openssl编程之服务端
继续上篇博客,我们有了openssl的客户端程序,本篇博文将详细介绍服务端的openssl编程
服务端使用的证书相关文件:ca.crt,server.crt,server.key,关于证书和key的生成,请参考:http://blog.csdn.net/fly2010love/article/details/46415307
程序如下:
#include "openssl/bio.h"
#include "openssl/ssl.h"
#include "openssl/err.h"
#include <sys/types.h>
#ifndef WIN32
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
#else
#define close(x) closesocket(x)
#endif
#include <cstdio>
#define SERVER_PORT 8080
#define CA_CERT_FILE "server/ca.crt"
#define SERVER_CERT_FILE "server/server.crt"
#define SERVER_KEY_FILE "server/server.key"
typedef struct sockaddr SA;
int TcpInit()
{
int listener;
do{
listener = ::socket(AF_INET, SOCK_STREAM, 0);
if( listener == -1 )
return false;
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = 0;
sin.sin_port = htons(SERVER_PORT);
if( ::bind(listener, (SA*)&sin, sizeof(sin)) < 0 )
break;
if( ::listen(listener, 5) < 0)
break;
return listener;
}while(0);
return -1;
}
int main(int argc, char **argv)
{
#ifdef WIN32
WSADATA wsaData;
int iResult = WSAStartup(MAKEWORD(2, 2), &wsaData);
if (iResult != NO_ERROR)
{
printf("Error at WSAStartup()\n");
exit(-1);
}
printf("Server Running in WONDOWS\n");
#else
printf("Server Running in LINUX\n");
#endif
SSL_CTX *ctx;
SSL *ssl;
X509 *client_cert;
char szBuffer[1024];
int nLen;
struct sockaddr_in addr;
int nListenFd, nAcceptFd;
nListenFd = TcpInit();
SSLeay_add_ssl_algorithms();
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
ERR_load_BIO_strings();
memset(&addr, 0, sizeof(addr));
#ifndef WIN32
socklen_t len = sizeof(addr);
#else
int len = sizeof(addr);
#endif
nAcceptFd = accept(nListenFd, (struct sockaddr *)&addr, &len);
ctx = SSL_CTX_new (SSLv23_method());
if( ctx == NULL)
{
printf("SSL_CTX_new error!\n");
return -1;
}
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
if(!SSL_CTX_load_verify_locations(ctx, CA_CERT_FILE, NULL))
{
printf("SSL_CTX_load_verify_locations error!\n");
ERR_print_errors_fp(stderr);
return -1;
}
if(SSL_CTX_use_certificate_file(ctx, SERVER_CERT_FILE, SSL_FILETYPE_PEM) <= 0)
{
printf("SSL_CTX_use_certificate_file error!\n");
ERR_print_errors_fp(stderr);
return -1;
}
if(SSL_CTX_use_PrivateKey_file(ctx, SERVER_KEY_FILE, SSL_FILETYPE_PEM) <= 0)
{
printf("SSL_CTX_use_PrivateKey_file error!\n");
ERR_print_errors_fp(stderr);
return -1;
}
if(!SSL_CTX_check_private_key(ctx))
{
printf("SSL_CTX_check_private_key error!\n");
ERR_print_errors_fp(stderr);
return -1;
}
ssl = SSL_new (ctx);
if(!ssl)
{
printf("SSL_new error!\n");
ERR_print_errors_fp(stderr);
return -1;
}
SSL_set_fd (ssl, nAcceptFd);
while(1){
if(SSL_accept (ssl) != 1)
{
int icode = -1;
ERR_print_errors_fp(stderr);
int iret = SSL_get_error(ssl, icode);
printf("SSL_accept error! code = %d, iret = %d\n", icode, iret);
}
else
break;
}
memset(szBuffer, 0, sizeof(szBuffer));
nLen = SSL_read(ssl,szBuffer, sizeof(szBuffer));
fprintf(stderr, "Get Len %d %s ok\n", nLen, szBuffer);
strcat(szBuffer, "\n this is from server========server resend to client");
SSL_write(ssl, szBuffer, strlen(szBuffer));
SSL_free (ssl);
SSL_CTX_free (ctx);
close(nAcceptFd);
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
编写makefile后者使用g++ -o xxx.cpp -I/usr/local/ssl/include/ -lssl test进行编译得到test可执行文件
现在有了客户端和服务端的执行文件,我们进行测试:
服务器端:
[root@localhost SSLTest]# ./test
Server Running in LINUX
Get Len 56
this is from client+++++++++++++++client send to server ok
[root@localhost SSLTest]#
客户端:
[root@localhost SSLTestC]# ./test
Server Running in LINUX
SSL_CTX_load_verify_locations start!
Get Len 108
this is from client+++++++++++++++client send to server
this is from server========server resend to client ok
[root@localhost SSLTestC]#
表明服务器和客户端已经通信成功,通过抓包工具可以看到,所有字符消息已经变成不可识别的乱码,linux可使用tcpdump进行抓包,在windows使用wireshark进行查看,windows直接使用wireshark抓包即可
后面博文将介绍如何在libevent中加入ssl会话加密功能,虽然bufferevent有相应的bufferevent_socket_openssl_new等接口,但本人在使用过程中发现,并未成功,故抛弃了bufferevent方式,使用原始的event_add的方式进行处理,请关注后续更新
参考博客:http://hoytluo.blog.51cto.com/1154435/564822/
原文链接:http://blog.csdn.net/fly2010love/article/details/46458963