Home  +  Forums  +  C++ and Sockets  +  C++ and SQL: MySQL, sqlite, ODBC  +  Miscellaneous Projects
Logo
~Sockets~
 C++ Sockets 
 Tutorial 
 Classes 
 License 
 Java Sockets 
~New~
 Xsd2cpp 
~Examples~
 SMTPProxy 
 PortProxy 
 ChatServer 
 ClientServer 
 HttpGet 
 DChat 
 WebServer 
 UDP 
 ICMP 
 Small MUD 
 MudBase 
~Contact~

C++ Socket library tutorial

Modify the StatusSocket server to use SSL

Prev   |   Menu   |   Next

To enable SSL in a TcpSocket derived class only one method needs to be implemented. For a client class, the method is called InitSSLClient. For the server, it's called InitSSLServer. These methods does not take any input parameters. The client method needs to call InitializeContext with the ssl method that is to be used. The default implementation use SSLv23_method(), so it that's ok no InitSSLClient method needs to be implemented on your client class. The server method also needs to call InitializeContext, but with more parameters. The class need a combined key/certificate filename as first input parameter, and the password to the key as second. The third and final input parameter is again the ssl method to use.

To make a TcpSocket derived class use SSL, one must call EnableSSL(). This can be done in the class constructor if the class always should use ssl, or in the Init() method. Init() is called after a connection has been accepted, but before OnAccept().

The StatusSocket below will use Init(), and will only enable ssl if the incoming port number is 2222.

Create the server key and server certificate using openssl

Without going into any detail whatsoever, here are the steps needed to create a self-signed server certificate using openssl.

1. Create ca key

openssl genrsa -des3 -out ca.key 4096

2. Create ca cert

openssl req -new -x509 -days 365 -key ca.key -out ca.crt

3. Create server key

openssl genrsa -des3 -out server.key 4096

4. Create server certificate request

openssl req -new -key server.key -out server.csr

5. Sign server certificate

openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

6. Copy server key and certificate to a combined file

$ cat server.key server.crt > server.pem

(in windows command prompt:)

c:\> copy server.key+server.crt server.pem

Now there is a server.pem file that the StatusSocket class can use to establish an ssl session.

Below follows the StatusSocket, modified for use in a SSL server.

StatusSocket.h
#ifndef _STATUSSOCKET_H
#define _STATUSSOCKET_H

#include <TcpSocket.h>
#include <ISocketHandler.h>


class StatusSocket : public TcpSocket
{
public:
	StatusSocket(ISocketHandler& );

	void Init();

	void OnAccept();
	void InitSSLServer();
};


#endif // _STATUSSOCKET_H

StatusSocket.cpp
#include <Utility.h>
#include "StatusSocket.h"


StatusSocket::StatusSocket(ISocketHandler& h)
:TcpSocket(h)
{
}


void StatusSocket::OnAccept()
{
	Send("Local hostname : " + Utility::GetLocalHostname() + "\n");
	Send("Local address : " + Utility::GetLocalAddress() + "\n");
	Send("Number of sockets in list : " + Utility::l2string(Handler().GetCount()) + "\n");
	Send("\n");
}


void StatusSocket::InitSSLServer()
{
	// here's the server.pem file we just created above
	// %! remember to change the password to the one you used for your server key
	InitializeContext("server.pem", "keypwd", SSLv23_method());
}


void StatusSocket::Init()
{
	if (GetParent() -> GetPort() == 2222)
	{
		EnableSSL();
	}
}

Prev   |   Menu   |   Next

Valid HTML 4.01!

Validate
Page, code, and content Copyright (C) 2021 by Anders Hedström