> My company has a web server which is actaully > implemented using the concept of sockets (socket > program...). I am adding OpenSSL to it.
> With the OpenSSL help and refering to your link > http://members.netscapeonline.co.uk/jeremyalansmith/ssltutorial/ > > Firstly, I followed the steps in creating the private > key and the certificate. It was sucessful. > > Second step was also sucessful, that is "Initialising > the SSL Socket". > > However, for implementing 3rd step "Using the SSL > Socket", I've few doubts... please clarify! > > My program (simple web server) looks like this... > > ... > ... > Create socket "sock"; > > server_socket_descriptor = socket_listen(); //In > "socket_listen()", 'bind' and 'select' is done > > Create SSL_Server_Socket(ssl, > server_socket_descriptor); // made server_scoket as an > SSL_server_socket > > /// line_mark1 > > while (true) > { > if (socket_select()) > { > client_socket_descriptor = socket_accept(); > > // should I call SSL functions here also to make > the client socket as SSL?? > // Should both client and server socket must be > SSL_sockets?? The SSL server socket is made from your client socket. The client stays as it was, but you never refer to it again, only to close it. From now on, SSL takes over the client socket. It reads in data from the socket, decrypts it, and gives it to you in unencrypted form. It also takes your data and encrypts it for the browser. You can read and write to the SSL socket. You now have the original socket which SSL works with, and then makes an SSL socket which you access. You need to do the following here. This line makes a new socket, "SSL *server_socket" which is the socket you now use with SSL_read and SSL_write (and SSL_accept). ssl_ctx is what you created with "ssl_ctx = SSL_CTX_new( SSLv23_server_method() );" server_socket = SSL_new( ssl_ctx ); This line now creates our SSL server socket. SSL_set_fd( server_socket, client_socket_descriptor ); Finally, we accept it: if ( SSL_accept( server_socket ) == 0 ) { exit( 1 ); } > /// line_mark2 > > new_web_page(client_socket_descriptor); > > new_thread(new_web_page); // create a thread > (which does read & write of HTTP/HTML) and goes back > to listen. > > } > } > .... > .... > > Also in the above program, where do I call > SSL_accept() & SSL_connect?? > > I tried to call SSL_accept() putting them in > "line_mark1/2" respectivly but it results false > (error:00000005::lib(0) :func(0) :bad asn1 object > header). You couldn't accept because you didn't (I don't think) do SSL_new and SSL_set_fd. > Anyone, please help me understand!!!! Thank you. > I hope it helps. I'm not an expert on it, but if you continue to have problems, then post again and I'll try to help. Cheers, Jeremy. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
