客户端代码如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
#include
<stdio.h>#include
<errno.h>#include
<unistd.h>#include
<malloc.h>#include
<string.h>#include
<sys/socket.h>#include
<resolv.h>#include
<netdb.h>#include
<openssl/ssl.h>#include
<openssl/err.h>#define
FAIL -1int OpenConnection(const char *hostname, int port){ int sd;struct hostent
*host;struct sockaddr_in
addr;if (
(host = gethostbyname(hostname)) == NULL ){ printf('Eroor:
%s\n',hostname); perror(hostname); abort();}sd
= socket(PF_INET, SOCK_STREAM, 0);bzero(&addr, sizeof(addr));addr.sin_family
= AF_INET;addr.sin_port
= htons(port);addr.sin_addr.s_addr
= *(long*)(host->h_addr);if (
connect(sd, (struct sockaddr*)&addr, sizeof(addr))
!= 0 ){ close(sd); perror(hostname); abort();}return sd;}SSL_CTX*
InitCTX(void){
SSL_METHOD *method;SSL_CTX
*ctx;OpenSSL_add_all_algorithms(); /*
Load cryptos, et.al. */SSL_load_error_strings(); /*
Bring in and register error messages */method
= SSLv2_client_method(); /*
Create new client-method instance */ctx
= SSL_CTX_new(method); /*
Create new context */if (
ctx == NULL ){ ERR_print_errors_fp(stderr); printf('Eroor:
%s\n',stderr); abort();}return ctx;}void ShowCerts(SSL*
ssl){
X509 *cert; char *line; cert
= SSL_get_peer_certificate(ssl); /*
get the server's certificate */ if (
cert != NULL ) { printf("Server
certificates:\n"); line
= X509_NAME_oneline(X509_get_subject_name(cert), 0, 0); printf("Subject:
%s\n",
line); free(line); /*
free the malloc'ed string */ line
= X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0); printf("Issuer:
%s\n",
line); free(line); /*
free the malloc'ed string */ X509_free(cert); /*
free the malloc'ed certificate copy */}else printf("No
certificates.\n");}int main(int count, char *strings[]){
SSL_CTX *ctx;int server;SSL
*ssl;char buf[1024];int bytes;char *hostname,
*portnum;if (
count != 3 ){ printf("usage:
%s <hostname> <portnum>\n",
strings[0]); exit(0);}SSL_library_init();hostname=strings[1];portnum=strings[2];ctx
= InitCTX();server
= OpenConnection(hostname, atoi(portnum));ssl
= SSL_new(ctx); /*
create new SSL connection state */SSL_set_fd(ssl,
server); /*
attach the socket descriptor */if (
SSL_connect(ssl) == FAIL ) /*
perform the connection */{ printf('Eroor:
%s\n',stderr); ERR_print_errors_fp(stderr);}else{ char *msg
= "HelloWorld"; printf("Connected
with %s encryption\n",
SSL_get_cipher(ssl)); ShowCerts(ssl); /*
get any certs */ SSL_write(ssl,
msg, strlen(msg)); /*
encrypt & send message */ bytes
= SSL_read(ssl, buf, sizeof(buf)); /*
get reply & decrypt */ buf[bytes]
= 0; printf("Received:
\"%s\"\n",
buf); SSL_free(ssl); /*
release connection state */}close(server); /*
close socket */SSL_CTX_free(ctx); /*
release context */return 0;} |
服务端代码如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
|
#include
<errno.h>#include
<unistd.h>#include
<malloc.h>#include
<string.h>#include
<arpa/inet.h>#include
<sys/socket.h>#include
<sys/types.h>#include
<netinet/in.h>#include
<resolv.h>#include
"openssl/ssl.h"#include
"openssl/err.h"#define
FAIL -1using namespace std;int OpenListener(int port){ int sd;struct sockaddr_in
addr;sd
= socket(PF_INET, SOCK_STREAM, 0);bzero(&addr, sizeof(addr));addr.sin_family
= AF_INET;addr.sin_port
= htons(port);addr.sin_addr.s_addr
= INADDR_ANY;if (
bind(sd, (struct sockaddr*)&addr, sizeof(addr))
!= 0 ){ perror("can't
bind port"); abort();}if (
listen(sd, 10) != 0 ){ perror("Can't
configure listening port"); abort();}return sd;}SSL_CTX*
