C++ Socket library tutorial
|
|
Modify the StatusSocket server to use SSL
To enable SSL in a TcpSocket derived class only one method needs to be
implemented.
For a client class, the method is called InitSSLClient .
For the server, it's called InitSSLServer .
These methods does not take any input parameters.
The client method needs to call InitializeContext with the ssl method
that is to be used. The default implementation use SSLv23_method() , so
it that's ok no InitSSLClient method needs to be implemented on your
client class.
The server method also needs to call InitializeContext , but with more
parameters. The class need a combined key/certificate filename as first
input parameter, and the password to the key as second. The third and
final input parameter is again the ssl method to use.
To make a TcpSocket derived class use SSL, one must call EnableSSL() .
This can be done in the class constructor if the class always should use
ssl, or in the Init() method. Init() is called after a
connection has been accepted, but before OnAccept() .
The StatusSocket below will use Init() , and will only enable ssl
if the incoming port number is 2222.
Create the server key and server certificate using openssl
Without going into any detail whatsoever, here are the steps needed to
create a self-signed server certificate using openssl.
1. Create ca key
openssl genrsa -des3 -out ca.key 4096
2. Create ca cert
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
3. Create server key
openssl genrsa -des3 -out server.key 4096
4. Create server certificate request
openssl req -new -key server.key -out server.csr
5. Sign server certificate
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
6. Copy server key and certificate to a combined file
$ cat server.key server.crt > server.pem
(in windows command prompt:)
c:\> copy server.key+server.crt server.pem
Now there is a server.pem file that the StatusSocket class can use to
establish an ssl session.
Below follows the StatusSocket, modified for use in a SSL server.
StatusSocket.h
#ifndef _STATUSSOCKET_H
#define _STATUSSOCKET_H
#include <TcpSocket.h>
#include <ISocketHandler.h>
class StatusSocket : public TcpSocket
{
public:
StatusSocket(ISocketHandler& );
void Init();
void OnAccept();
void InitSSLServer();
};
#endif // _STATUSSOCKET_H
|
|
StatusSocket.cpp
#include <Utility.h>
#include "StatusSocket.h"
StatusSocket::StatusSocket(ISocketHandler& h)
:TcpSocket(h)
{
}
void StatusSocket::OnAccept()
{
Send("Local hostname : " + Utility::GetLocalHostname() + "\n");
Send("Local address : " + Utility::GetLocalAddress() + "\n");
Send("Number of sockets in list : " + Utility::l2string(Handler().GetCount()) + "\n");
Send("\n");
}
void StatusSocket::InitSSLServer()
{
// here's the server.pem file we just created above
// %! remember to change the password to the one you used for your server key
InitializeContext("server.pem", "keypwd", SSLv23_method());
}
void StatusSocket::Init()
{
if (GetParent() -> GetPort() == 2222)
{
EnableSSL();
}
}
|
|
|