2

I am searching for a client TLS connection example in C++. Best for Visual Studio, but honestly it can be any compiler. I found several C samples. But no one worked. I started with this sample in C: https://wiki.openssl.org/index.php/SSL/TLS_Client

But it failes on

    res = BIO_do_connect(web);

with "system library" if I want to connect to my own node.js server (using the direct ip address) or with "bad hostname lookup" using encrypted.google.com as url. Both with libressl and Visual Studio 2013.

Next stop: http://fm4dd.com/openssl/sslconnect.htm

Here the program runs successful. But any attempt to write to the SSL connection at the end with:

std::string json = "{'test':'huhu'}";

char buff[1024];
sprintf(buff, "POST /test.de HTTP/1.1 \nHost: test.de\nContent-Type: application/json\nContent-Length: %d\n\n", json.length());
std::string post = buff;

int snd = SSL_write(ssl, post.data(), post.length());
snd = SSL_write(ssl, json.data(), json.length());

forces the server to close the connection (I do not see exactly what happend as I do not now how I can tell node.js to tell me more).

So I search for a working sample or how to get a TLS connection with own certificate running in C++

Martin Schlott
  • 4,369
  • 3
  • 25
  • 49
  • You could look at the s_client code in the main OpenSSL command-line tool. That's supports lots of certificate options. – Rup May 01 '15 at 12:57
  • You should know better than to ask for a tutorial or sample :) I often use C++ to wrap OpenSSL, but I do so with unique pointers so cleanup occurs automatically. Here's what it looks like: [How to properly print RSA* as string in C++?](http://stackoverflow.com/a/23473034/608639). – jww May 01 '15 at 18:30
  • @jww Mea culpa. I was desperate this afternoon :-) Now it's looking much better. But what to do with the question? Delete it (honest question)? – Martin Schlott May 01 '15 at 18:35
  • @Martin - I think its your choice (and even think its a pretty good question). Its not accumulating downvotes, so there's no harm in allowing it to stay and possibly closed. If it stays, then others can use it for a reference. (I voted to close due to site policy). – jww May 01 '15 at 18:50

2 Answers2

1

I am searching for a client TLS connection example in C++.

I think there are a couple of ports of OpenSSL to C++. They try to do the full class wrapper thing. See openssl++ class on Google.

When I use it in C++, I use unique pointers for cleanup. See, for example, How to properly print RSA* as string in C++?. I use it primarily to ensure cleanup. I think its similar to Resource Acquisition Is Initialization pattern.

OpenSSL also provides a page for similar libraries and frameworks. See the Related Links page on the OpenSSL wiki.

But it fails on

res = BIO_do_connect(web);

with "system library" if I want to connect to my own node.js server (using the > direct ip address) or with "bad hostname lookup"

My guess here would be the name in the certificate does not match the name used in the URL to connect.

You can make the names work by adding an entry in your host file. Effectively, this is your local DNS override. See Microsoft TCP/IP Host Name Resolution Order.

Or, you can generate a certificate with all the required names. For that, see How to create a self-signed certificate with openssl?

forces the server to close the connection (I do not see exactly what happend as I do not now how I can tell node.js to tell me more).

 "POST /test.de HTTP/1.1 \nHost: test.de\nContent-Type: 
     application/json\nContent-Length: %d\n\n"

Since you lack the Connection: close request header, the server is probably following RFC 7230, HTTP/1.1 Message Syntax and Routing, Section 6.1:

A server that does not support persistent connections MUST send the "close" connection option in every response message that does not have a 1xx (Informational) status code.

Also, that should probably be:

 "POST /test.de HTTP/1.1\r\nHost: test.de\r\nContent-Type: 
     application/json\r\nContent-Length:%d\r\n\r\n"

\r\n is used as new line, not \r and not \n. A double \r\n is used to terminate the header. You can quickly verify be searching for "CRLF" in the standard. You will land in a discussion of the ABNF grammar.

So I search for a working sample or how to get a TLS connection with own certificate running in C++

The trick here is creating a well-formed certificate. For that, see How to create a self-signed certificate with openssl?

Community
  • 1
  • 1
jww
  • 97,681
  • 90
  • 411
  • 885
1

Here's an updated example for LibreSSL using pinned cert bundle: C++ libtls example on github

Alex M
  • 527
  • 3
  • 13
  • 1
    This is really bad, not really written with a C++ perspective. – jaques-sam Oct 10 '19 at 13:16
  • 1
    right, it's a quick and dirty example. The beauty of open source is that you could take it and make a much cleaner example that someone might appreciate. – Alex M Oct 11 '19 at 19:13