More OpenSSL

So today started with a bit of an oddity, I may be re-deployed on something else, but that isn’t clear yet, so back on with what I was doing. So it was secure socket layer or SSL as it’s known. I’m using OpenSSL as I said before. I had the client up and running but now it was time to do the server. After a bit more research I decided to basically use the existing socket architecture rather than using ‘BIOs’ which is OpenSSL I/O stuff. This means that SSL is built on top the normal socket layer. Also means there are less changes. Although the way it works is a bit strange with data streaming in and out. You bind your socket as normal, but then you have to set it to non-blocking. You then do a dummy read, if that returns ‘need more data’ then you then use ‘select’ as normal to detect if there is any data on the socket, you then do the read again when there is. Write is also similar, you do the write and it may request to wait for output to flush or for input to flush. Yes, both read and write can both request read and write data on the socket. This is because re-negotiation may take place. So it’s a little bit backwards, but fairly easy to understand. Got all that working without too much of a problem.

My turn to take the dog for a walk, so she got a good hour. Then it was back to client side again. So I set that up as non-blocking and had to do a couple of adjustments to get it to respond to ‘is message ready’, basically you have to do a peek rather than a read, then do a pending call, that will tell you then if you need to do a read. I left the actual client code all blocking as the TCP client code before was. It would be fairly easy to change that to non-blocking now though.

Went to the gym and did Body Combat, great fun, busy class, busy car park. Then it was server encryption. Set up the server so it only does strong encryption and supports DH key exchange. This uses a few callbacks, but again was fairly simple to implement.

Not sure how much further I’m going to take this now, will probably just end up adding a bit of error checking and that will be it. Will find out tomorrow.

OpenSSL and the joys of secure sockets

So started the day by not feeding the dog. Jamie actually did it before he went to work.

Still working mainly on state machine stuff today, then set up the project to run client/server. Okay, it was running client/server in the same app using local host but it was going through all the motions. That all works fine, okay, no error checking of any kind, but worked as expected.

Lunch time I went for a run, much to the dogs disappointment.

This afternoon I’ve been looking at SSL as this project requires a secure client/server connection. My servers are all set up using SSL certificates so I’ve been here before. But this is the first time I’ve looked at it from an API perspective. I looked at a few libs, but in the end OpenSSL is really the only complete one with all the security up to date. Managed to find pre-compiled windows bins for the latest version, that saved a lot of buggering about. Got it connecting to Google via HTTPS and even my own server, can get the certificate, verify it and looked at various bits of it’s contents. There seems to be some buggering about in hyperspace you need to do to replace the ‘select’ calls for blocking sockets, it get’s complicated with re-negotiation but I think I’ve worked it out. Also the server side I haven’t looked at at all yet, again, it’s interesting stuff, I’m learning something new for sure.

Went to the gym, did Body Pump. Came back, I fed the dog.

Jamie has come home from work, put the washing away, did the dishes and filled the dishwasher. He even says he’s going to take the dog for a walk. May be my bit of sulking worked after all. We have Christmas dinner at his dads on Sunday, a shame I was looking for a quiet weekend. Never mind. Bath O’Clock.