I believe the last function, the write, is missing a return false
with the error message?
Writing servers is VERY difficult to make 100% reliable, good
logging, etc. I have many years experience and still avoid it when I
can. You need to understand blocking and non-blocking calls, your
network, etc.
If you are on Unix -- use inetd if your volume is not too high. By
too high I have productions systems with 10,000 connections
continually with averaging 1,000 new connections per second. On
inetd under AIX.
In the old days of slow hardware people complained about the
performance because it does have to create a new process.
However your code becomes simple -- read/write to stdin/stdout. No
need to open, accept, poll, close, or otherwise deal with sockets.
Which then brings up stunnel ... and another performance barrier I
supposed by throwing in another program. However -- I have easily
used it for credit cards, UPS, USPS, Fedex, 10s of companies more
obscure, Web interfaces, secure telnet, HTTPS, etc.
On a modern machine you are unlikely, unless really resource
strained, to care about the over head -- and you would have no
programming to do at all. If stunnel is too limited, I'd still
consider inetd.
NOTE -- pretty much all code you write to work under inetd can later
be transferred to a standalone server program. So you are wasting
little time trying it. I actually have a generic server program I
start with whenever I need a server (it's in C) that runs either
under inetd or standalone. In practice I always use inetd -- it is
dead reliable and if it is not working, Unix is not working.
I am sure someone will disagree based on resource/performance
reasons. You will have to judge that ... and like I said, trying it
in inetd is not wasted time.
If you are on Windows .... ignore this :-)
Eric
E
At 01:48 PM 10/27/2011, David Durham wrote:
Hi all,
I'm new to C++ and libssl, but nevertheless trying to write an SSH
server. I have gone through tutorials and believe I have a working
server that initializes and SSL context, binds and listens on a TCP
socket, and accepts a connection. Using a debugger I see that if I
try to "ssh myserver -p myport", the process hangs on the call to
SSL_accept. I figure this is because the ssh client needs to do
something before calling SSL_connect. I don't need authentication, I
just want to use ssh kind of like a secure telnet. Here's my code,
any advice is appreciated:
bool SecureServer::Start ()
{
SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method());
if (SSL_CTX_use_certificate_file(ctx, "conf/ssl/server.crt",
SSL_FILETYPE_PEM) <= 0)
{
Error("failed to load server cert");
return false;
}
if (SSL_CTX_use_PrivateKey_file(ctx, "conf/ssl/server.key",
SSL_FILETYPE_PEM) <= 0)
{
Error("failed to load server private key");
return false;
}
SSL *ssl = SSL_new(ctx);
SocketType listen_sock = socket(AF_INET, SOCK_STREAM, 0);
if (listen_sock <= 0)
{
Error("failed creating socket");
return false;
}
sockaddr_in sa_serv, sa_cli;
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
sa_serv.sin_port = htons(2002); /* Server Port number */
if (bind(listen_sock, (struct sockaddr*) ((&sa_serv)),
sizeof(sa_serv)) < 0)
{
Error("bind failed");
return false;
}
/* Receive a TCP connection. */
if (listen(listen_sock, 5) < 0)
{
Error("listen failed");
return false;
}
socklen_t clientLen = sizeof(sa_cli);
SocketType sock = accept(listen_sock, (struct sockaddr*)
((&sa_cli)), &clientLen);
printf("Connection from %x, port %x\n", sa_cli.sin_addr.s_addr,
sa_cli.sin_port);
SSL_set_fd(ssl, sock);
if (SSL_accept(ssl) <= 0)
{
Error("SSL handshake failed");
return false;
}
char *message = "Hello SSL";
if (SSL_write(ssl, message, sizeof(message)) <= 0)
{
Error("error on ssl write");
}
return true;
}
Thanks,
Dave
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
Eric S. Eberhard
(928) 567-3727 Voice
(928) 567-6122 Fax
(928) 301-7537 Cell
Vertical Integrated Computer Systems, LLC
Metropolis Support, LLC
For Metropolis support and VICS MBA Support!!!! http://www.vicsmba.com
For pictures: http://www.vicsmba.com/ourpics/index.html
(You can see why we love this state :-) )
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
