9.1. Creating an SSL Client
You want to establish a connection from a client to a remote server using SSL.
Establishing a connection to a remote server using SSL is not
entirely different from establishing a connection without using
SSL—at least it doesn’t have to be.
Establishing an SSL connection requires a little more setup work,
consisting primarily of building an
spc_x509store_t object (see Recipe 10.5) that
contains the information necessary to verify the server. Once this is
done, you need to create an
SSL_CTX object and
attach it to the connection. OpenSSL will handle the rest.
Before reading this recipe, make sure you understand the basics of public key infrastructure (see Recipe 10.1).
Once you’ve created an
spc_x509store_t object by loading it with the
appropriate certificates and CRLs (see Recipe 10.10 and Recipe 10.11 for
information on obtaining CRLs), connecting to a remote server over
SSL can be as simple as making a call to the following function,
. You can optionally create an
SSL_CTX object yourself using
or the OpenSSL API. Alternatively, you can
share one that has already been created for other connections, or you
spc_connect_ssl( ) do it for you. In the
latter case, the connection will be established and the
SSL_CTX object that was created will be returned
by way of a pointer to the
SSL_CTX object pointer
in the function’s argument list.
#include <openssl/bio.h> #include <openssl/ssl.h> ...