachandran Wolfgang Richter

Security OpenSSL SSL. Roberta Daidone.

Programming OpenSSL. The Server Perspective. by Sean Walton. Copyright 2001 Sean Walton

Netzwerksicherheit Übung 6 SSL/TLS, OpenSSL

Writing a C-based Client/Server

Shteryana Shopova, Programming with OpenSSL and libcrypto in examples

Implementing Network Software

BSD Sockets Interface Programmer s Guide

Introduction to Socket programming using C

Overview. Socket Programming. Using Ports to Identify Services. UNIX Socket API. Knowing What Port Number To Use. Socket: End Point of Communication

openssl egg Bindings to the OpenSSL SSL/TLS library Extension for Chicken Scheme Version Thomas Chust

An Implementation of CASP A Technology Independent Lightweight Signaling Protocol

Lecture 3 Programming with OpenSSL

System calls. Problem: How to access resources other than CPU

NS3 Lab 1 TCP/IP Network Programming in C

Lab 4: Socket Programming: netcat part

Socket Programming. Kameswari Chebrolu Dept. of Electrical Engineering, IIT Kanpur

Lecture 17. Process Management. Process Management. Process Management. Inter-Process Communication. Inter-Process Communication

TCP/IP - Socket Programming

Network Programming with Sockets. Anatomy of an Internet Connection

Hardware Prerequisites Atmel SAM W25 Xplained Pro Evaluation Kit Atmel IO1 extension Micro-USB Cable (Micro-A / Micro-B)

NetSec Exercise 8 Communication Mixes

Porting applications & DNS issues. socket interface extensions for IPv6. Eva M. Castro. ecastro@dit.upm.es. dit. Porting applications & DNS issues UPM

Quick Note 040. Create an SSL Tunnel with Certificates on a Digi TransPort WR router using Protocol Switch.

Tutorial on Socket Programming

METU Department of Computer Engineering

Socket Programming. Srinidhi Varadarajan

VPN Gateway Research in Wireless Network Based on SSL Technology

OpenSSL. Version January 28, 2010

Networks. Inter-process Communication. Pipes. Inter-process Communication

Cloud Services. Introduction...2 Overview...2 Simple Setup...2

Cloud Services. Introduction...2 Overview...2. Security considerations Installation...3 Server Configuration...4

OpenSSL: Secure Communication

Best practices in IPv6 enabled networking software development.

IPv6 Enabling CIFS/SMB Applications

Socket Programming in C/C++

Elementary Name and Address. Conversions

Quick Note 041. Digi TransPort to Digi TransPort VPN Tunnel using OpenSSL certificates.

UNIX. Sockets. mgr inż. Marcin Borkowski

Packet Sniffing and Spoofing Lab

SSL Peach Pit User Guide. Peach Fuzzer, LLC. Version

AT12181: ATWINC1500 Wi-Fi Network Controller - AP Provision Mode. Introduction. Features. Atmel SmartConnect APPLICATION NOTE

UNIX Sockets. COS 461 Precept 1

Introduction to Socket Programming Part I : TCP Clients, Servers; Host information

How To Write On A Non-Blocking File On A Thumbtongue (Windows) (Windows 2) (Macintosh) (Amd64) (Apple) (Powerpoint) (Networking) (Unix) (Program) (

Programmation Systèmes Cours 9 UNIX Domain Sockets

INTRODUCTION UNIX NETWORK PROGRAMMING Vol 1, Third Edition by Richard Stevens

ICT SEcurity BASICS. Course: Software Defined Radio. Angelo Liguori. SP4TE lab.

ELEN 602: Computer Communications and Networking. Socket Programming Basics

Unix Network Programming

Crypto Lab Public-Key Cryptography and PKI

SSL Tunnels. Introduction

Sun Java System Web Server 6.1 Using Self-Signed OpenSSL Certificate. Brent Wagner, Seeds of Genius October 2007

Networks class CS144 Introduction to Computer Networking Goal: Teach the concepts underlying networks Prerequisites:

Avoid the SSLippery Slope of Default SSL

IIS 6.0SSL Certificate Deployment Guide

The POSIX Socket API

Configuring iplanet 6.0 Web Server For SSL and non-ssl Redirect

UNICORE UFTPD server UNICORE UFTPD SERVER. UNICORE Team

Generating and Installing SSL Certificates on the Cisco ISA500

Client / Server Programming with TCP/IP Sockets

Socket Programming. Request. Reply. Figure 1. Client-Server paradigm

Apache, SSL and Digital Signatures Using FreeBSD

University of Amsterdam

Programming With Sockets 2

Verify LDAP over SSL/TLS (LDAPS) and CA Certificate Using Ldp.exe

Enterprise SSL Support

AVR32753: AVR32 UC3 How to connect to an SSL-server. 32-bit Microcontrollers. Application Note. Features. 1 Introduction

How to Configure Web Authentication on a ProCurve Switch

webmethods Certificate Toolkit

Secure Network Server Programming on Unix

LAB :: Secure HTTP traffic using Secure Sockets Layer (SSL) Certificate

CS 213, Fall 2000 Lab Assignment L5: Logging Web Proxy Assigned: Nov. 28, Due: Mon. Dec. 11, 11:59PM

Creating Certificate Authorities and self-signed SSL certificates

Domain Name System (1)! gethostbyname (2)! gethostbyaddr (2)!

Steps to configure SiteMinder Policy Server to connect to CA Directory using LDAPS

Learning Network Security with SSL The OpenSSL Way

LAB :: Secure HTTP traffic using Secure Sockets Layer (SSL) Certificate

Elementary Name and Address Conversions

CSE 333 SECTION 6. Networking and sockets

Using etoken for SSL Web Authentication. SSL V3.0 Overview

DESIGN AND IMPLEMENT AND ONLINE EXERCISE FOR TEACHING AND DEVELOPMENT OF A SERVER USING SOCKET PROGRAMMING IN C

Update Instructions

MatrixSSL Developer s Guide

IT304 Experiment 2 To understand the concept of IPC, Pipes, Signals, Multi-Threading and Multiprocessing in the context of networking.

HP OpenView Adapter for SSL Using Radia

VMCI Sockets Programming Guide VMware ESX/ESXi 4.x VMware Workstation 7.x VMware Server 2.0

Apache Security with SSL Using Ubuntu

Kernel Intrusion Detection System

Concurrent Server Design Alternatives

How do I use Push Notifications with ios?

Generalised Socket Addresses for Unix Squeak

KMIP installation Guide. DataSecure and KeySecure Version SafeNet, Inc

Ciphermail Gateway Separate Front-end and Back-end Configuration Guide

WebLogic Server 6.1: How to configure SSL for PeopleSoft Application

An Introductory 4.4BSD Interprocess Communication Tutorial

How To Configure Virtual Host with Load Balancing and Health Checking

Configuring HTTPs Connection in SAP PI 7.10

Cisco Expressway Certificate Creation and Use

Transcription:

SSL/TLS Programming sslclient.c /* A simple SSL client. It connects and then forwards data from/to the terminal to/from the server */ #define CA_LIST "root.pem" #define ServerHOST "deneb" #define RANDOM "random.pem" #define PORT 10101 #define ClientKEYFILE "client.pem" #define ClientPASSWORD "oducsc" int main (argc,argv) int argc; char **argv BIO *sbio; int sock; /* Build our SSL context*/ ctx = initialize_ctx (ClientKEYFILE, ClientPASSWORD); /* Connect the TCP socket*/ sock = tcp_connect (); /* Connect the SSL socket */ ssl = SSL_new (ctx); sbio = BIO_new_socket (sock, BIO_NOCLOSE); SSL_set_bio (ssl, sbio, sbio); SSL_connect (ssl); check_cert_chain (ssl, ServerHOST);

/* read and write */ read_write (ssl, sock); int tcp_connect () /* struct hostent *hp; struct sockaddr_in addr; int sock; hp = gethostbyname (ServerHOST); memset (&addr,0,sizeof(addr)); addr.sin_addr = *(struct in_addr*)hp->h_addr_list[0]; addr.sin_family = AF_INET; addr.sin_port = htons(serverport); sock = socket(af_inet,sock_stream,ipproto_tcp); connect (sock, (struct sockaddr *)&addr, sizeof(addr); return sock; Read from the keyboard and write to the server Read from the server and write to the keyboard */ void read_write (ssl, sock) int r, c2sl=0; int shutdown_wait=0; char c2s[bufsizz], s2c[bufsizz]; while (1) /* Check for input on the console*/ c2sl = read (0, c2s, BUFSIZZ); if (c2sl == 0 ) goto end;

/* If we've got data to write then try to write it*/ SSL_write (ssl, c2s, c2sl); /* Now check if there's data to read */ do r = SSL_read (ssl, s2c, BUFSIZZ); switch (SSL_get_error (ssl, r) ) case SSL_ERROR_NONE: fwrite (s2c, 1, r, stdout); break; case SSL_ERROR_ZERO_RETURN: /* End of data */ goto end; break; default: berr_exit("ssl read problem"); while ( SSL_pending (ssl) ); /* end of while (1) */ end: SSL_shutdown (ssl); SSL_free (ssl); close (sock); return; common.c SSL_CTX *initialize_ctx (keyfile, password) char *keyfile; char *password; SSL_METHOD *meth; if (!bio_err)

/* Global system initialization*/ SSL_library_init (); SSL_load_error_strings (); /* An error write context */ bio_err = BIO_new_fp (stderr, BIO_NOCLOSE) /* Create our context*/ meth = SSLv3_method (); ctx = SSL_CTX_new (meth); /* Load our keys and certificates*/ SSL_CTX_use_certificate_file ( ctx, keyfile, SSL_FILETYPE_PEM); pass = password; SSL_CTX_set_default_passwd_cb (ctx, password_cb); SSL_CTX_use_PrivateKey_file (ctx, keyfile, SSL_FILETYPE_PEM); /* Load the CAs we trust*/ SSL_CTX_load_verify_locations (ctx, CA_LIST,0); SSL_CTX_set_verify_depth (ctx,1); SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback); /* Load randomness */ RAND_load_file (RANDOM,1024*1024); return ctx; int verify_callback (int ok, X509_STORE_CTX *store) char data[256]; /* if (ok) /* to debug */ if (!ok) X509 *cert = X509_STORE_CTX_get_current_cert(store); int depth = X509_STORE_CTX_get_error_depth(store); int err = X509_STORE_CTX_get_error(store); fprintf(stderr, "-Error with certificate at depth: %i\n", depth); X509_NAME_oneline(X509_get_issuer_name(cert), data, 256);

fprintf(stderr, " issuer = %s\n", data); X509_NAME_oneline(X509_get_subject_name(cert), data, 256); fprintf(stderr, " subject = %s\n", data); fprintf(stderr, " err %i:%s\n", err, X509_verify_cert_error_string(err) ); return ok; /* Check that the common name matches the host name*/ void check_cert_chain (ssl, host) char *host; X509 *peer; char peer_cn[256]; if ( SSL_get_verify_result (ssl)!= X509_V_OK ) berr_exit ("Certificate doesn't verify"); /*Check the common name*/ peer = SSL_get_peer_certificate (ssl); X509_NAME_get_text_by_NID ( X509_get_subject_name (peer), NID_commonName, peer_cn, 256); if (strcasecmp (peer_cn, host)) err_exit ("Common name doesn't match host name"); sslserver.c /* A multiprocess SSL server */ #define ServerKEYFILE "server.pem" #define ClientPASSWORD "oducsc" #define DHFILE "dh1024.pem"

#define CA_LIST "root.pem" #define ClientHOST "vega" #define RANDOM "random.pem" #define ServerPORT 10101 int main (argc,argv) int argc; char **argv; int sock,s; BIO *sbio; int r; pid_t pid; /* Build our SSL context*/ ctx = initialize_ctx (ServerKEYFILE, ServerPASSWORD); load_dh_params (ctx, DHFILE); generate_eph_rsa_key (ctx); sock = tcp_listen (); while (1) s = accept (sock, 0, 0); sbio = BIO_new_socket (s, BIO_NOCLOSE); ssl = SSL_new(ctx); SSL_set_bio (ssl, sbio, sbio); SSL_accept (ssl); check_cert_chain (ssl, ClientHOST); echo (ssl); int tcp_listen () int sock; struct sockaddr_in sin;

sock = socket (AF_INET,SOCK_STREAM,0); memset (&sin,0,sizeof(sin)); sin.sin_addr.s_addr = INADDR_ANY; sin.sin_family = AF_INET; sin.sin_port = htons(serverport); if ( bind (sock, (struct sockaddr *)&sin, sizeof(sin))<0) berr_exit("couldn't bind"); listen (sock,5); return (sock); void load_dh_params (ctx, file) char *file; DH *ret=0; BIO *bio; bio = BIO_new_file (file, "r"); ret = PEM_read_bio_DHparams (bio,null,null,null); BIO_free (bio); SSL_CTX_set_tmp_dh (ctx,ret); void generate_eph_rsa_key (ctx) RSA *rsa; void echo (ssl) rsa=rsa_generate_key(512,rsa_f4,null,null); SSL_CTX_set_tmp_rsa(ctx,rsa); RSA_free(rsa);

char buf[bufsizz]; int r,len,offset; while (1) /* First read data */ r=ssl_read (ssl, buf, BUFSIZZ); switch ( SSL_get_error (ssl,r) ) case SSL_ERROR_NONE: len=r; break; case SSL_ERROR_ZERO_RETURN: goto end; default: berr_exit ("SSL read problem"); /* Now keep writing until we've written everything*/ offset=0; while (len) /* while (1) */ end: SSL_shutdown(ssl); SSL_free(ssl) r = SSL_write (ssl, buf+offset, len); switch (SSL_get_error (ssl,r)) case SSL_ERROR_NONE: len-=r; offset+=r; break; default: berr_exit("ssl write problem"); Generating the required.pem files: #define DHFILE #define RANDOM "dh1024.pem" "random.pem"

#define CA_LIST #define ServerKEYFILE #define ClientKEYFILE "root.pem" "server.pem" "client.pem" To create the dh512.pem or dh1024.pem: % openssl dhparam -check -text -5 512 -out dh512.pem % openssl dhparam -check -text -5 1024 -out dh1024.pem To create the random.pem: % cp ~/cs772/random.pem. To create the root.pem: % cat ca_key.pem ca_cert.pem > root.pem To create the server.pem & client.pem: First generate a cert request, make sure to specify: "localhost" or the actual host name, e.g., "cash.cs.odu.edu" as the CN name. Sign the certificates from the CA and then do the following: % cat server_privatekey.pem server_cert.pem ca_cert.pem > server.pem % cat cleint_privatekey.pem client_cert.pem ca_cert.pem > client.pem

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information