Starting to use OpenSSL

Question

I want to use SSL in my cross platform program. I decided to use OpenSSL.

I have OpenSSL installed, and at this point I am looking through the code and documentation trying to figure out how to use the library.

Do you have any resources or simple programs or tutorials that will walk me through integrating OpenSSL with my program?

Answer 1

from the "very rough guide" you mentioned, i managed to reach till successful SSL handshake, between mozilla web browser and my server(coded in c).But after SSL_accept, when am trying to use SSL_read to get the browser header details, am getting junk values and the bytes read are shown to be zero. below is the code, the SSL_accept call is successful but SSL_read is not..

    if(SSL_set_fd(ssl, client_s)<0)
        printf("\n error in assigning socket to SSL:");
    else
        printf("\n The socket has been assigned to SSL Structure");

    /* Perform SSL Handshake on the SSL server */
    err = SSL_accept(ssl);
    printf("\n Value of err is %d",err);
    RETURN_ERR(err,"SSL_accept");
    if(err==1)
        printf("\n The ssl connection/Handshake has been successful");
    else
        printf("\n The ssl connection was not successful");

    /* Informational output (optional) */
        printf("\n SSL connection using %s\n", SSL_get_cipher (ssl));


    /*receive the data from the client*/
    //err = SSL_accept(ssl);
    while(i<5)
    {
        err = SSL_read(ssl, in_buf, strlen(in_buf));
        printf("\n value of err is %d",err);
        RETURN_ERR(err,"SSL_read");

        printf("\n The details from the server is\n: %s,\n Bytes Read : %d",in_buf,err);
        if(err<0)
        printf("\n Not Successfully received clients information");
        i++;
     }
     err = SSL_shutdown(ssl);
    /* Terminate communication on a socket */
    err = close(server_s);
    /* Free the SSL structure */
    SSL_free(ssl);
    /* Free the SSL_CTX structure */
    SSL_CTX_free(ctx);

    return(0);
    }

Answer 2

You can find some useful OpenSSL commands on this page:

http://www.networking4all.com/en/support/ssl+certificates/manuals/openssl/openssl+commands/

Answer 3

The very rough guide is:

• Create a new SSL_CTX with SSL_CTX_new();
• (server only) Load the certificate with SSL_CTX_use_certificate_file();
• (server only) Load the private key with SSL_CTX_use_PrivateKey_file();
• Establish the network connection;
• Create a new SSL with SSL_new();
• Set the file descriptor of the SSL to that of your network connection with SSL_set_fd();
• (client only) Call SSL_connect();
• (server only) Call SSL_accept().

Thereafter use SSL_read() and SSL_write() to read and write from the connection, and finish with SSL_shutdown(). The SSL_CTX can be re-used to create SSL objects for many simultaneous sessions.