1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158
| #include <stdio.h> #include <openssl/x509.h> #include <openssl/ssl.h> #include <openssl/err.h> #include <stdlib.h> #include <errno.h> #include <string.h> #include <sys/types.h> #include <netinet/in.h> #include <sys/socket.h> #include <sys/wait.h> #include <unistd.h> #include <arpa/inet.h> #include <openssl/ssl.h> #include <openssl/err.h> #include <curses.h> #define MSGLENGTH 1024 #define PORT 7979 #define CACERT "./private/ca.crt" #define SVRCERTF "./certs/server.crt" #define SVRKEYF "./private/server.key" #define ADDRESS “127.0.0.1” int main () { int sock; SSL_METHOD *meth; SSL_CTX *ctx; SSL *ssl;
SSL_library_init();
OpenSSL_add_ssl_algorithms ();
SSL_load_error_strings (); meth = (SSL_METHOD *) TLSv1_server_method (); ctx = SSL_CTX_new (meth); if (NULL == ctx) exit (1); SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER, NULL); SSL_CTX_load_verify_locations (ctx, CACERT, NULL);
if (0 == SSL_CTX_use_certificate_file (ctx, SVRCERTF, SSL_FILETYPE_PEM)) { ERR_print_errors_fp (stderr); exit (1); } if (0 == SSL_CTX_use_PrivateKey_file (ctx, SVRKEYF, SSL_FILETYPE_PEM)) { ERR_print_errors_fp (stderr); exit (1); } if (!SSL_CTX_check_private_key (ctx)) { printf ("Private key does not match the certificate public key\n"); exit (1); } SSL_CTX_set_cipher_list (ctx, "RC4-MD5"); SSL_CTX_set_mode (ctx, SSL_MODE_AUTO_RETRY); printf ("Begin tcp socket...\n"); sock = socket (AF_INET, SOCK_STREAM, 0); if (sock == -1) { printf ("SOCKET error! \n"); return 0; }
struct sockaddr_in addr; memset (&addr, '\0', sizeof (addr)); addr.sin_family = AF_INET; addr.sin_port = htons (PORT);
addr.sin_addr.s_addr = inet_addr(ADDRESS);
int nResult = bind (sock, (struct sockaddr *) &addr, sizeof (addr)); if (nResult == -1) { printf ("bind socket error\n"); return 0; } printf ("server start successfully,port:%d\nwaiting for connections\n", PORT); struct sockaddr_in sa_cli;
int err = listen (sock, 5); if (-1 == err) exit (1); int client_len = sizeof (sa_cli);
int ss = accept (sock, (struct sockaddr *) &sa_cli, &client_len); if (ss == -1) { exit (1); } close (sock); printf ("Connection from %d, port %d\n", sa_cli.sin_addr.s_addr, sa_cli.sin_port); ssl = SSL_new (ctx); if (NULL == ssl) exit (1); if (0 == SSL_set_fd (ssl, ss)) { printf ("Attach to Line fail!\n"); exit (1); } int k = SSL_accept (ssl); if (0 == k) { printf ("%d/n", k); printf ("SSL connect fail!\n"); exit (1); } X509 *client_cert; client_cert = SSL_get_peer_certificate (ssl); printf ("find a customer to try to connect\n"); if (client_cert != NULL) { printf ("Client certificate:\n"); char *str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0); if (NULL == str) { printf ("auth error!\n"); exit (1); } printf ("subject: %s\n", str); str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0); if (NULL == str) { printf ("certificate name is null\n"); exit (1); } printf ("issuer: %s\n", str); printf ("connect successfully\n"); X509_free (client_cert); OPENSSL_free (str); } else { printf ("can not find the customer's certificate\n"); exit (1); } char buf[MSGLENGTH]; SSL_write (ssl, "Server is connect to you!\n", strlen ("Server is connect to you!\n")); printf ("Listen to the client: \n"); while (1) { err = SSL_read (ssl, buf, sizeof (buf)); buf[err] = '\0'; printf ("%s\n", buf); } SSL_shutdown (ssl); SSL_free (ssl); SSL_CTX_free (ctx); getch (); return 0; }
|