C 中的 SSL 包装器流
我有一个简单的 C 语言 stream_t 类型,具有基本的读/写操作,并支持使用函数指针的多个底层实现。因此,流可以由文件、字符缓冲区等支持。
一种流类型是标准 POSIX 套接字,我想编写一个包装器流,它将向现有流添加 SSL 支持,类似于 .NET 的 SslStream。所以我可以写这样的东西:
stream_t *socket = something(); // wrap existing stream and perform handshake as client stream_t *ssl_stream = ssl_stream_create(socket); ssl_stream_authenticate_as_user(ssl_stream); // now all read/writes are encrypted and passed through to the wrapped stream
在使用 OpenSSL 的 BIO_new_connect(...) 等之前我已经编写了一些 SSL 套接字代码,但这是比我需要的更高级别的 API。 OpenSSL 是否公开了我手动执行握手和加密所需的功能?或者还有其他我可以使用的库吗?
I have a simple stream_t type in C with your basic read/write operations, and support for multiple underlying implementations using function pointers. So a stream could be backed by a file, a char buffer, etc.
One stream type is a standard POSIX socket, and I would like to code a wrapper stream that will add SSL support to an existing stream, similar to .NET's SslStream. So I could write something like this:
stream_t *socket = something(); // wrap existing stream and perform handshake as client stream_t *ssl_stream = ssl_stream_create(socket); ssl_stream_authenticate_as_user(ssl_stream); // now all read/writes are encrypted and passed through to the wrapped stream
I have written some SSL socket code before using OpenSSL's BIO_new_connect(...) etc. but this is a higher level API than what I need. Does OpenSSL expose the functions I would need to manually perform the handshake and encryption? Or is there some other library I can use?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我不知道您可以使用任何库,但您可以找到大量示例。大多数 C 语言应用程序都必须对其 TCP 代码执行相同的操作,因此 SSL 和原始套接字版本不会有太大差异。
例如,查看 Pine IMAP 中的 ssl_unix.c,
https://svn.cac.washington.edu/public/alpine/snapshots/imap/src/osdep/unix/
它的作用正是您使用 OpenSSL 所描述的。
I don't know any libraries you can use but you can find plenty of samples. Most applications in C would have to do the same for their TCP code so SSL and raw socket versions don't differ too much.
For example, check out ssl_unix.c from Pine IMAP,
https://svn.cac.washington.edu/public/alpine/snapshots/imap/src/osdep/unix/
It does exactly what you are describing with OpenSSL.
我使用了
BIO_s_mem作为 SSL 套接字操作的掩护。我会自己读取和写入套接字(而不是将句柄交给 OpenSSL 并让它执行读取/写入操作)。当您调用SSL_accept(在服务器端)或SSL_connect(在客户端)时,握手就会完成。除此之外,只需调用SSL_read和SSL_write即可进行读取和写入。I have used a
BIO_s_memas a cover for SSL socket operations. I would read from and write to the socket myself (rather than giving the handle to OpenSSL and having it do the reading/writing). The handshake is done when you callSSL_accept(on the server side) orSSL_connect(on the client side). Other than that, just callSSL_readandSSL_writeto do the reading and writing.