概述
本文主要讲到了openssl的基本使用方法,开发环境为windows,开发工具为VS2019.本文主要是说明openssl如何使用,不介绍任何理论知识,如果有不懂的,请自行百度。个人建议下一个everything查询工具,真的很好用,比window自带的查询快了很多,可以查询自己想要的文件
OPENSSL安装
安装过程网上有很多,OPENSSL安装,注意你安装的OPENSSL的版本以及位数(32位或者64位),假如我安装的是64位的openssl,安装目录为D:\Program Files\OpenSSL-Win64,你可以自行选择你的安装目录,安装完成后,查看安装的openssl版本,使用控制台输入openssl version即可
秘钥key和公钥的生成
在控制命令行中输入以下命令:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365
网上有很多生成秘钥和公钥的文章,不过都没成功,最后在stackoverflow找到了可以用的方法,原文地址为:openssl秘钥和公钥的生成,以下是截图
Enter PEM pass phrase:提示输入pem文件的密码,注意,后面要用到这个密码,可以使用自己常用的密码,输入后会再次确认密码,然后就是一些基本信息,可以默认为空。截图如下,基本上这时候就得到了秘钥key.pem和公钥cert.pem,后面要用到这2个文件。,生成的位置为当前目录,比如我的就是在C:\Users\86138,即控制台的显示目录。
项目设置
使用VS创建一个控制台项目,创建一个客户端和服务器项目,由于我下载的是64位,openssl3.0版本。因此我项目也是64位的。
项目的配置,服务器端和客户端都是相同配置,这里我就只说一个即可,主要是设置openssl的lib和头文件的路径,这和使用任外部库都是一样的。截图如下,注意我的openssl安装位置为D:\Program Files\OpenSSL-Win64,请选择你安装位置即可。
预处理器里添加2个定义:CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;
附加依赖项:libssl.lib;openssl.lib;libcrypto.lib;liblegacy.lib;
最后将前面生成的cert.pem和key.pem放到exe目录下,为什么放到这个目录,是因为下面的代码用到的这2个文件是当前目录,不管怎么样,只要能找到这2个文件即可。
配置很简单,就上面几步,基本上就可以了。
代码部分
客户端代码
#include <stdio.h>
#include <errno.h>
#include <malloc.h>
#include <string.h>
# include <winsock2.h>
#include <ws2tcpip.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#define FAIL -1
#pragma comment(lib, "Ws2_32.lib")
//Added the LoadCertificates how in the server-side makes.
int OpenConnection(const char* hostname, int port)
{
SOCKET sd;
struct hostent* host;
struct sockaddr_in addr;
WORD wVersionRequested;
WSADATA wsaData;
int err;
/* Use the MAKEWORD(lowbyte, highbyte) macro declared in Windef.h */
wVersionRequested = MAKEWORD(2, 2);
err = WSAStartup(wVersionRequested, &wsaData);
if (err != 0)
{
/* Tell the user that we could not find a usable */
/* Winsock DLL. */
printf("WSAStartup failed with error: %d\n", err);
return 1;
}
sd = socket(PF_INET, SOCK_STREAM, 0);
/bzero(&addr, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = inet_addr(hostname);
int ret = connect(sd, (struct sockaddr*)&addr, sizeof(addr));
if ( ret != 0)
{
//close(sd);
perror(hostname);
abort();
}
return sd;
}
SSL_CTX* InitCTX(void)
{
//SSL_METHOD* method;
SSL_CTX* ctx;
//OpenSSL_add_all_algorithms(); /* Load cryptos, et.al. */
SSL_load_error_strings(); /* Bring in and register error messages */
SSL_METHOD const* meth = SSLv23_client_method(); /* Create new client-method instance */
//method = TLSv1_method();
ctx = SSL_CTX_new(meth); /* Create new context */
if (ctx == NULL)
{
ERR_print_errors_fp(stderr);
printf("Eroor: %s\n", stderr);
abort();
}
return ctx;
}
void ShowCerts(SSL* ssl)
{
X509* cert;
char* line1, * line2;
cert = SSL_get_peer_certificate(ssl); /* get the server's certificate */
if (cert != NULL)
{
printf("Server certificates:\n");
line1 = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
printf("Subject: %s\n", line1);
//free(line); /* free the malloc'ed string */
line2 = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
printf("Issuer: %s\n", line2);
//free(line); /* free the malloc'ed string */
//X509_free(cert); /* free the malloc'ed certificate copy */
}
else
printf("No certificates.\n");
}
int main(int count, char* strings[])
{
SSL_CTX* ctx;
