📄 serv.cpp
字号:
/* serv.cpp - Minimal ssleay server for Unix 30.9.1996, Sampo Kellomaki <sampo@iki.fi> *//* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b Simplified to be even more minimal 12/98 - 4/99 Wade Scholine <wades@mail.cybg.com> */#include <stdio.h>#include <stdlib.h>#include <memory.h>#include <errno.h>#include <sys/types.h>#include <winsock2.h>#include <openssl/rsa.h> /* SSLeay stuff */#include <openssl/crypto.h>#include <openssl/x509.h>#include <openssl/pem.h>#include <openssl/ssl.h>#include <openssl/err.h>#define CERTF "signedserver.crt"
#define KEYF "server.key"
#define CACERT "ca.crt"#define PORT 1111#define CHK_NULL(x) if ((x)==NULL) exit (1)#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }int main (){ int err; int listen_sd; int sd; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; int client_len; SSL_CTX* ctx; SSL* ssl; X509* client_cert; char* str; char buf [4096]; SSL_METHOD *meth; WSADATA wsaData;
if(WSAStartup(MAKEWORD(2,2),&wsaData) != 0)
{
printf("WSAStartup() fail:%d\n",GetLastError());
return -1;
} /* SSL preliminaries. We keep the certificate and key with the context. */ SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); meth = TLSv1_server_method();
ctx = SSL_CTX_new (meth); CHK_NULL(ctx);
SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL);
SSL_CTX_load_verify_locations(ctx,CACERT,NULL);
if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); exit(3); } if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); exit(4); } if (!SSL_CTX_check_private_key(ctx)) { fprintf(stderr,"Private key does not match the certificate public key\n"); exit(5); }
SSL_CTX_set_cipher_list(ctx,"RC4-MD5"); /* ----------------------------------------------- */ /* Prepare TCP socket for receiving connections */ printf("Begin TCP socket....\n");
listen_sd = socket (AF_INET, SOCK_STREAM, 0);
CHK_ERR(listen_sd, "socket"); memset (&sa_serv, '\0', sizeof(sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ err = bind(listen_sd, (struct sockaddr*) &sa_serv, sizeof (sa_serv));
CHK_ERR(err, "bind"); /* Receive a TCP connection. */ err = listen (listen_sd, 5);
CHK_ERR(err, "listen"); client_len = sizeof(sa_cli); sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len); CHK_ERR(sd, "accept"); closesocket (listen_sd); printf ("Connection from %lx, port %x\n", sa_cli.sin_addr.s_addr, sa_cli.sin_port); /* ----------------------------------------------- */ /* TCP connection is ready. Do server side SSL. */ ssl = SSL_new (ctx);
CHK_NULL(ssl); SSL_set_fd (ssl, sd); err = SSL_accept (ssl);
printf("SSL_accept finished\n");
CHK_SSL(err); /* Get the cipher - opt */ printf ("SSL connection using %s\n", SSL_get_cipher (ssl)); /* Get client's certificate (note: beware of dynamic allocation) - opt */ client_cert = SSL_get_peer_certificate (ssl); if (client_cert != NULL) { printf ("Client certificate:\n"); str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0); CHK_NULL(str); printf ("\t subject: %s\n", str); OPENSSL_free (str); str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0); CHK_NULL(str); printf ("\t issuer: %s\n", str); OPENSSL_free (str); /* We could do all sorts of certificate verification stuff here before deallocating the certificate. */ X509_free (client_cert); } else printf ("Client does not have certificate.\n"); /* DATA EXCHANGE - Receive message and send reply. */ err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err); buf[err] = '\0'; printf ("Got %d chars:'%s'\n", err, buf); err = SSL_write (ssl, "I hear you.", strlen("I hear you.")); CHK_SSL(err); /* Clean up. */ shutdown(sd,2); SSL_free (ssl); SSL_CTX_free (ctx);
return 0;}/* EOF - serv.cpp */⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -