Recently I updated a usenet client program I’d written to use SSL. The usenet NNTP protocol has been around for a very long time, and is a very simple text based protocol. The program I had is written in C and simply opens a tcp client socket to an NNTP server, promotes the socked to a file descriptor then uses fgets and fputs to send lines back and forth. Its pretty elementary stuff.<\/p>\n
Now, in recent years usenet server have started handling requests via NNTPS, or NNTP over SSL. I hadn’t considered updating my program to use SSL, but my brother wanted to use it in this way, so I started to investigate how to update it.<\/p>\n
OpenSSL is the usual library to use, so I started searching for examples of how to use it. Initially I thought I could just replace the connect with an SSL equivalent and also somehow promote my ssl socket so I could use fgets\/fputs on it. Not so. It was a little more complicated than that<\/p>\n
First there is a lot more initialisation code: (apologies for the indentation. I hate wordpress)<\/p>\n
\r\nSSL_library_init(); \r\nSSL_load_error_strings(); \r\nOpenSSL_add_all_algorithms(); \r\nCRYPTO_set_id_callback(thread_id_myprog); \r\nCRYPTO_set_locking_callback(thread_lock_myprog); \r\nnum_locks = CRYPTO_num_locks(); \r\nlocks = malloc (num_locks * sizeof *locks); \r\nfor (n=0;n < num_locks;n++) { \r\n if (pthread_mutex_init(&locks[n], NULL)) { \r\n printf("cannot init mutexes for openssl\n"); \r\n return -1; \r\n } \r\n}<\/pre>\nAll the locks stuff is supposedly to do with my program being multi-threaded. I don’t really understand it that well.<\/p>\n
Then you need to make your tcp client socket connection as you normally do (in the ‘sock’ var below)<\/p>\n
\r\nint sock; \r\n\r\nSSL_CTX *context; \r\nSSL_METHOD *method; \r\nSSL *connection; \r\nBIO *io; \r\nBIO *sbio; \r\nBIO *ssl_bio; \r\n\r\ncontext= NULL; \r\nmethod= NULL; \r\nconnection=NULL; \r\nmethod=SSLv23_client_method(); \r\ncontext = SSL_CTX_new(connection.method); \r\n... \r\nsbio= BIO_new_socket(sock,BIO_NOCLOSE); \r\nif (sbio==NULL) {printf(\"bad sbion\"); exit(1); } \r\nconnection = SSL_new(context); \r\nif (connection==NULL) {printf(\"bad connectionn\"); exit(1); } \r\nSSL_set_bio(connection,sbio,sbio); \r\n... \r\nio = BIO_new(BIO_f_buffer()); \r\nssl_bio = BIO_new(BIO_f_ssl()); \r\nBIO_set_ssl(ssl_bio,connection,BIO_CLOSE); \r\nBIO_push(io,ssl_bio); \r\n... \r\nSSL_connect(connection);<\/pre>\n