Create basic and non-secure connections

Article Title: create basic and non-secure connections. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

The APIs used to learn how to use OpenSSL, the most famous Open Library for secure communication, are difficult because their documentation is incomplete. You can use the tips in this article to add this knowledge and use this API. After establishing a basic connection, you can view how to use the BIO library of OpenSSL to establish a secure connection and a non-secure connection. At the same time, you will learn some knowledge about error detection.

The OpenSSL API documentation is vague. There are not many tutorials on OpenSSL, so it may be difficult for beginners to use it in applications. So how can we use OpenSSL to implement a basic secure connection? This tutorial will help you solve this problem.

The difficulty of learning how to implement OpenSSL lies in its incomplete documentation. Incomplete API documentation usually prevents developers from using this API, which usually means it is doomed to fail. However, OpenSSL is still very active and is becoming more and more powerful. Why?

OpenSSL is the most famous Open Library for secure communication. In the result returned by searching "SSL library" in google, OpenSSL is at the top of the list. It was born in 1998 and originated from the SSLeay library developed by Eric Young and Tim Hudson. Other SSL toolkit includes gnu tls, which complies with the GNU General Public License release, and Mozilla Network Security Services (NSS) (refer to references later in this article for additional information ).

So what makes OpenSSL superior to gnu tls, Mozilla NSS, or all other libraries? License is a factor (see references ). In addition, gns tls (so far) only supports TLS v1.0 and SSL v3.0.

The release of Mozilla NSS follows both Mozilla Public License and gnu gpl, which allows developers to choose from. However, Mozilla NSS is larger than OpenSSL and requires other external libraries to compile the libraries. OpenSSL is completely self-contained. Similar to OpenSSL, most NSS APIs do not have documentation. Mozilla NSS received support for PKCS #11, which can be used for encryption tags such as smart cards. OpenSSL does not support this feature.

Prerequisites

To fully understand and use this article, you should:

• Proficient in C programming.
• Familiar with Internet communication and programming of Internet-Supported Applications.

You are not absolutely required to be familiar with SSL, because a brief description of SLL will be provided later. However, if you want a link to the article about SSL in detail, see references. It is good to have cryptographic knowledge, but this is not necessary.

What is SSL?

SSL stands for the Secure Sockets Layer. It is a standard that supports secure communication over the Internet and integrates data cryptography into the Protocol. Data is encrypted before it leaves your computer and decrypted only after it reaches its intended destination. Certificates and cryptographic algorithms support all these operations. With OpenSSL, you will have the opportunity to understand them.

Theoretically, if the encrypted data is intercepted or eavesdropped before it reaches the target, the data cannot be cracked. However, since the computer changes faster than a year ago and the password translation method has developed, the possibility of cracking the encryption protocol used in SSL is also increasing.

SSL and secure connections can be used for any type of protocol on the Internet, whether HTTP, POP3, or FTP. You can also use SSL to protect Telnet sessions. Although SSL can be used to protect any connection, SSL is not required for each type of connection. If the connection transmits sensitive information, use SSL.

What is OpenSSL?

OpenSSL is not just SSL. It can implement message digest, file encryption and decryption, digital certificates, digital signatures and random numbers. There are a lot of content about the OpenSSL library, which is far from an article.

OpenSSL is not just an API, but also a command line tool. The command line tool can do the same work as the API, and further test the SSL server and client. It also gives developers an understanding of OpenSSL capabilities. For more information about how to use the OpenSSL command line tool, see references.

What do you need

The latest version of OpenSSL is required first. Refer to the references section to determine where to obtain the latest source code that can be compiled by yourself, or the latest binary file (if you do not want to spend time compiling ). However, for security reasons, we recommend that you download the latest source code and compile it yourself. Binary versions are usually compiled and released by third parties rather than OpenSSL developers.

Some Linux releases come with the binary version of OpenSSL, which is sufficient for learning how to use the OpenSSL library. However, if you want to do something practical, you must get the latest version and keep it updated.

We recommend that you obtain the RPM package from the release manufacturer to update your OpenSSL release version. For security reasons, we recommend that you use the latest release version. If your release version does not support the latest OpenSSL version, we recommend that you only overwrite the library file and do not overwrite the executable file. The FAQ document that comes with OpenSSL contains details about this.

Note that OpenSSL is not officially supported on all platforms. Although the manufacturer has tried its best to make it cross-platform compatible, there is still the possibility that OpenSSL cannot be used on your computer and/or operating system. See OpenSSL Web sites (links in references) for information on which platforms are supported.

To use OpenSSL to generate certificate requests and digital certificates, you must create a configuration file. In the OpenSSL packageappsFolder namedopenssl.cnf. I will not discuss this file, because it is not within the scope of this article. However, this template file has some very good comments, and if you search on the Internet, you can find a lot of tutorials about modifying this file.

Header file and initialization

This tutorial uses only three header files: ssl. h, bio. h, and err. h. They are all located in the openssl subdirectory and are required to develop your project. To initialize the OpenSSL library, you only need three lines of code. Listing 1 lists all content. Other header files and/or initialization functions may be necessary for other functions.

Listing 1. Required header files

/* OpenSSL headers */#include "openssl/bio.h"#include "openssl/ssl.h"#include "openssl/err.h"/* Initializing OpenSSL */SSL_load_error_strings();ERR_load_BIO_strings();OpenSSL_add_all_algorithms();

 

[1] [2] [3] [4] [5] Next page