We'll be right back, after this word...
Surprisingly enough the Bluetooth server “technology preview” has generated quite a bit of interest from potential clients, which is nice. In a similar spirit, I’m making the compiled version of our server that uses the OpenSSL Toolkit available for download. This code uses our freely available IOCP server framework and adds SSL support using OpenSSL. We have an SChannel version in the pipeline for those of you who don’t want to have anything to do with OpenAnything…
From a server developer’s point of view you needn’t know or care that SSL is enabled on the data stream. Your code doesn’t need to change unless you’re interested in validating certificates or dynamically enabling or disabling the SSL. Porting a non SSL server to the SSL enabled version of the IOCP framework simply requires that you derive from a different version of the server base class; the new base class provides exactly the same callbacks as the non SSL version so all other code is unchanged.
The zip file contains a compiled server which listens on ports 5001 and 5002. The server on port 5001 doesn’t require client certificates, the server on port 5001 does. The zip includes a simple client that’s based on the code that was featured in the article I had published in Windows Developer Magazine. The zip also includes a stress test which connects to the server on localhost:5001 with 1000 connections and sends 100 x 1024 byte packets to the server and checks that they come back correctly. The stress test uses the newly refactored IOCP framework for client connections using the same IOCP system that the server uses. The debug version of the server spews lots of information out as it does its work, so it runs a lot slower.
The server is based on our packet echo server example and expects a packet format which consists of an int sent in network byte order which contains the number of bytes in the packet (excluding the size of the int). The server will only process packets of up to 1020 bytes. The server uses a dynamically adjusting thread pool of between 5 and 20 threads to ‘process’ (echo) the packets. The server design is not in any way optimised, in fact, it’s designed to be complicated to thrash test the IOCP framework to OpenSSL shims; for example, it echoes each packet in three equal sized cleartext writes to socket layer, hence all the buffer allocations that can be seen in debug mode…
If you don’t have a packet sniffer and you want to prove to yourself that the bytes really are protected by SSL ;) then you can connect to the server with a web browser by running the server using the following url; https://localhost:5001 which will give the message “Too much data! Go away!” in the browser…
The OpenSSL libraries are linked statically to this server. You can get the source to OpenSSL from here. The apache-like license that OpenSSL is released under is available here, and in the zip.
Oh, and by the way, a word from our lawyers;
This software package uses strong cryptography, so even if it is created, maintained and distributed from liberal countries in Europe (where it is legal to do this), it falls under certain export/import and/or use restrictions in some other parts of the world.
*PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD. SO, BEFORE DOWNLOADING THE SAMPLE OR EVEN JUST EMAILING TECHNICAL QUESTIONS TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS OF OPENSSL AND THIS SAMPLE SERVER ARE NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.
The zip file is here.
The shims that allow us to connect our IOCP framework to the OpenSSL Toolkit are NOT publicly available at this time. We DO offer consulting relating to SSL server developments using this code and our freely available IOCP framework and we DO offer these shims and the latest version of The Server Framework for sale for use with the OpenSSL Toolkit in your systems. If you’re interested, contact me for details, or take a look here for pricing.
I can’t help thinking that any future blog entry that announces an SChannel version of this code will not need to be quite so wordy…
