📄 stunnel_server.cpp
字号:
// stunnel_server.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include <stdio.h>
#include <stdlib.h>
#include <memory.h>
#include <errno.h>
#include <sys/types.h>
#include <winsock2.h>
#include "openssl/rsa.h"
#include "openssl/crypto.h"
#include "openssl/x509.h"
#include "openssl/pem.h"
#include "openssl/ssl.h"
#include "openssl/err.h"
/*所有需要的参数信息都在此处以#define的形式提供*/
#define CERTF "stunnel.pem" /*服务端的证书(需经CA签名)*/
#define KEYF "stunnel.pem" /*服务端的私钥(建议加密存储)*/
#define CACERT "eetrust.crt" /*CA 的证书*/
#define PORT 9104 /*准备绑定的端口*/
#define CHK_NULL(x) if ((x)==NULL) exit (1)
#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
int main ()
{
int err;
int listen_sd;
int sd;
int ret;
struct sockaddr_in sa_serv;
struct sockaddr_in sa_cli;
int client_len;
SSL_CTX* ctx; /*ssl的环境*/
SSL* ssl; /*ssl的套接字*/
X509* client_cert; /*证书结构*/
char* str;
char buf [4096];
SSL_METHOD *meth; /*ssl的加密方法*/
WSADATA wsaData;
if(WSAStartup(MAKEWORD(2,2),&wsaData) != 0){
printf("WSAStartup()fail:%d\n",GetLastError());
return -1;
}
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
meth = SSLv23_server_method();
ctx = SSL_CTX_new (meth);//申请SSL会话的环境 CTX/*返回当前的SSL连接环境的指针*/
CHK_NULL(ctx);
SSL_CTX_set_verify(ctx,SSL_VERIFY_NONE,NULL);
ret=SSL_CTX_load_verify_locations(ctx,CACERT,NULL);
ret=SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM);
if (ret <= 0)
{
ERR_print_errors_fp(stderr);
exit(3);
}
if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0)
{
ERR_print_errors_fp(stderr);
exit(4);
}
if (!SSL_CTX_check_private_key(ctx))
{
printf("Private key does not match the certificate public key\n");
exit(5);
}
SSL_CTX_set_cipher_list(ctx,"RC4-MD5"); //设置一种加密算法
///*开始正常的TCP socket过程.................................
printf("Begin TCP socket...\n");
listen_sd = socket (AF_INET, SOCK_STREAM, 0);
CHK_ERR(listen_sd, "socket");
memset (&sa_serv, '\0', sizeof(sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
sa_serv.sin_port = htons (PORT);
err = bind(listen_sd, (struct sockaddr*) &sa_serv, sizeof (sa_serv));
CHK_ERR(err, "bind");
//接受TCP链接
err = listen (listen_sd, 5);
CHK_ERR(err, "listen");
client_len = sizeof(sa_cli);
sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len);
CHK_ERR(sd, "accept");
//TCP连接已建立,进行服务端的SSL过程.
printf("Begin server side SSL\n");
ssl = SSL_new (ctx); //申请一个SSL套节字
CHK_NULL(ssl);
SSL_set_fd (ssl, sd);
err = SSL_accept (ssl);
printf("SSL_accept finished\n");
CHK_SSL(err);
/*打印所有加密算法的信息(可选)*/
printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
/*得到服务端的证书并打印些信息(可选) */
client_cert = SSL_get_peer_certificate (ssl); //握手完成后,便可以用此函数从SSL结构中提取出
//对方的证书(此时证书得到且已经验证过了)整理成X509
if (client_cert != NULL)
{
printf ("Client certificate:\n");
str = X509_NAME_oneline (X509_get_subject_name (client_cert)/*得到证书所有者的名字*/, 0, 0);
CHK_NULL(str);
printf ("\t subject: %s\n", str);
OPENSSL_free(str);
str = X509_NAME_oneline (X509_get_issuer_name (client_cert)/*得到证书签署者(往往是CA)的名字*/, 0, 0);
CHK_NULL(str);
printf ("\t issuer: %s\n", str);
OPENSSL_free(str);
X509_free (client_cert);/*如不再需要,需将证书释放 */
}
else
printf ("Client does not have certificate.\n");
/* 数据交换开始,用SSL_write,SSL_read代替write,read */
err = SSL_read (ssl, buf, sizeof(buf) - 1);
CHK_SSL(err);
buf[err] = '\0';
printf ("Got %d chars:'%s'\n", err, buf);
err = SSL_write (ssl, "I hear you.", strlen("I hear you."));
CHK_SSL(err);
/* 收尾工作*/
shutdown (sd,2);
SSL_free (ssl); //释放SSL套接字
SSL_CTX_free (ctx); //释放SSL环境
return 0;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -