More OpenSSL

So today started with a bit of an oddity, I may be re-deployed on something else, but that isn’t clear yet, so back on with what I was doing. So it was secure socket layer or SSL as it’s known. I’m using OpenSSL as I said before. I had the client up and running but now it was time to do the server. After a bit more research I decided to basically use the existing socket architecture rather than using ‘BIOs’ which is OpenSSL I/O stuff. This means that SSL is built on top the normal socket layer. Also means there are less changes. Although the way it works is a bit strange with data streaming in and out. You bind your socket as normal, but then you have to set it to non-blocking. You then do a dummy read, if that returns ‘need more data’ then you then use ‘select’ as normal to detect if there is any data on the socket, you then do the read again when there is. Write is also similar, you do the write and it may request to wait for output to flush or for input to flush. Yes, both read and write can both request read and write data on the socket. This is because re-negotiation may take place. So it’s a little bit backwards, but fairly easy to understand. Got all that working without too much of a problem.

My turn to take the dog for a walk, so she got a good hour. Then it was back to client side again. So I set that up as non-blocking and had to do a couple of adjustments to get it to respond to ‘is message ready’, basically you have to do a peek rather than a read, then do a pending call, that will tell you then if you need to do a read. I left the actual client code all blocking as the TCP client code before was. It would be fairly easy to change that to non-blocking now though.

Went to the gym and did Body Combat, great fun, busy class, busy car park. Then it was server encryption. Set up the server so it only does strong encryption and supports DH key exchange. This uses a few callbacks, but again was fairly simple to implement.

Not sure how much further I’m going to take this now, will probably just end up adding a bit of error checking and that will be it. Will find out tomorrow.

Leave a Reply

Your email address will not be published. Required fields are marked *