-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
54 lines (34 loc) · 1.95 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
DESCRIPTION
This code implements a three-tiered client server architecture that simply
establishes an SSL/TLS encrypted TCP connection from a client to an intermediate
server, which then establishes a separate SSL/TLS encrypted TCP connection to
a second, Tier 2 server. The Tier 2 server simply sends back a reply message to
the intermediary server, which then forwards it back on to the client.
All servers are concurrent and create a new process using fork() to handle
incoming connections.
The networking and SSL/TLS code has been modularized in order to better
facilitate servers acting as clients. Code that had previously been in the
ssl-client.c file is now in the client-tools.h and client-tools.c files, and
similarly with the server code now in the server-tools.h and server-tools.c
source files. The intermediary server code is in the source file
ssl-server-tier1.c and the Tier 2 server code is in the source file
ssl-server-tier2.c. They have significant differences due to the different
roles they play in the system.
RUNNING THE PROGRAMS
To run the Tier 2 server, simply run it from the command line as before:
./ssl-server-tier2 <port>
To run the Tier 1 server, you'll need to run it with command line option
switches, e.g.,
./ssl-server-tier1 -p <server port> -s <remote server name/IP> -o >remote server port>
To run the client, specify the name/address and port (optional) of the Tier 1
server, e.g.,
./ssl-client localhost:4433
or
./ssl-client 192.168.56.7:4433
KEYS AND CERTIFICATES
Each server will need a private encryption key and certificate. To create a
self-signed certificate your server can use, at the command prompt type:
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out cert.pem
This will create two files: a private key contained in the file 'key.pem' and a
certificate containing a public key in the file 'cert.pem'. Your servers will
require both in order to operate properly. The client requires neither.