InitServerCTX(void){SSL_CTX
*ctx = NULL; #if
OPENSSL_VERSION_NUMBER >= 0x10000000L const SSL_METHOD
*method; #else SSL_METHOD
*method; #endif SSL_library_init(); OpenSSL_add_all_algorithms(); /*
load & register all cryptos, etc. */ SSL_load_error_strings(); /*
load all error messages */ method
= SSLv23_client_method(); /*
create new server-method instance */ ctx
= SSL_CTX_new(method); /*
create new context from method */ if (
ctx == NULL ) { ERR_print_errors_fp(stderr); abort(); } return ctx;}void LoadCertificates(SSL_CTX*
ctx, char*
CertFile, char*
KeyFile){//New
lines if (SSL_CTX_load_verify_locations(ctx,
CertFile, KeyFile) != 1) ERR_print_errors_fp(stderr); if (SSL_CTX_set_default_verify_paths(ctx)
!= 1) ERR_print_errors_fp(stderr); //End
new lines/*
set the local certificate from CertFile */if (
SSL_CTX_use_certificate_file(ctx, CertFile, SSL_FILETYPE_PEM) <= 0 ){ ERR_print_errors_fp(stderr); abort();}/*
set the private key from KeyFile (may be the same as CertFile) */if (
SSL_CTX_use_PrivateKey_file(ctx, KeyFile, SSL_FILETYPE_PEM) <= 0 ){ ERR_print_errors_fp(stderr); abort();}/*
verify private key */if (
!SSL_CTX_check_private_key(ctx) ){ fprintf(stderr, "Private
key does not match the public certificate\n"); abort();}printf("LoadCertificates
Compleate Successfully.....\n");}void ShowCerts(SSL*
ssl){
X509 *cert;char *line;cert
= SSL_get_peer_certificate(ssl); /*
Get certificates (if available) */if (
cert != NULL ){ printf("Server
certificates:\n"); line
= X509_NAME_oneline(X509_get_subject_name(cert), 0, 0); printf("Subject:
%s\n",
line); free(line); line
= X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0); printf("Issuer:
%s\n",
line); free(line); X509_free(cert);}else printf("No
certificates.\n");}void Servlet(SSL*
ssl) /*
Serve the connection -- threadable */{ char buf[1024];char reply[1024];int sd,
bytes;const char*
HTMLecho="<html><body><pre>%s</pre></body></html>\n\n";if (
SSL_accept(ssl) == FAIL ) /*
do SSL-protocol accept */ ERR_print_errors_fp(stderr);else{ ShowCerts(ssl); /*
get any certificates */ bytes
= SSL_read(ssl, buf, sizeof(buf)); /*
get request */ if (
bytes > 0 ) { buf[bytes]
= 0; printf("Client
msg: \"%s\"\n",
buf); sprintf(reply,
HTMLecho, buf); /*
construct reply */ SSL_write(ssl,
reply, strlen(reply)); /*
send reply */ } else ERR_print_errors_fp(stderr);}sd
= SSL_get_fd(ssl); /*
get socket connection */SSL_free(ssl); /*
release SSL state */close(sd); /*
close connection */}int main(int count, char *strings[]){
SSL_CTX *ctx;int server;char *portnum;if (
count != 2 ){ printf("Usage:
%s <portnum>\n",
strings[0]); exit(0);}else{ printf("Usage:
%s <portnum>\n",
strings[1]);}SSL_library_init();portnum
= strings[1];ctx
= InitServerCTX(); /*
initialize SSL */LoadCertificates(ctx, "/home/stud/kawsar/mycert.pem", "/home/stud/kawsar/mycert.pem"); /*
load certs */server
= OpenListener(atoi(portnum)); /*
create server socket */while (1){ struct sockaddr_in
addr; socklen_t
len = sizeof(addr); SSL
*ssl; int client
= accept(server, (struct sockaddr*)&addr,
&len); /*
accept connection as usual */ printf("Connection:
%s:%d\n",inet_ntoa(addr.sin_addr),
ntohs(addr.sin_port)); ssl
= SSL_new(ctx); /*
get new SSL state with context */ SSL_set_fd(ssl,
client); /*
set connection socket to SSL state */ Servlet(ssl); /*
service connection */}close(server); /*
close server socket */SSL_CTX_free(ctx); /*
release context */} |
扫一扫
1464
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
