In this video I will demonstrate how you can make a Simple HTTPS Web Server using the C Programming Language and OpenSSL library on Linux. You can view the code I wrote in the video over here: github.com/nir9/welcome/tree/...
- Notice that if you run the server quickly after running it before, bind might fail since the port may not be cleaned up yet, so I recommend running the server with ltrace/strace so you can actually see what is going on under the hood, my new video about the importance of error handling in c also talks about this specifically
These videos are so insightful, especially the way you show the man pages where you can find all this information. I literally didn't even know C library functions had man pages until I starting watching your content.
The way you put the documentation digging into the videos is super helpful. The thing that's lost on me at this point is how you discover the functions you need to use before you hit the docs for each item.
Thanks for the feedback I will try talking more about the discovery as well on future videos, check out my man pages tips video for general tips about finding man pages.
Wow I guess Christmas came early this year. This opens up many possibilities with all kinds of web services. Only imagination is the limit! Thank you soo much!
I believe it's better to use separate TLS reverse proxies that will do TLS stuff and then pass the connection to next program by just connecting to localhost port or unix socket. It makes programs much simplier and can become a problem only on high load servers, where you don't want too many calls to write and read from programs because it's more user-kernel context switching.
I found out that if you hold F5 in the browser for a while it can make it 'crash'. It's not a real crash however, it's the SIGPIPE signal that is being fired and it happens when a pipe gets broken. You can capture this event with the 'signal' function if you are on Unix based systems, but no idea what the equivalent on Windows is. Once you've captured this signal, you can just ignore it and the server keeps running.
I don't think it's as simple as that. NGINX could be running TLS with http version 2 and it is redirecting the http request to a local web server that is not using TLS and is using http version 1.
Hey Nir, i used openssl commandline utility to generate key and cert. i changed "SSL_use_certificate_chain_file(ssl, "fullChain");" to "SSL_use_certificate_file(ssl, "key.pem", SSL_FILETYPE_PEM);" and ajusted file name.I compiled and ran it gave me an "The connection was reset The connection to the server was reset while the page was loading." error. can you help?
Is that the error you got from the web browser? Reason is probably because the certificate is self-signed, and the browser is rejecting the connection, if you want to try out the server you can use wget with the ignore cert option or try configurating the browser to accept the self-signed cert. If you want it to work out of the box you need to get a certificate signed by a certificate authority, on my setup in the video for example I used my certificate and private generated by let's encrypt which is a service that lets you easily get a certificate for your server
@@nirlichtman, update, i added an printf debug statement to nearly every function call wich prints its return value, and i found out that `bind()` returns an error (-1) when it doesnt work and success if it works (to download) could the reason be that in the code (because its not "production ready") an "un-bind" is missing?
@@ItsCOMMANDer_ There's no need to "unbind". The binding of the socket is released when the server socket is closed. If bind() is returning -1, then as you said, something is going wrong. When you get a failure, you should add code to print out the value of the errno special variable, to see what the error is. (See the bind(2) man page for more info.)
On most cases the man pages/docs are sufficient to help me do the preliminary research, but specifically in the case of OpenSSL, which has quite poor docs in my opinion, I had to also do online research
That is standard C syntax to initialize all array members with 0, as long as you are not using an old/weird C compiler, it works nicely :) devdocs.io/c/language/array_initialization