Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
OWEALs
/
openssl
zrkadlo git://git.openssl.org/openssl.git
2
0
Fork 0
Súbory Issues 1 Wiki
Branch: OpenSSL-fips-2_0-dev
Branche Tagy
openssl
/
demos
/
ssl
/
serv.cpp

serv.cpp 4.2 KB
Permanentný odkaz História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152 
  1. /* serv.cpp  -  Minimal ssleay server for Unix
    2. 

  2.    30.9.1996, Sampo Kellomaki <sampo@iki.fi> */
    3. 

  3. 

  4. 

  5. /* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b
    6. 

  6.    Simplified to be even more minimal
    7. 

  7.    12/98 - 4/99 Wade Scholine <wades@mail.cybg.com> */
    8. 

  8. 

  9. #include <stdio.h>
    10. 

  10. #include <unistd.h>
    11. 

  11. #include <stdlib.h>
    12. 

  12. #include <memory.h>
    13. 

  13. #include <errno.h>
    14. 

  14. #include <sys/types.h>
    15. 

  15. #include <sys/socket.h>
    16. 

  16. #include <netinet/in.h>
    17. 

  17. #include <arpa/inet.h>
    18. 

  18. #include <netdb.h>
    19. 

  19. 

  20. #include <openssl/rsa.h>       /* SSLeay stuff */
    21. 

  21. #include <openssl/crypto.h>
    22. 

  22. #include <openssl/x509.h>
    23. 

  23. #include <openssl/pem.h>
    24. 

  24. #include <openssl/ssl.h>
    25. 

  25. #include <openssl/err.h>
    26. 

  26. 

  27. 

  28. /* define HOME to be dir for key and cert files... */
    29. 

  29. #define HOME "./"
    30. 

  30. /* Make these what you want for cert & key files */
    31. 

  31. #define CERTF  HOME "foo-cert.pem"
    32. 

  32. #define KEYF  HOME  "foo-cert.pem"
    33. 

  33. 

  34. 

  35. #define CHK_NULL(x) if ((x)==NULL) exit (1)
    36. 

  36. #define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
    37. 

  37. #define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
    38. 

  38. 

  39. void main ()
    40. 

  40. {
    41. 

  41.   int err;
    42. 

  42.   int listen_sd;
    43. 

  43.   int sd;
    44. 

  44.   struct sockaddr_in sa_serv;
    45. 

  45.   struct sockaddr_in sa_cli;
    46. 

  46.   size_t client_len;
    47. 

  47.   SSL_CTX* ctx;
    48. 

  48.   SSL*     ssl;
    49. 

  49.   X509*    client_cert;
    50. 

  50.   char*    str;
    51. 

  51.   char     buf [4096];
    52. 

  52.   SSL_METHOD *meth;
    53. 

  53.   
    54. 

  54.   /* SSL preliminaries. We keep the certificate and key with the context. */
    55. 

  55. 

  56.   SSL_load_error_strings();
    57. 

  57.   SSLeay_add_ssl_algorithms();
    58. 

  58.   meth = SSLv23_server_method();
    59. 

  59.   ctx = SSL_CTX_new (meth);
    60. 

  60.   if (!ctx) {
    61. 

  61.     ERR_print_errors_fp(stderr);
    62. 

  62.     exit(2);
    63. 

  63.   }
    64. 

  64.   
    65. 

  65.   if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) {
    66. 

  66.     ERR_print_errors_fp(stderr);
    67. 

  67.     exit(3);
    68. 

  68.   }
    69. 

  69.   if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) {
    70. 

  70.     ERR_print_errors_fp(stderr);
    71. 

  71.     exit(4);
    72. 

  72.   }
    73. 

  73. 

  74.   if (!SSL_CTX_check_private_key(ctx)) {
    75. 

  75.     fprintf(stderr,"Private key does not match the certificate public key\n");
    76. 

  76.     exit(5);
    77. 

  77.   }
    78. 

  78. 

  79.   /* ----------------------------------------------- */
    80. 

