ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzab6_5.4.0.1/x1sslserver.htm

329 lines
14 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Example: Establish a secure server with SSL_ APIs" />
<meta name="abstract" content="In addition to creating secure applications using the GSKit APIs, you can also use the SSL_ APIs. SSL_ APIs only exist in the i5/OS operating system." />
<meta name="description" content="In addition to creating secure applications using the GSKit APIs, you can also use the SSL_ APIs. SSL_ APIs only exist in the i5/OS operating system." />
<meta name="DC.Relation" scheme="URI" content="x1ssl.htm" />
<meta name="DC.Relation" scheme="URI" content="cssl2.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/sslinit.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/sslinita.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/socket.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/listen.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/bind.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/accept.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/close.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/connec.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/sslcreat.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/ssldest.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/sslhands.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/sslread.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/sslwrite.htm" />
<meta name="DC.Relation" scheme="URI" content="x1sslclient.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2001, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2001, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="x1sslserver" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Example: Establish a secure server with SSL_ APIs</title>
</head>
<body id="x1sslserver"><a name="x1sslserver"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Example: Establish a secure server with SSL_ APIs</h1>
<div><p>In addition to creating secure applications using the GSKit APIs,
you can also use the SSL_ APIs. SSL_ APIs only exist in the i5/OS™ operating
system.</p>
<div class="section"><p>The following figure shows
the socket and SSL_APIs used to create a secure server.</p>
</div>
<div class="section"><p><br /><img src="rzab6501.gif" alt="This graphic shows the socket calls that are used to create a secure server and client." /><br /></p>
</div>
<div class="section"><h4 class="sectiontitle">Socket flow of events: Secure server that uses SSL_ APIs</h4><p>The
following description shows the relationship between the APIs that enable
an SSL server to perform and communicate with an SSL client:</p>
<ol><li>Either call <span class="apiname">SSL_Init()</span> or <span class="apiname">SSL_Init_Application()</span> to
initialize the job environment for SSL processing and to establish the SSL
security information for all SSL sessions that run in the current job. Only
one of these APIs should be used. It is preferred that you use the <span class="apiname">SSL_Init_Application()</span> API.
<div class="note"><span class="notetitle">Note:</span> The following example program uses the <span class="apiname">SSL_Init_Application</span> API.</div>
</li>
<li>The server calls <span class="apiname">socket()</span> to obtain a socket descriptor.</li>
<li>The server calls <span class="apiname">bind()</span>, <span class="apiname">listen()</span>,
and <span class="apiname">accept()</span> to activate a connection for a server program.</li>
<li>The server calls <span class="apiname">SSL_Create()</span> to enable SSL support
for the connected socket.</li>
<li>The server calls <span class="apiname">SSL_Handshake()</span> to initiate the SSL
handshake negotiation of the cryptographic parameters.</li>
<li>The server calls <span class="apiname">SSL_Write()</span> and <span class="apiname">SSL_Read()</span> to
send and receive data.</li>
<li>The server calls <span class="apiname">SSL_Destroy()</span> to disable SSL support
for the socket.</li>
<li>The server calls <span class="apiname">close()</span> to destroy the connected sockets.</li>
</ol>
</div>
<div class="section"><h4 class="sectiontitle">Socket flow of events: Secure client that uses SSL_ APIs</h4><ol><li>Either call <span class="apiname">SSL_Init()</span> or <span class="apiname">SSL_Init_Application()</span> to
initialize the job environment for SSL processing and to establish the SSL
security information for all SSL sessions that run in the current job. Only
one of these APIs should be used. It is preferred that you use the <span class="apiname">SSL_Init_Application</span> API.
