cli.cpp

使用openssl的SSL下的SOCKET客户端

/* cli.cpp  -  Minimal ssleay client for Unix
   30.9.1996, Sampo Kellomaki <sampo@iki.fi> */


#include <stdio.h>
#include <memory.h>
#include <errno.h>
#include <sys/types.h>
#include <winsock2.h>

#include <openssl/rsa.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/rand.h>


#define CERTF "signedclient.crt"
#define KEYF "client.key"
#define CACERT "ca.crt"
#define PORT  1111
#define SERVER_ADDR "127.0.0.1"

#define CHK_NULL(x) if ((x)==NULL) exit (-1)
#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(-2); }
#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(-3); }

int main ()
{
  int err;
  int sd;
  struct sockaddr_in sa;
  SSL_CTX* ctx;
  SSL*     ssl;
  X509*    server_cert;
  char*    str;
  char     buf [4096];
  SSL_METHOD *meth;
  int   seed_int[100];
  
  WSADATA wsaData;
  
  if(WSAStartup(MAKEWORD(2,2),&wsaData)!= 0)
  {
	  printf("WSAStartup() fail:%d\n",GetLastError());
	  return -1;
  }

  OpenSSL_add_ssl_algorithms();
  SSL_load_error_strings();
  meth = TLSv1_client_method();
  ctx = SSL_CTX_new (meth);
  CHK_NULL(ctx);

  SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL);
  SSL_CTX_load_verify_locations(ctx,CACERT,NULL);

  if(SSL_CTX_use_certificate_file(ctx,CERTF,SSL_FILETYPE_PEM) <= 0)
  {
	  ERR_print_errors_fp(stderr);
	  exit(-2);
  }
  if(SSL_CTX_use_PrivateKey_file(ctx,KEYF,SSL_FILETYPE_PEM) <= 0)
  {
	  ERR_print_errors_fp(stderr);
	  exit(-3);
  }
  
  if(!SSL_CTX_check_private_key(ctx))
  {
	  printf("Private key does not match the certification public key\n");
	  exit(-4);
  }
  //构建随机数生成机制，WIN32平台所必需
  srand((unsigned int)time(NULL));
  for(int i=0;i<100;i++)
	  seed_int[i] = rand();
  RAND_seed(seed_int,sizeof(seed_int));

  //以下是正常的TCP SOCKET建立过程

  sd = socket (AF_INET, SOCK_STREAM, 0);    
  
  CHK_ERR(sd, "socket");
 
  memset (&sa, '\0', sizeof(sa));
  sa.sin_family      = AF_INET;
  sa.sin_addr.s_addr = inet_addr (SERVER_ADDR);   /* Server IP */
  sa.sin_port        = htons     (PORT);          /* Server Port number */
  
  err = connect(sd, (struct sockaddr*) &sa,
		sizeof(sa));                  
  
  CHK_ERR(err, "connect");

  /* ----------------------------------------------- */
  /* Now we have TCP conncetion. Start SSL negotiation. */
  
  ssl = SSL_new (ctx);
  CHK_NULL(ssl);    
  
  SSL_set_fd (ssl, sd);
  err = SSL_connect (ssl);
  CHK_SSL(err);
    
  /* Following two steps are optional and not required for
     data exchange to be successful. */
  
  /* Get the cipher - opt */

  printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
  
  /* Get server's certificate (note: beware of dynamic allocation) - opt */

  server_cert = SSL_get_peer_certificate (ssl); 
  CHK_NULL(server_cert);
  printf ("Server certificate:\n");
  
  str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0);
  CHK_NULL(str);
  printf ("\t subject: %s\n", str);
  OPENSSL_free (str);

  str = X509_NAME_oneline (X509_get_issuer_name  (server_cert),0,0);
  CHK_NULL(str);
  printf ("\t issuer: %s\n", str);
  OPENSSL_free (str);

  /* We could do all sorts of certificate verification stuff here before
     deallocating the certificate. */

  X509_free (server_cert);
  
  /* --------------------------------------------------- */
  /* DATA EXCHANGE - Send a message and receive a reply. */

  err = SSL_write (ssl, "Hello World!", strlen("Hello World!")); 
  CHK_SSL(err);
  
  err = SSL_read (ssl, buf, sizeof(buf) - 1); 
  CHK_SSL(err);
  buf[err] = '\0';
  printf ("Got %d chars:'%s'\n", err, buf);
  SSL_shutdown (ssl);  /* send SSL/TLS close_notify */

  /* Clean up. */

  shutdown(sd,2);
  
  SSL_free (ssl);
  SSL_CTX_free (ctx);

  return 0;
}
/* EOF - cli.cpp */