Friday, December 13, 2024
Latest:
Linux serverlinux web serverNETWORK ADMINISTRATIONS

Making Minimalist HTTPS Server in C on Linux

In this video I will demonstrate how you can make a Simple HTTPS Web Server using the C Programming Language and OpenSSL library on Linux.

You can view the code I wrote in the video over here: https://gist.github.com/nir9/368b64f9e3105c2682568d86b8575e00

source

by Nir Lichtman

linux web server

You May Also Like

2024 June FOCUS Friday: Drilling into Designer, Mainframe FOCUS installation

Windows Server 2012 New Features: Best of TechEd

Alice AUSTIN

DevOps & SysAdmins: Postfix relay to multiple servers and multiple users

21 thoughts on “Making Minimalist HTTPS Server in C on Linux

  • – Notice that if you run the server quickly after running it before, bind might fail since the port may not be cleaned up yet, so I recommend running the server with ltrace/strace so you can actually see what is going on under the hood, my new video about the importance of error handling in c also talks about this specifically

  • aw your not writing a c implement of tls in 15 minutes

  • great stuff thanks, any chance of something similar but in Python?

  • This only works until a renegotiation is required, then calls to SSL_read() and/or SSL_write() will fail with SSL_ERROR_WANT_READ and/or SSL_ERROR_WANT_WRITE.
    Renegotiations are required after some amount of time, or some number of bytes are exchanged.
    I recommend looking into "BIO chains" and "filter BIOs", which enable you to use SSL_read()/SSL_write() as normal, as the renegotiations can be handled automagically.
    Specifically, take a look at BIO_new_ssl_connect(), which is used for both clients and servers.

  • I believe it's better to use separate TLS reverse proxies that will do TLS stuff and then pass the connection to next program by just connecting to localhost port or unix socket. It makes programs much simplier and can become a problem only on high load servers, where you don't want too many calls to write and read from programs because it's more user-kernel context switching.

  • Making short videos are good but giving overview about what you're going to do would make it better I mean explaining flow!

  • Geez I opened the video and BOOM! it was straight into the action no silly 1 minute long intro. Love it ❤!

  • Hey Nir, i used openssl commandline utility to generate key and cert. i changed "SSL_use_certificate_chain_file(ssl, "fullChain");" to "SSL_use_certificate_file(ssl, "key.pem", SSL_FILETYPE_PEM);" and ajusted file name.I compiled and ran it gave me an "The connection was reset
    The connection to the server was reset while the page was loading." error. can you help?

  • What kind of Linux/Windows bastard child abomination set up are you using

  • Ah you've read my mind! I just started messing around with sockets and was about to try my hand at developing a simple http server.

  • If you need to implement a production-grade HTTPS server in C++, Vinnie Falco's Beast library is the way to go.

  • These videos are so insightful, especially the way you show the man pages where you can find all this information. I literally didn't even know C library functions had man pages until I starting watching your content.

  • Narration: Great
    Content: Great
    Code Editor: C'mon man, use Visual Code

  • Interesting! Is this what NGINX does under the hood when configured as reverse proxy with SSL?

Comments are closed.