A lightweight, educational HTTPS server implementation demonstrating systems programming, network engineering, and security concepts using C and OpenSSL.
This project showcases:
- Systems Programming: BSD Sockets API for low-level network communication
- Security & Cryptography: TLS/SSL handshake implementation using OpenSSL
- Network Engineering: TCP/IP and HTTPS protocol handling
- Memory Management: Proper allocation, deallocation, and error handling
simple-https-server/
βββ main.c # Main server implementation
βββ Makefile # Build configuration and automation
βββ README.md # Project documentation
βββ server.crt # SSL certificate (generated automatically)
βββ server.key # SSL private key (generated automatically)
βββ https_server # Compiled executable (after build)
Ubuntu/Debian:
sudo apt-get update
sudo apt-get install build-essential libssl-dev opensslCentOS/RHEL/Fedora:
sudo yum install gcc openssl-devel opensslmacOS:
# Install Xcode command line tools
xcode-select --install
# Install OpenSSL via Homebrew
brew install openssl
# Set environment variables for compilation
export CPPFLAGS="-I$(brew --prefix openssl)/include"
export LDFLAGS="-L$(brew --prefix openssl)/lib"The Makefile includes convenience targets:
make install-deps-debian # For Ubuntu/Debian
make install-deps-redhat # For CentOS/RHEL/Fedora
make install-deps-macos # For macOS# Clone or download the project files
# Navigate to the project directory
# Build everything (server + certificates)
make all
# Run the server
./https_serverOpen your web browser and navigate to:
https://localhost:8443
Note: You'll see a security warning because we're using a self-signed certificate. Click "Advanced" and "Proceed to localhost" to continue.
curl -k https://localhost:8443| Target | Description |
|---|---|
make all |
Build server and generate certificates |
make https_server |
Build only the server executable |
make certificates |
Generate self-signed SSL certificates |
make clean |
Remove build files |
make clean-all |
Remove build files and certificates |
make test |
Build and test the server automatically |
make help |
Show available targets |
The server is compiled with these flags:
-lssl -lcrypto: Link against OpenSSL libraries-Wall -Wextra: Enable comprehensive warnings-std=c99: Use C99 standard-O2: Optimize for performance-g: Include debugging information
The Makefile automatically generates a self-signed certificate with:
- Algorithm: RSA 2048-bit
- Validity: 365 days
- Subject: CN=localhost, O=Test Server, C=US
- Minimum TLS Version: TLS 1.2
- Cipher Suites: Modern secure ciphers (handled by OpenSSL)
- Certificate Validation: Automatic certificate/key matching
- Port: 8443 (standard HTTPS alternative port)
- Protocol: TCP/IP with TLS encryption
- Binding: All network interfaces (0.0.0.0)
- Backlog: 10 pending connections
- Socket Creation: Create TCP socket using BSD Sockets API
- SSL Context: Initialize OpenSSL context with TLS configuration
- Certificate Loading: Load server certificate and private key
- Client Accept: Accept incoming TCP connection
- SSL Handshake: Perform TLS handshake to establish encryption
- Data Exchange: Read HTTP request and send HTML response
- Connection Cleanup: Properly close SSL and socket connections
- File Descriptors: Managing socket file descriptors
- Process Signals: Graceful shutdown handling
- Memory Management: Dynamic allocation with proper cleanup
- Error Handling: Comprehensive error checking and reporting
- Socket Programming: Creating, binding, listening, and accepting connections
- TCP Protocol: Understanding connection-oriented communication
- HTTP Protocol: Parsing requests and formatting responses
- Client/Server Architecture: Request-response communication pattern
- Public Key Infrastructure: Certificate and private key usage
- TLS Handshake: Establishing secure, encrypted connections
- Cryptographic Libraries: Integrating OpenSSL for security
- Certificate Management: Loading and validating certificates
The current implementation handles one connection at a time. To extend for multiple concurrent connections:
#include <pthread.h>
// Thread function for handling clients
void* client_handler(void* arg) {
SSL* ssl = (SSL*)arg;
handle_client(ssl);
SSL_shutdown(ssl);
SSL_free(ssl);
return NULL;
}
// In main loop, create thread for each connection
pthread_t thread;
pthread_create(&thread, NULL, client_handler, ssl);
pthread_detach(thread);#include <sys/wait.h>
// In main loop, fork for each connection
pid_t pid = fork();
if (pid == 0) {
// Child process handles client
close(server_socket);
handle_client(ssl);
exit(0);
} else if (pid > 0) {
// Parent process continues listening
SSL_free(ssl);
close(client_socket);
}OpenSSL not found:
# Install development headers
sudo apt-get install libssl-dev # Ubuntu/DebianCertificate errors:
# Regenerate certificates
make clean-all
make certificatesPermission denied on port 8443:
# Use unprivileged port or run with sudo
./https_server
# or modify SERVER_PORT in main.c to use port > 1024Connection refused:
- Check if server is running:
ps aux | grep https_server - Verify port is not in use:
netstat -an | grep 8443 - Check firewall settings
Compile with debug symbols and run with GDB:
make clean
make CFLAGS="-Wall -Wextra -std=c99 -g -DDEBUG"
gdb ./https_serverThis is an educational project. Feel free to:
- Add more HTTP methods (POST, PUT, DELETE)
- Implement HTTP/2 support
- Add configuration file support
- Enhance error handling and logging
- Add unit tests