The default transmission mode is STREAM. On a stream file upload, the data connection is just closed. No command is sent. Just close the connection.
If you were to send a command, whatever you sent would be appended to the file.
The stream mode is unreliable because there is no EOF marker. Also, you must reopen the connection for each additional file. It is better to use BLOCKED or COMPRESSED for reliability and will improve performance when sending multiple small files, though there is a small overhead for the protocol.
Use the MODE command to set the transmission mode.
There are several steps when using OpenSSL. You must have an SSL certificate made which can contain the certificate with the private key be sure to specify the exact location of the certificate (this example has it in the root). There are a lot of good tutorials out there.
Some includes:
#include <openssl/applink.c>
#include <openssl/bio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
You will need to initialize OpenSSL:
void InitializeSSL()
{
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
}
void DestroySSL()
{
ERR_free_strings();
EVP_cleanup();
}
void ShutdownSSL()
{
SSL_shutdown(cSSL);
SSL_free(cSSL);
}
Now for the bulk of the functionality. You may want to add a while loop on connections.
int sockfd, newsockfd;
SSL_CTX *sslctx;
SSL *cSSL;
InitializeSSL();
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd< 0)
{
//Log and Error
return;
}
struct sockaddr_in saiServerAddress;
bzero((char *) &saiServerAddress, sizeof(saiServerAddress));
saiServerAddress.sin_family = AF_INET;
saiServerAddress.sin_addr.s_addr = serv_addr;
saiServerAddress.sin_port = htons(aPortNumber);
bind(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr));
listen(sockfd,5);
newsockfd = accept(sockfd, (struct sockaddr *) &cli_addr, &clilen);
sslctx = SSL_CTX_new( SSLv23_server_method());
SSL_CTX_set_options(sslctx, SSL_OP_SINGLE_DH_USE);
int use_cert = SSL_CTX_use_certificate_file(sslctx, "/serverCertificate.pem" , SSL_FILETYPE_PEM);
int use_prv = SSL_CTX_use_PrivateKey_file(sslctx, "/serverCertificate.pem", SSL_FILETYPE_PEM);
cSSL = SSL_new(sslctx);
SSL_set_fd(cSSL, newsockfd );
//Here is the SSL Accept portion. Now all reads and writes must use SSL
ssl_err = SSL_accept(cSSL);
if(ssl_err <= 0)
{
//Error occurred, log and close down ssl
ShutdownSSL();
}
You are then able read or write using:
SSL_read(cSSL, (char *)charBuffer, nBytesToRead);
SSL_write(cSSL, "Hi :3\n", 6);
Update
The SSL_CTX_new
should be called with the TLS method that best fits your needs in order to support the newer versions of security, instead of SSLv23_server_method()
. See:
OpenSSL SSL_CTX_new description
TLS_method(), TLS_server_method(), TLS_client_method().
These are the general-purpose version-flexible SSL/TLS methods. The actual protocol version used will be negotiated to the highest version mutually supported by the client and the server. The supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3.
Best Answer
I would have the server start accepting connections on that port (by calling
listen()
) before sending the 227 reply. If you wait until after sending the 227, the client may try to connect before you're accepting connections, and get a "connection refused" error.After calling
listen()
which starts the TCP system listening, you can callaccept()
whenever you're ready to start accepting connections. When to call that is an application-level decision (but obviously once the client sends a data transfer command, it will want to connect). Connections from the client will wait in an accept queue until the server actually callsaccept()
, which removes them from the accept queue.