Example program to implement a TLS server. It was written for demonstration and educational purposes.
- OpenSSL version 1.1.0 or later
- getdns library, for getdns version
- OCSP stapling
- DNSSEC Authentication chain extension
- session resumption
- 4 x 100 at SSLlabs given the right key and certificate is used
- based on sample code "Simple_TLS_Server" from https://wiki.openssl.org/
- DNSSEC Authentication chain extension based on the implementation of Shumon Huque available at https://github.com/shuque/chainserver
- session resumption worked after I read https://nachtimwald.com/2014/10/05/server-side-session-cache-in-openssl/
- OCSP implementaion was copied from nginx
$ make
cc -Wall -Wextra -Wpedantic -c -o main.o main.c
cc -Wall -Wextra -Wpedantic -c -o ocsp-stapling.o ocsp-stapling.c
cc -Wall -Wextra -Wpedantic -c -o dnssec-chain-extension.o dnssec-chain-extension.c
cc -Wall -Wextra -Wpedantic -lssl -lcrypto -lgetdns -o openssl-demo-server main.o ocsp-stapling.o dnssec-chain-extension.o
# /path/to/openssl-demo-server -h
Usage: openssl-demo-server [options]
-h: print this help message
-sname <name> server name default: $(fqdn)
-port <port> server port default: 443
-cert <file> server certificate file default: ./cert+intermediate.pem
-key <file> server private key file default: ./key.pem
-oscp <file> server ocsp response file default: ./ocsp.response
If the program cannot access the OCSP response file OCSP will be not used.
I'm sure there are some! For that reason: DO NOT USE that software on a production level system!