  80.   /* Prepare TCP socket for receiving connections */
    81. 

  81. 

  82.   listen_sd = socket (AF_INET, SOCK_STREAM, 0);   CHK_ERR(listen_sd, "socket");
    83. 

  83.   
    84. 

  84.   memset (&sa_serv, '\0', sizeof(sa_serv));
    85. 

  85.   sa_serv.sin_family      = AF_INET;
    86. 

  86.   sa_serv.sin_addr.s_addr = INADDR_ANY;
    87. 

  87.   sa_serv.sin_port        = htons (1111);          /* Server Port number */
    88. 

  88.   
    89. 

  89.   err = bind(listen_sd, (struct sockaddr*) &sa_serv,
    90. 

  90. 	     sizeof (sa_serv));                   CHK_ERR(err, "bind");
    91. 

  91. 	     
    92. 

  92.   /* Receive a TCP connection. */
    93. 

  93. 	     
    94. 

  94.   err = listen (listen_sd, 5);                    CHK_ERR(err, "listen");
    95. 

  95.   
    96. 

  96.   client_len = sizeof(sa_cli);
    97. 

  97.   sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len);
    98. 

  98.   CHK_ERR(sd, "accept");
    99. 

  99.   close (listen_sd);
    100. 

  100. 

  101.   printf ("Connection from %lx, port %x\n",
    102. 

  102. 	  sa_cli.sin_addr.s_addr, sa_cli.sin_port);
    103. 

  103.   
    104. 

  104.   /* ----------------------------------------------- */
    105. 

  105.   /* TCP connection is ready. Do server side SSL. */
    106. 

  106. 

  107.   ssl = SSL_new (ctx);                           CHK_NULL(ssl);
    108. 

  108.   SSL_set_fd (ssl, sd);
    109. 

  109.   err = SSL_accept (ssl);                        CHK_SSL(err);
    110. 

  110.   
    111. 

  111.   /* Get the cipher - opt */
    112. 

  112.   
    113. 

  113.   printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
    114. 

  114.   
    115. 

  115.   /* Get client's certificate (note: beware of dynamic allocation) - opt */
    116. 

  116. 

  117.   client_cert = SSL_get_peer_certificate (ssl);
    118. 

  118.   if (client_cert != NULL) {
    119. 

  119.     printf ("Client certificate:\n");
    120. 

  120.     
    121. 

  121.     str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
    122. 

  122.     CHK_NULL(str);
    123. 

  123.     printf ("\t subject: %s\n", str);
    124. 

  124.     OPENSSL_free (str);
    125. 

  125.     
    126. 

  126.     str = X509_NAME_oneline (X509_get_issuer_name  (client_cert), 0, 0);
    127. 

  127.     CHK_NULL(str);
    128. 

  128.     printf ("\t issuer: %s\n", str);
    129. 

  129.     OPENSSL_free (str);
    130. 

  130.     
    131. 

  131.     /* We could do all sorts of certificate verification stuff here before
    132. 

  132.        deallocating the certificate. */
    133. 

  133.     
    134. 

  134.     X509_free (client_cert);
    135. 

  135.   } else
    136. 

  136.     printf ("Client does not have certificate.\n");
    137. 

  137. 

  138.   /* DATA EXCHANGE - Receive message and send reply. */
    139. 

  139. 

  140.   err = SSL_read (ssl, buf, sizeof(buf) - 1);                   CHK_SSL(err);
    141. 

  141.   buf[err] = '\0';
    142. 

  142.   printf ("Got %d chars:'%s'\n", err, buf);
    143. 

  143.   
    144. 

  144.   err = SSL_write (ssl, "I hear you.", strlen("I hear you."));  CHK_SSL(err);
    145. 

  145. 

  146.   /* Clean up. */
    147. 

  147. 

  148.   close (sd);
    149. 

  149.   SSL_free (ssl);
    150. 

  150.   SSL_CTX_free (ctx);
    151. 

  151. }
    152. 

  152. /* EOF - serv.cpp */
    153.