OpenSSL or LibreSSL C++ sample for client TLS connection

Question

I am searching for a client TLS connection example in C++. Best for Visual Studio, but honestly it can be any compiler. I found several C samples. But no one worked. I started with this sample in C: https://wiki.openssl.org/index.php/SSL/TLS_Client

But it failes on

    res = BIO_do_connect(web);

with "system library" if I want to connect to my own node.js server (using the direct ip address) or with "bad hostname lookup" using encrypted.google.com as url. Both with libressl and Visual Studio 2013.

Next stop: http://fm4dd.com/openssl/sslconnect.htm

Here the program runs successful. But any attempt to write to the SSL connection at the end with:

std::string json = "{'test':'huhu'}";

char buff[1024];
sprintf(buff, "POST /test.de HTTP/1.1 \nHost: test.de\nContent-Type: application/json\nContent-Length: %d\n\n", json.length());
std::string post = buff;

int snd = SSL_write(ssl, post.data(), post.length());
snd = SSL_write(ssl, json.data(), json.length());

forces the server to close the connection (I do not see exactly what happend as I do not now how I can tell node.js to tell me more).

So I search for a working sample or how to get a TLS connection with own certificate running in C++

Answer 1

Here's an updated example for LibreSSL using pinned cert bundle: C++ libtls example on github

Answer 2

I am searching for a client TLS connection example in C++.

I think there are a couple of ports of OpenSSL to C++. They try to do the full class wrapper thing. See openssl++ class on Google.

When I use it in C++, I use unique pointers for cleanup. See, for example, How to properly print RSA* as string in C++?. I use it primarily to ensure cleanup. I think its similar to Resource Acquisition Is Initialization pattern.

OpenSSL also provides a page for similar libraries and frameworks. See the Related Links page on the OpenSSL wiki.

---

But it fails on

res = BIO_do_connect(web);

with "system library" if I want to connect to my own node.js server (using the > direct ip address) or with "bad hostname lookup"

My guess here would be the name in the certificate does not match the name used in the URL to connect.

You can make the names work by adding an entry in your host file. Effectively, this is your local DNS override. See Microsoft TCP/IP Host Name Resolution Order.

Or, you can generate a certificate with all the required names. For that, see How to create a self-signed certificate with openssl?

---

forces the server to close the connection (I do not see exactly what happend as I do not now how I can tell node.js to tell me more).

 "POST /test.de HTTP/1.1 \nHost: test.de\nContent-Type: 
     application/json\nContent-Length: %d\n\n"

Since you lack the Connection: close request header, the server is probably following RFC 7230, HTTP/1.1 Message Syntax and Routing, Section 6.1:

A server that does not support persistent connections MUST send the "close" connection option in every response message that does not have a 1xx (Informational) status code.

Also, that should probably be:

 "POST /test.de HTTP/1.1\r\nHost: test.de\r\nContent-Type: 
     application/json\r\nContent-Length:%d\r\n\r\n"

\r\n is used as new line, not \r and not \n. A double \r\n is used to terminate the header. You can quickly verify be searching for "CRLF" in the standard. You will land in a discussion of the ABNF grammar.

---

So I search for a working sample or how to get a TLS connection with own certificate running in C++

The trick here is creating a well-formed certificate. For that, see How to create a self-signed certificate with openssl?