Small CA System

Some days ago on the Internet to see some of the introduction of OpenSSL, feel very interesting, so do a program, the basic realization of the digital certificate production, SSL security communications, encryption and decryption operations, adhering to the principle of OpenSSL open, take out the sharing, the main implementation of the written in the two DLL. The level is limited, please do not be laughed at.

First of all, thank the Chinese OpenSSL Forum (http://www.openssl.cn/) Several of the owner, thanks to their hard work and silently pay.

The program is based on an electronic key management program, the original part of the electronic key is still retained, the need for electronic key support.

More code, the author only introduced the three points considered important.

Procedural points:

(1) RA client and server program uses Access database, SSL connection, non-blocking socket, the basic principle is that the client sends a command request, the server queries the database, and then the query results are sent to the client. Non-blocking socket is very flexible, improper use will be wasted, this program: AsyncSelect function is a key.

Lin Jun's Winsock programming book reads:

"Fd_write Event"

The system informs us of the Fd_write event, with only the following:

(1) to call WSAAsyncSelect () to set the Fd_write event, the Socket has been able to transfer data (TCP Scoket has successfully connected with the other party, or UDP Socket has been established), and currently output buffer still have space to write into the data.

(2) Call WSAAsyncSelect () to set the Fd_write event, the socket is not yet transmitted data, but once the socket and the other connected successfully, will soon receive fd_write notice.

(3) call Send () or sendto () transmission of data, the system told the error, and the error code is 10035 wsaewouldblock (call WSAGetLastError () to know this error), this means that the output buffer is full, can not write Enter any data (at this time, even the call to send () more than once) will also fail; Once the system has successfully delivered some of the data to the other side, it will send a fd_write to the user, informing them that they can continue to transmit the data. In other words, the reader can continue to call send () to transmit the data when sending the data by calling send (), and if Send () returns an error of 10035, then do not call Send () to send the data until the Fd_write is received. , and then continue to transmit the information.

"Fd_read Event"

We will receive a Fd_read event informing us to read the information:

(1) Call WSAAsyncSelect function to set the Fd_read event for this Socket, the input buffer has the data.

(2) The original system of input buffer is empty, when the system again received information, will inform us.

(3) The user calls Recv or recvfrom function, reads the data from the input buffer, but does not have the data to read the light once, at this time will drive a Fd_read event, said still has the data in the input buffer.

Readers must note: If we receive FD_READ event notification, but we deliberately do not call recv or recvfrom to read the information, then the system received the information, and will not notify us again, we must wait for us to call the recv or recvfrom, It is possible to receive Fd_read event notifications again. (Lin Jun)

(2) Because some basic operations are written in the dynamic library, the dynamic library in the long operation (encryption and decryption) of the progress, should be reflected in the main program, so more friendly. This procedure uses the callback function mechanism to solve this problem.

static void Drawprog (int i);

void Cusbevppage::D rawprog (int i)

{

((Cusbevppage *) ((CPropertySheet *) AfxGetMainWnd ())->getpage (8))->

M_progress.setpos (i)//did not introduce this, because this function is invoked in a dynamic library.

}

The dynamic library calls this function under certain conditions, indicating the progress of the operation.

(3) The program is done, if you check with some tools such as Smartchk, there might be a harvest.

Program Bugs:

1, the same program can no longer use SSL client connection SSL server, otherwise ...

2, due to the limited grasp of OpenSSL, some of the code has a memory leak.

3, SSL client connection SSL server, display garbled because there is no processing half of Chinese characters, if the connection with IE does not have this problem.

Because the program code more, no longer introduced, the specific implementation please refer to the source code. Errors in your code should be noted for correction in the next release.

Some header files and Lib take an absolute path and need to be reconfigured.

CA and EVP Dynamic Library Source code problems are still a lot, so there is no release, to be perfected and then take out the shortcoming.

About the digital certificate and SSL application, you can find some introduction on the network, here no longer repeat.

The program has been tested under Win2000 + vc6+access2000. Contact me if you have any questions.

This article supporting source code