You can use these sockets
and System SSL calls to enable a server program to communicate with
a client program.
To create a stream socket to which client programs can connect,
use this function call:
int server_sock;
server_sock = socket(AF_INET, SOCK_STREAM, 0);
Now that the server program socket is created, bind the socket
to a port (for example, 1234) that is known to the client program
using this function call:
int rc;
int namelength;
struct sockaddr_in name;
nameLength = sizeof(name);
memset(&name, ’\0’, nameLength);
name.sin_family = AF_INET;
name.sin_port = 1234;
name.sin_addr.s_addr = INADDR_ANY;
rc = bind(server_sock, (struct sockaddr *)&name, nameLength);
To make the server program socket ready to listen for incoming
connection request, use this function call:
int rc;
rc = listen(server_sock, 5); /* allow max of 5 connections */
The server program is now ready to begin accepting connections
from client programs. To accept connections, use these function calls:
int client_sock;
int incomingNameLength;
struct sockaddr_in incomingName;
client_sock = accept(server_sock, (struct sockaddr *)incomingName, &incomingNameLength);
After successfully accepting a connection from a client program,
the server program must establish the secure socket connection which
will result in the SSL handshake being performed. Once the handshake
is completed, secure transfer of application data can be done. The
secure socket connection is established with these attribute values:
- The socket descriptor over which the communication is to occur.
- Certificate with label "ServerCertLabel"
- The type of handshake (for example, server) to be performed.
- The set of SSL protocol cipher specifications to be allowed for
the secure session specified using 4-character cipher specifications
. (For example, ciphers utilizing a RSA key exchange with either AES
128/256 or 3DES encryption.) The cipher is selected by the System
SSL server program according to the server's order of usage preference.
- The 4-character cipher specification list in GSK_V3_CIPHER_SPECS_EXPANDED
is used.
- The address of a routine to be called by System SSL to read data
from the socket for the secure session.
- The address of a routine to be called by System SSL to write data
on the socket for the secure session.
gsk_handle soc_handle;
int rc;
gsk_iocallback local_io = {secureSocRecv, secureSocSend, NULL, NULL, NULL, NULL};
rc = gsk_secure_socket_open(env_handle, &soc_handle);
rc = gsk_attribute_set_numeric_value(soc_handle, GSK_FD, client_sock);
rc = gsk_attribute_set_buffer(soc_handle, GSK_KEYRING_LABEL, "ServerCertLabel",0);
rc = gsk_attribute_set_enum(soc_handle, GSK_SESSION_TYPE, GSK_SERVER_SESSION);
rc = gsk_attribute_set_buffer(soc_handle, GSK_V3_CIPHER_SPECS_EXPANDED, "0035002F000A",0);
rc = gsk_attribute_set_enum(soc_handle, GSK_V3_CIPHERS, GSK_V3_CIPHERS_CHAR4);
rc = gsk_attribute_set_callback(soc_handle, GSK_IO_CALLBACK, &local_io);
rc = gsk_secure_socket_init(soc_handle);
The System SSL program should provide the function to send and
receive data over the application socket. For more information, see I/O routine replacement. Use these function calls, send() and recv(),
to send and receive the application data.
int secureSocRecv(int fd, void *data, int len, char *user_data) {
return( recv( fd, data, len,0 ));
}
int secureSocSend(int fd, void *data, int len, char *user_data) {
return( send( fd, data, len,0 ));
}
After the server program successfully calls gsk_secure_socket_init(),
it can now read and write data securely over the application socket.
To read application data from the application socket, use this code:
int rc;
int buffer_length;
int length_read;
char *data_buffer;
rc = gsk_secure_socket_read(soc_handle, data_buffer, buffer_length, &length_read);
To write application data over the application socket, use this
code:
int rc;
int buffer_length;
int length_written;
char *data_buffer;
rc = gsk_secure_socket_write(soc_handle, data_buffer, buffer_length, &length_written);
Once the server program is finished using the application socket
to securely send and receive data, it must free all of the System
SSL resources for the SSL session and close the socket. To free the
System SSL resource for the SSL session, use the gsk_secure_socket_close() call:
gsk_secure_socket_close(&soc_handle);
To free the resources used by the SSL environment, use the gsk_environment_close() call:
gsk_environment_close(&env_handle);
Finally, to close the application socket, use this function call:
int rc;
rc = close(client_sock);