<div class="note"><span class="notetitle">Note:</span> The following example program uses the <span class="apiname">SSL_Init_Application</span> API.</div>
</li>
<li>The client calls <span class="apiname">socket()</span> to obtain a socket descriptor.</li>
<li>The client calls <span class="apiname">connect()</span> to activate a connection
for a client program.</li>
<li>The client calls <span class="apiname">SSL_Create()</span> to enable SSL support
for the connected socket.</li>
<li>The client calls <span class="apiname">SSL_Handshake()</span> to initiate the SSL
handshake negotiation of the cryptographic parameters.</li>
<li>The client calls <span class="apiname">SSL_Read()</span> and <span class="apiname">SSL_Write()</span> to
receive and send data.</li>
<li>The client calls <span class="apiname">SSL_Destroy()</span> to disable SSL support
for the socket.</li>
<li>The client calls <span class="apiname">close()</span> to destroy the connected sockets.</li>
</ol>
</div>
<div class="section"><div class="p"> <div class="note"><span class="notetitle">Note:</span> The sample uses AF_INET address family; however, it can
be modified to use the AF_INET6 address family. By using the code examples,
you agree to the terms of the <a href="codedisclaimer.htm">Code license and disclaimer information</a>.</div>
</div>
<pre>/* SSL Server Program using SSL_Init_Application */
/* Assummes that application id is already registered */
/* and a certificate has been associated with the */
/* application id. */
/* No parameters, some comments and many hardcoded */
/* values to keep it short and simple */
/* use following command to create bound program: */
/* CRTBNDC PGM(MYLIB/SSLSERVAPP) */
/* SRCFILE(MYLIB/CSRC) */
/* SRCMBR(SSLSERVAPP) */
#include &lt;stdio.h&gt;
#include &lt;stdlib.h&gt;
#include &lt;sys/types.h&gt;
#include &lt;sys/socket.h&gt;
#include &lt;qsossl.h&gt;
#include &lt;netinet/in.h&gt;
#include &lt;arpa/inet.h&gt;
#include &lt;errno.h&gt;
void main(void)
{
SSLHandle *sslh;
SSLInitApp sslinit;
struct sockaddr_in address;
int buf_len, on = 1, rc = 0, sd, lsd, al;
char buff[1024];
/* only want to use 1 cipher suite */
unsigned short int cipher = SSL_RSA_WITH_RC4_128_SHA;
void * malloc_ptr = (void *) NULL;
unsigned int malloc_size = 8192;
/* memset sslinitapp structure to hex zeros */
memset((char *)&amp;sslinit, 0, sizeof(sslinit));
/* fill in values for sslinit app structure */
sslinit.applicationID = "MY_SERVER_APP";
sslinit.applicationIDLen = 13;
sslinit.localCertificate = NULL;
sslinit.localCertificateLen = 0;
sslinit.cipherSuiteList = NULL;
sslinit.cipherSuiteListLen = 0;
/* allocate and set pointers for certificate buffer */
malloc_ptr = (void*) malloc(malloc_size);
sslinit.localCertificate = (unsigned char*) malloc_ptr;
sslinit.localCertificateLen = malloc_size;
/* initialize ssl call SSL_Init_Application */
rc = SSL_Init_Application(&amp;sslinit);
if (rc != 0)
{
printf("SSL_Init_Application() failed with rc = %d and errno = %d.\n",
rc,errno);
return;
}
/* initialize a socket to be used for listening */
lsd = socket(AF_INET, SOCK_STREAM, 0);
if (lsd &lt; 0)
{
perror("socket() failed");
return;
}
/* set socket so can be reused immediately */
rc = setsockopt(lsd, SOL_SOCKET,
SO_REUSEADDR,
(char *)&amp;on,
sizeof(on));
if (rc &lt; 0)
{
perror("setsockopt() failed");
return;
}
/* bind to the local server address */
memset((char *) &amp;address, 0, sizeof(address));
address.sin_family = AF_INET;
address.sin_port = 13333;
address.sin_addr.s_addr = 0;
rc = bind(lsd, (struct sockaddr *) &amp;address, sizeof(address));