SOCKET server;
SSL* ssl;
char buf[1024];
int bytes;
char const *hostname, *portnum;
SSL_library_init();
hostname = "127.0.0.1";
portnum = "1030";
ctx = InitCTX();
server = OpenConnection(hostname, atoi(portnum));
ssl = SSL_new(ctx); /* create new SSL connection state */
//SSL_set_fd(ssl, server); /* attach the socket descriptor */
BIO* bio = BIO_new_socket(server, BIO_NOCLOSE);
SSL_set_bio(ssl, bio, bio);
SSL_set_connect_state(ssl);
if (SSL_connect(ssl) == FAIL) /* perform the connection */
{
printf("Eroor: %s\n", stderr);
ERR_print_errors_fp(stderr);
}
else
{
printf("Connected with %s encryption\n", SSL_get_cipher(ssl));
ShowCerts(ssl); /* get any certs */
while (1)
{
char p[100];
printf("please input sned msg: ");
gets(p);
printf("strlen:%d,%s\n", strlen(p), p);
SSL_write(ssl, p, strlen(p)); /* encrypt & send message */
bytes = SSL_read(ssl, buf, sizeof(buf)); /* get reply & decrypt */
if (bytes >= 0)
{
buf[bytes] = '\0';
printf("Received: \"%s\"\n", buf);
}
else
{
SSL_ERROR_WANT_READ;
int error = SSL_get_error(ssl, bytes);
printf("error:%d\n", error);
break;
}
}
SSL_shutdown(ssl);
SSL_free(ssl); /* release connection state */
}
SSL_CTX_free(ctx); /* release context */
getchar();
return 0;
}
服务器端代码
#include <errno.h>
#include <malloc.h>
#include <string.h>
# include <winsock2.h>
# include <ws2tcpip.h>
#include "openssl/ssl.h"
#include "openssl/err.h"
#ifdef __cplusplus
extern "C" {
#endif
#include "openssl/applink.c"
#ifdef __cplusplus
}
#endif
#define FAIL -1
#pragma comment(lib, "Ws2_32.lib")
int OpenListener(WORD port)
{
SOCKET m_socket;
WORD wVersionRequested;
WSADATA wsaData;
int err;
/* Use the MAKEWORD(lowbyte, highbyte) macro declared in Windef.h */
wVersionRequested = MAKEWORD(2, 2);
err = WSAStartup(wVersionRequested, &wsaData);
if (err != 0) {
/* Tell the user that we could not find a usable */
/* Winsock DLL. */
printf("WSAStartup failed with error: %d\n", err);
return 1;
}
m_socket = socket(AF_INET, SOCK_STREAM, 0);
if (m_socket == INVALID_SOCKET)
{
printf("Error at socket(): %ld\n", WSAGetLastError());
WSACleanup();
return 0;
}
struct sockaddr_in sain;
//bzero(&addr, sizeof(addr));
sain.sin_family = AF_INET;
sain.sin_port = htons(port);
sain.sin_addr.s_addr = inet_addr("127.0.0.1");
if (bind(m_socket, (struct sockaddr*)&sain, sizeof(struct sockaddr_in)) == SOCKET_ERROR)
{
perror("can't bind port");
//abort();
}
if (listen(m_socket, 10) != 0)
{
perror("Can't configure listening port");
//abort();
}
return m_socket;
}
SSL_CTX* InitServerCTX(void)
{
SSL_CTX* ctx = NULL;
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
const SSL_METHOD* method;
#else
SSL_METHOD* method;
#endif
SSL_library_init();
//OpenSSL_add_all_algorithms(); /* load & register all cryptos, etc. */
SSL_load_error_strings(); /* load all error messages */
//method = SSLv23_method(); /* create new server-method instance */
method = SSLv23_server_method();
ctx = SSL_CTX_new(method); /* create new context from method */
if (ctx == NULL)
{
ERR_print_errors_fp(stderr);
abort();
}
return ctx;
}
void LoadCertificates(SSL_CTX* ctx, char* CertFile, char* KeyFile)
{
//New lines
int ret = SSL_CTX_load_verify_locations(ctx, CertFile, KeyFile);
if (ret != 1)
ERR_print_errors_fp(stderr);
