9.2. Creating an SSL Server

Problem

You want to write a network server that can accept SSL connections from clients.

Solution

Creating a server that speaks SSL is not that different from creating a client that speaks SSL (see Recipe 9.1). A small amount of additional setup work is required for servers. In particular, you need to create an spc_x509store_t object (see Recipe 10.5) with a certificate and a private key. The information contained in this object is sent to clients during the initial handshake. In addition, the SPC_X509STORE_USE_CERTIFICATE flag needs to be set in the spc_x509store_t object. With the spc_x509store_t created, calls need to be made to create the listening BIO object, put it into a listening state, and accept new connections. (See Recipe 9.1 for a brief discussion regarding BIO objects.)

Discussion

Once an spc_x509store_t object has been created and fully initialized, the first step in creating an SSL server is to call spc_listen( ) . The hostname may be specified as NULL, which indicates that the created socket should be bound to all interfaces. Anything else should be specified in string form as an IP address for the interface to bind to. For example, “127.0.0.1” would cause the server BIO object to bind only to the local loopback interface.

#include <stdlib.h> #include <string.h> #include <openssl/bio.h> #include <openssl/ssl.h> BIO *spc_listen(char *host, int port) { BIO *acpt = 0; int addr_length; char *addr; if (port < 1 || port > 65535) return 0; if (!host) ...

Get Secure Programming Cookbook for C and C++ now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.