Implementing SSL/TLS Using Cryptography and PKI

Have questions or clarifications about Implementing SSL/TLS Using Cryptography and PKI? Please join the discussion below!

Add a comment:

Completely off-topic or spam comments will be removed at the discretion of the moderator.

You may preserve formatting (e.g. a code sample) by indenting with four spaces preceding the formatted line(s)

Name: Name is required
Email (will not be displayed publicly):
Comment:
Comment is required
gauss256, 2015-06-06
I'm working through the whole book but am digging into some specific parts that I want to be sure I understand well. Basically that means reading the man pages for some of the library functions and matching up the docs to the code provided. I'm working on Ubuntu 14.04.
That has led to one question from early on. In ch01/http.c there is this function call:
    client_connection = socket(PF_INET, SOCK_STREAM, 0);
    if (!client_connection) {
        perror("Unable to create local socket");
        return 2;
    }
The use of PF_INET vs AF_INET is probably not important, but the docs suggest that AF_INET is the more appropriate one.
More important is that the return value from socket is -1, and not 0, if there is an error. So the code should be the following, true?
    client_connection = socket(AF_INET, SOCK_STREAM, 0);
    if (client_connection == -1) {
        perror("Unable to create local socket");
        return 2;
    }
Josh, 2015-06-07
> the docs suggest that AF_INET is the more appropriate one.
Interesting. It does look like modern documentation suggests that you not use PF_INET; I've been using it so long, I didn't realize it had fallen out of fashion.
> the return value from socket is -1, and not 0, if there is an error
That, on the other hand, is a legitimate bug! You are absolutely correct - if you'd like, you can report it on the book's errata page. You're the first person to catch that; if there's a second printing, I'll make sure to correct it there.
gauss256, 2015-06-11
Speaking of functions falling out of fashion, current man pages describe gethostbyname() as obsolete. The replacement function, getaddrinfo() is more powerful but more complicated to call. The replacement code could be something like this: struct addrinfo hints; struct addrinfo *result; int rv; char servname[6]; memset(&hints, 0, sizeof hints); hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; snprintf(servname, sizeof(servname), "%u", proxy_host ? proxy_port : HTTP_PORT); rv = getaddrinfo(host, servname, &hints, &result); if (rv != 0) { fprintf(stderr, "getaddrinfo: %s\\n", gai_strerror(rv)); return 3; } rv = connect(client_connection, result->ai_addr, result->ai_addrlen); if (rv == -1) { perror("Unable to connect to host"); return 4; } freeaddrinfo(result);
My Book

I'm the author of the book "Implementing SSL/TLS Using Cryptography and PKI". Like the title says, this is a from-the-ground-up examination of the SSL protocol that provides security, integrity and privacy to most application-level internet protocols, most notably HTTP. I include the source code to a complete working SSL implementation, including the most popular cryptographic algorithms (DES, 3DES, RC4, AES, RSA, DSA, Diffie-Hellman, HMAC, MD5, SHA-1, SHA-256, and ECC), and show how they all fit together to provide transport-layer security.

My Picture

Joshua Davies

Past Posts