Open SSL Secure Socket - ddpalacios/home-server GitHub Wiki

Converting Socket to an SSL Socket

Description:

SSL (Secure Socket Layer) is an encrypted-based internet security protocol.

A website that implements SSL/TLS has HTTPS in its URL instead of HTTP

1. In order to provide a high degree of privavy, SSL encryptes data that is transmitted across the web.

   • any one who tries to intercept this data will only see a mix of characters that is nearly impossible to decrypt.

2. SSL initiates an authentication process called a 'Handshake' between two communicating devices to ensure that both devices are really who they claim to be

3. SSL also digitally signs data in order to provide data integrity, verifying that the data is not tampered with before reaching its intended recipient.

Notes:

https://www.cloudflare.com/learning/ssl/what-is-ssl/

SSL can only be implemented by websites that have an SSL certificate (technically a "TLS certificate"). An SSL certificate is like an ID card or a badge that proves someone is who they say they are. SSL certificates are stored and displayed on the Web by a website's or application's server.

One of the most important pieces of information in an SSL certificate is the website's public key. The public key makes encryption and authentication possible. A user's device views the public key and uses it to establish secure encryption keys with the web server. Meanwhile the web server also has a private key that is kept secret; the private key decrypts data encrypted with the public key.

sources:

SSL socket https://docs.openssl.org/master/man7/ossl-guide-libcrypto-introduction/ https://www.cloudflare.com/learning/ssl/what-is-ssl/

---

Tasks:

1. Generate trusted SSL certification (prod & dev)

• For Development: Generate Self-Signed Certification
• https://tecadmin.net/step-by-step-guide-to-creating-self-signed-ssl-certificates/
• For Production: Create SSL certificate issued by a trusted CA (Stretch goal)

Creating a certificate for development purposes consisted of creating a CSR (certificate signing request) and a private key which then allowed to create a self signed cert.

This certification was used to establish a SSL handshake connection between the server and the client.

---

2. Replace recv() and send() with SSL functions

This was replaced with SSL_write() & SSL_read()

3. Test POLLING functionality with secured SSL sockets

Linux commamd to test SSL conections:

• openssl s_client -connect localhost:9034

---

This feature requires to keep an array of SSL pointers that gives the ability to perform encrypted read and write operations

Struct Client{ int Id; // fd declaration as INT SSL* cSSL // pointer to SSL structure } [c1,c2,c3....ci] - Required for read and write operations

poll(...) [p1,p2,p3....pi] Requires a pointer of arrays to raw FDs.

---

When adding new clients:

1. add new fd to polling struct
2. encrypt Fd and add to client struct array

---

When removing clients:

1. obtain FD #
2. remove from Poll struct array
3. remove from Client struct array