Cryptography Reference
In-Depth Information
the TLS handshake; no HTTP data can be transmitted until the handshake
is complete.
You can probably spot a problem with this approach. HTTP expects the very
fi rst byte(s) on the connection to be an HTTP command such as GET, PUT, POST,
and so on. The client has to have some way of warning the server that it's going
to start with a TLS negotiation rather than a plaintext HTTP command. The
solution adopted by HTTPS is to require secure connections to be established
on a separate port. If the client connects on port 80, the next expected commu-
nication is a valid HTTP command. If the client connects on port 443, the next
expected communication is a TLS handshake after which, if the handshake
is successful, an encrypted, authenticated valid HTTP command is expected.
Adding TLS Support to the HTTP Client
To add TLS support to the HTTP client developed in Chapter 1, you defi ne four
new top-level functions as shown in Listing 6-1.
Listing 6-1:
“tls.h” top-level function prototypes
/**
* Negotiate an TLS channel on an already-established connection
* (or die trying).
* @return 1 if successful, 0 if not.
*/
int tls_connect( int connection,
TLSParameters *parameters );
/**
* Send data over an established TLS channel. tls_connect must already
* have been called with this socket as a parameter.
*/
int tls_send( int connection,
const char *application_data,
int length,
int options,
TLSParameters *parameters );
/**
* Received data from an established TLS channel.
*/
int tls_recv( int connection,
char *target_buffer,
int buffer_size,
int options,
TLSParameters *parameters );
/**
* Orderly shutdown of the TLS channel (note that the socket itself will
Search WWH ::
Custom Search