if (SSL_CTX_set_default_verify_paths(ctx) != 1)
ERR_print_errors_fp(stderr);
//End new lines
/* set the local certificate from CertFile */
if (SSL_CTX_use_certificate_file(ctx, CertFile, SSL_FILETYPE_PEM) <= 0)
{
ERR_print_errors_fp(stderr);
//abort();
}
/* set the private key from KeyFile (may be the same as CertFile) */
if (SSL_CTX_use_PrivateKey_file(ctx, KeyFile, SSL_FILETYPE_PEM) <= 0)
{
ERR_print_errors_fp(stderr);
abort();
}
/* verify private key */
if (!SSL_CTX_check_private_key(ctx))
{
fprintf(stderr, "Private key does not match the public certificate\n");
abort();
}
printf("LoadCertificates success\n");
}
void ShowCerts(SSL* ssl)
{
X509* cert;
char* line;
cert = SSL_get_peer_certificate(ssl); /* Get certificates (if available) */
if (cert != NULL)
{
printf("Server certificates:\n");
line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
printf("Subject: %s\n", line);
free(line);
line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
printf("Issuer: %s\n", line);
free(line);
X509_free(cert);
}
else
printf("No certificates.\n");
}
void Servlet(SSL* ssl, SOCKET client) /* Serve the connection -- threadable */
{
char buf[1024];
char reply[1024];
int sd, bytes;
const char* HTMLecho = "hello client";
ShowCerts(ssl); /* get any certificates */
int ret = SSL_accept(ssl);
while (1)
{
//bytes = recv(client, buf, sizeof(buf), 0);
bytes = SSL_read(ssl, buf, sizeof(buf));
if (bytes > 0)
{
buf[bytes] = '\0';
printf("Client msg: %s\n", buf);
sprintf(reply, HTMLecho, buf); /* construct reply */
SSL_write(ssl, reply, strlen(reply)); /* send reply */
}
else //其他情况
{
//printf("read byte < 0\n");
}
}
SSL_shutdown(ssl);
SSL_free(ssl);
}
int main(int count, char* strings[])
{
SSL_CTX* ctx;
SOCKET server;
char* portnum;
server = OpenListener(1030); /* create server socket */
SSL_library_init();
portnum = strings[1];
ctx = InitServerCTX(); /* initialize SSL */
LoadCertificates(ctx, (char *)"cert.pem", (char *)"key.pem"); /* load certs */
while (1)
{
struct sockaddr_in addr;
socklen_t len = sizeof(addr);
SSL* ssl;
SOCKET client = accept(server, (struct sockaddr*)&addr, &len); /* accept connection as usual */
socklen_t len1;
struct sockaddr_storage addr1;
//add1.sin_family = AF_INET;
char ipstr[INET6_ADDRSTRLEN];
int port;
len1 = sizeof addr;
int r;
r = getpeername(client, (struct sockaddr*)&addr1, &len1);
// deal with both IPv4 and IPv6:
if (addr1.ss_family == AF_INET)
{
struct sockaddr_in* s = (struct sockaddr_in*)&addr1;
port = ntohs(s->sin_port);
inet_ntop(AF_INET, &s->sin_addr, ipstr, sizeof ipstr);
}
else
{ // AF_INET6
struct sockaddr_in6* s = (struct sockaddr_in6*)&addr1;
port = ntohs(s->sin6_port);
inet_ntop(AF_INET6, &s->sin6_addr, ipstr, sizeof ipstr);
}
printf("Peer IP address: %s,port:%d\n", ipstr,port);
ssl = SSL_new(ctx); /* get new SSL state with context */
//SSL_set_fd(ssl, client); /* set connection socket to SSL state */
BIO* bio = BIO_new_socket(client, BIO_NOCLOSE);
SSL_set_bio(ssl, bio, bio);
Servlet(ssl, client); /* service connection */
}
SSL_CTX_free(ctx); /* release context */
}
总结
可能遇到的问题
1.要确保代码中applink.c文件的存在,否则服务器端代码会提示Unlink的错误
2.服务器端代码要求输入密码,请使用生成秘钥时的密码
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
