XML-RPC for C and C++: HTTPS (SSL)

A lightweight RPC library based on XML and HTTP.

User Resources

Other Information

Contributor Resources

Related Projects

Copyright 2001 Eric Kidd. All rights reserved. The contents of this website may be distributed under the same license terms as XML-RPC for C/C++. Funding for the initial releases of XML-RPC for C/C++ was provided in part by First Peer, Inc.

HTTPS (SSL)

XML-RPC uses HTTP. However, a common variation of the protocol substitutes HTTPS, which uses SSL to encrypt the connections so that people can't snoop on them and clients and servers can't impersonate others.

Client

Xmlrpc-c provides facilities for building a client that uses HTTPS, using the HTTPS facilities of the Curl library.

Server

Xmlrpc-c's Abyss-based server facilities can do HTTPS. The function is based on the OpenSSL library, and you provide all of the SSL-related parameters via an SSL_CTX object that you set up using calls to OpenSSL.

This code is new, and is not yet documented, so if you want to use it, you'll have to look at header files, in particular xmlrpc-c/abyss_openssl.h (the C interface) and xmlrpc-c/AbyssChanSwitchOpenSsl.hpp (the C++ interface). Because you supply all the parameters via an SSL_CTX object, there really isn't much you need to know from the Xmlrpc-c side. Of course, the OpenSSL side is extremely difficult - you have to juggle the certificate, keys, parameter files, ciphers, etc. and make numerous calls to the OpenSSL library. There are building working examples in the examples directory of the Xmlrpc-c source tree. See ssl_server and ssl_secure_server.

You can also exploit lower level server facilities (method registry, XML-RPC call parsing, etc.) in Xmlrpc-c while handling the HTTPS part in your own code (instead of using Abyss).

Another option is to use stunnel. That is a program, not associated with Xmlrpc-c, that relays between an SSL port and a non-SSL port. You can set up a stunnel server that makes available to the world an SSL-XML-RPC port. That server connects via regular HTTP, so regular XML-RPC, to an Xmlrpc-c Abyss server. The stunnel server relays traffic between the two. For this to work, you have to make sure nobody untrusted can connect directly to the Abyss server, such as with a firewall at the TCP/IP level.

You can actually use stunnel on the client side as well, to connect a non-SSL-aware client to an SSL server. That is not as useful with Xmlrpc-c because it provides SSL-aware clients, but it might be easier than using XML-RPC SSL facilities in some applications.