if (rc &lt; 0)
{
perror("bind() failed");
close(lsd);
return;
}
/* enable the socket for incoming client connections */
listen(lsd, 5);
if (rc &lt; 0)
{
perror("listen() failed");
close(lsd);
return;
}
/* accept an incoming client connection */
al = sizeof(address);
sd = accept(lsd, (struct sockaddr *) &amp;address, &amp;al);
if (sd &lt; 0)
{
perror("accept() failed");
close(lsd);
return;
}
/* enable SSL support for the socket */
sslh = SSL_Create(sd, SSL_ENCRYPT);
if (sslh == NULL)
{
printf("SSL_Create() failed with errno = %d.\n", errno);
close(lsd);
close(sd);
return;
}
/* set up parameters for handshake */
sslh -&gt; protocol = 0;
sslh -&gt; timeout = 0;
sslh -&gt; cipherSuiteList = &amp;cipher;
sslh -&gt; cipherSuiteListLen = 1;
/* initiate the SSL handshake */
rc = SSL_Handshake(sslh, SSL_HANDSHAKE_AS_SERVER);
if (rc != 0)
{
printf("SSL_Handshake() failed with rc = %d and errno = %d.\n",
rc, errno);
SSL_Destroy(sslh);
close(lsd);
close(sd);
return;
}
/* memset buffer to hex zeros */
memset((char *) buff, 0, sizeof(buff));
/* receive a message from the client using the secure session */
rc = SSL_Read(sslh, buff, sizeof(buff));
if (rc &lt; 0)
{
printf("SSL_Read() rc = %d and errno = %d.\n",rc,errno);
rc = SSL_Destroy(sslh);
if (rc != 0)
printf("SSL_Destroy() rc = %d and errno = %d.\n",rc,errno);
close(lsd);
close(sd);
return;
}
/* write results to screen */
printf("SSL_Read() read ...\n");
printf("%s\n",buff);
/* send the message to the client using the secure session */
buf_len = strlen(buff);
rc = SSL_Write(sslh, buff, buf_len);
if (rc != buf_len)
{
if (rc &lt; 0)
{
printf("SSL_Write() failed with rc = %d.\n",rc);
SSL_Destroy(sslh);
close(lsd);
close(sd);
return;
}
else
{
printf("SSL_Write() did not write all data.\n");
SSL_Destroy(sslh);
close(lsd);
close(sd);
return;
}
}
/* write results to screen */
printf("SSL_Write() wrote ...\n");
printf("%s\n",buff);
/* disable SSL support for the socket */
SSL_Destroy(sslh);
/* close the connection */
close(sd);
/* close the listening socket */
close(lsd);
return;
}</pre>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="x1ssl.htm" title="You can create secure server and clients using either the Global Secure ToolKit (GSKit) APIs or the Secure Sockets Layer (SSL_) APIs.">Examples: Establish secure connections</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="cssl2.htm" title="The SSL_ APIs allow programmers to create secure socket applications on iSeries.">SSL_ APIs</a></div>
</div>
<div class="relref"><strong>Related reference</strong><br />
<div><a href="x1sslclient.htm" title="This example enables a client application using the SSL_ APIs to communicate with a server application that uses the SSL_APIs.">Example: Establish a secure client with SSL_ APIs</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="../apis/sslinit.htm">SSL_Init()</a></div>
<div><a href="../apis/sslinita.htm">SSL_Init_Application()</a></div>
<div><a href="../apis/socket.htm">socket()</a></div>
<div><a href="../apis/listen.htm">listen()</a></div>
<div><a href="../apis/bind.htm">bind()</a></div>
<div><a href="../apis/accept.htm">accept()</a></div>
<div><a href="../apis/close.htm">close()</a></div>
<div><a href="../apis/connec.htm">connect()</a></div>
<div><a href="../apis/sslcreat.htm">SSL_Create()</a></div>
<div><a href="../apis/ssldest.htm">SSL_Destroy()</a></div>
<div><a href="../apis/sslhands.htm">SSL_Handshake()</a></div>
<div><a href="../apis/sslread.htm">SSL_Read()</a></div>
<div><a href="../apis/sslwrite.htm">SSL_Write()</a></div>
</div>
</div>
</body>
</html>