Welcome to the Linux Foundation Forum!

SSH Authentication for custom C Server script using TCP on Linux, connected to by iOS app




I am currently trying to construct a working version of a trivia game client on iOS, that contacts a server (written in C) on Linux(Ubuntu on Linux server hosted by Amazon).

The client program has been able to successfully contact the server over a TCP connection and have it's message processed, with the server returning a result such as finding a match from MYSQL database.

I am now completely stuck when it comes to implementing an encrypted/secure connection to send information to this custom server script. I began reading about SSL, and using certificate-key authentication/authorization and establishing this connection from an iOS app by using the key from the device's keychain assuming its the proper key. This lead to reading about TSL. I get the idea of everything but since I have this idea of trying to implement a custom server to handle information sent in, I haven't understood how to implement a certificate-key handshake for connections coming in on this specific port that the custom server script listens to.

  1. Am I completely in the wrong direction thinking that I write the code to authenticate a server to a requesting user, within this script itself?
  2. Would a proper direction be to: Have the server running under a specific linux user that has predefined abilities and restrictions so that nearly all that is allowed is running this script and contacting the MYSQL database? And then somehow the certificate is applied to just that user which runs the server that listens on the port designated for clients?
  3. Am I completely misunderstanding how certificates-keys are to be applied and used when a client is attempting to connect to a given IP Address and Port Number over a TCP connection. For instance, would the iOS client attempt to contact the socket, and it would attempt verification with the main linux computer instance on amazon, and not the actual server script bound and listening to that same port, regardless.

Here is the linux server which uses fork() to create a new process on incoming connections:

Main function which uses fork


int main( int argc, char *argv[] ) { int sockfd, newsockfd, portno, clilen; char buffer[256]; struct sockaddr_in serv_addr, cli_addr; int n, pid; /* First call to socket() function */ sockfd = socket(AF_INET, SOCK_STREAM, 0); if (sockfd < 0) { perror("ERROR opening socket"); exit(1); } /* Initialize socket structure */ bzero((char *) &serv_addr, sizeof(serv_addr)); portno = 8888; serv_addr.sin_family = AF_INET; serv_addr.sin_addr.s_addr = INADDR_ANY; serv_addr.sin_port = htons(portno); /* Now bind the host address using bind() call.*/ if (bind(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0) { perror("ERROR on binding"); exit(1); } /* Now start listening for the clients, here * process will go in sleep mode and will wait * for the incoming connection */ listen(sockfd,5); clilen = sizeof(cli_addr); while ((newsockfd = accept(sockfd, (struct sockaddr *) &cli_addr, &clilen))) { // Here is where the connnection is accepted and a new socket is made from it // Then test cases to decide whether or not to fork the socket. (Test if it's empty.) if (newsockfd < 0) { perror("ERROR on accept"); exit(1); } printf("IP Address: %lu", cli_addr.sin_addr.s_addr); printf(" Port: %hu ", cli_addr.sin_port); // If the above new socket returns successful, the following is executed // The fork function creates a new process. /* Create child process */ pid = fork(); if (pid < 0) { perror("ERROR on fork"); exit(1); } // If the fork is created succesfully, pass the integer for the new socket to the fork's processing function. if (pid == 0) { /* This is the client process */ // Close the original socket close(sockfd); // Pass the copy of the socket ID to the new process doprocessing(newsockfd); // Then exit since the new process function will handle the already established socket connection exit(0); } else { close(newsockfd); } } }


The doprocessing() function 

void doprocessing (int sock) { int read_size; char client_message[2000]; char response_message[100]; char intArray[10] = {0}; while( (read_size = recv(sock , client_message , 2000 , 0)) > 0 ) { //DO CUSTOM SERVER STUFF HERE DEPENDING ON MESSAGE RECEIVED } else { printf("Match didnt work"); } if(read_size == 0) { puts("Client disconnected"); fflush(stdout); } else if(read_size == -1) { perror("recv failed"); }

I didn't include all of the code that comes after the server received a message and decides which functions to call to contact databases, etc... but I think I should note all of these functions are listed in the same script. I am currently doing this because I am just attempting to get everything running so I can see and understand the flow of information.

The main question is Where would I start implementing code that takes an incoming connection and goes through all of the SSL handshake steps to authenticate/authorize this server...

I have been reading everything I could find on the internet and the only thing I seem to come across is how to setup the certificates for a server like Apache, etc... and I feel like I don't understand how certificates are even implemented or if this is even a reasonable approach to writing a server script that can handle an SSL/TSL TCP connection, and process that data for queries to a MYSQL database that are on the same machine the server script is running on. Am I going about things the right way?

Thank you so much for any help! It is sincerely appreciated.


Sign In or Register to comment.