SSL wrapper stream in C
I have a simple stream_t
type in C with your basic read/write operations, and support for multiple underlying implementations using function pointers. So a stream could be backed by a file, a char buffer, etc.
One stream type is a standard POSIX socket, 开发者_如何学Goand I would like to code a wrapper stream that will add SSL support to an existing stream, similar to .NET's SslStream. So I could write something like this:
stream_t *socket = something(); // wrap existing stream and perform handshake as client stream_t *ssl_stream = ssl_stream_create(socket); ssl_stream_authenticate_as_user(ssl_stream); // now all read/writes are encrypted and passed through to the wrapped stream
I have written some SSL socket code before using OpenSSL's BIO_new_connect(...)
etc. but this is a higher level API than what I need. Does OpenSSL expose the functions I would need to manually perform the handshake and encryption? Or is there some other library I can use?
I don't know any libraries you can use but you can find plenty of samples. Most applications in C would have to do the same for their TCP code so SSL and raw socket versions don't differ too much.
For example, check out ssl_unix.c from Pine IMAP,
https://svn.cac.washington.edu/public/alpine/snapshots/imap/src/osdep/unix/
It does exactly what you are describing with OpenSSL.
I have used a BIO_s_mem
as a cover for SSL socket operations. I would read from and write to the socket myself (rather than giving the handle to OpenSSL and having it do the reading/writing). The handshake is done when you call SSL_accept
(on the server side) or SSL_connect
(on the client side). Other than that, just call SSL_read
and SSL_write
to do the reading and writing.
精彩评论