Cryptography Reference
In-Depth Information
static char recv_buf[ BUFFER_SIZE + 1 ];
while ( ( received = recv( connection, recv_buf, BUFFER_SIZE, 0 ) ) > 0 )
{
recv_buf[ received ] = '\0';
printf( “%s”, recv_buf );
}
printf( “\n” );
}
This is all that's required to implement a bare-bones web client. Note, how-
ever, that because the socket created was a cleartext socket, everything that's
transmitted between the client and the server is observable, in plaintext, to
every host in between. In general, if you want to protect the transmission from
eavesdroppers, you establish an SSL context — that is,
secure the line
— prior to
sending the
GET
command.
Adding Support for HTTP Proxies
One important topic related to HTTP is the HTTP proxy. Proxies are a bit tricky
for SSL. Notice in Listing 1-4 that a socket had to be created from the client to the
server before a document could be requested. This means that the client had to
be able to construct a SYN packet, hand that off to a router, which hands it off to
another router, and so on until it's received by the server. The server then con-
structs its own SYN/ACK packet, hands it off, and so on until it's received by the
client. However, in corporate intranet environments, packets from outside
the corporate domain are not allowed in and vice versa. In effect, there is no
route from the client to the server with which it wants to connect.
In this scenario, it's typical to set up a
proxy server
that can connect to the
outside world, and have the client funnel its requests through the proxy. This
changes the dynamics a bit; the client establishes a socket connection with the
proxy server fi rst, and issues a GET request to it as shown in Figure 1-2. After
the proxy receives the GET request, the proxy examines the request to determine the
host name, resolves the IP address, connects to that IP address on behalf of
the client, re-issues the GET request, and forwards the response back to the
client. This subtly changes the dynamics of HTTP. What's important to notice is
that the client establishes a socket with the proxy server, and the GET request
now includes the full URL.
Because you may well be reading this behind such a fi rewalled environment,
and because proxies present some unique challenges for SSL, go ahead and add
proxy support to the minimal HTTP client developed in the preceding section.
First of all, you need to modify the main routine to accept an optional proxy
specifi cation parameter. A proxy specifi cation includes, of course, the hostname
of the proxy server itself, but it also typically allows a username and password
Search WWH ::
Custom Search