- 论坛徽章:
- 0
|
#include "header.h"
void err_sys(const char *errmsg);
int create_listenfd(int argc, char **argv);
int main(int argc, char **argv)
{
SSL_CTX *ctx;
SSL *ssl;
int listenfd, connfd;
if (argc != 3)
{
fprintf(stderr, "Usage: ./ssl \n");
exit(1);
}
/* SSL library initialize */
SSL_library_init();
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
if ((ctx = SSL_CTX_new(SSLv23_server_method())) == NULL)
{
ERR_print_errors_fp(stderr);
exit(1);
}
/* load user digit certificate */
if (SSL_CTX_use_certificate_file(ctx, argv[1], SSL_FILETYPE_PEM) <= 0)
{
ERR_print_errors_fp(stderr);
exit(1);
}
/* load user private key */
if (SSL_CTX_use_PrivateKey_file(ctx, argv[2], SSL_FILETYPE_PEM) <= 0)
{
ERR_print_errors_fp(stderr);
exit(1);
}
/* check user private key */
if (SSL_CTX_check_private_key(ctx) != 1)
{
ERR_print_errors_fp(stderr);
exit(1);
}
listenfd = create_listenfd(argc, argv);
while (1)
{
if ((connfd = accept(listenfd, NULL, NULL)) == -1)
err_sys("accept");
ssl = SSL_new(ctx);
SSL_set_fd(ssl, connfd);
if (SSL_accept(ssl) == -1)
{
ERR_print_errors_fp(stderr);
exit(1);
}
char buf[BUFSIZ] = "from server to client\n";
if (SSL_write(ssl, buf, strlen(buf)) != strlen(buf))
{
ERR_print_errors_fp(stderr);
exit(1);
}
SSL_shutdown(ssl);
SSL_free(ssl);
} /* while */
SSL_CTX_free(ctx);
exit(0);
}
int create_listenfd(int argc, char **argv)
{
int listenfd;
struct sockaddr_in servaddr;
if ((listenfd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1)
err_sys("socket");
bzero(&servaddr, sizeof(servaddr));
servaddr.sin_family = AF_INET;
servaddr.sin_port = htons(PORT);
servaddr.sin_addr.s_addr = htonl(INADDR_ANY);
if (bind(listenfd, (SA *)&servaddr, sizeof(servaddr)) == -1)
err_sys("bind");
if (listen(listenfd, BACKLOG) == -1)
err_sys("listen");
return (listenfd);
}
void err_sys(const char *errmsg)
{
perror(errmsg);
exit(1);
}
client end =============
#include "header.h"
void err_sys(const char *errmsg);
#if 0
void show_cert(SSL *ssl)
{
X509 *cert;
char *line;
printf("show_cert() function running.\n");
if ((cert = SSL_get_peer_certificate(ssl)) != NULL)
{
printf("Certificate Information:\n");
line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
printf("certificate: %s\n", line);
free(line);
line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
printf("issuer: %s\n", line);
free(line);
X509_free(cert);
}
else
printf("No Certificate.\n");
}
#endif
int main(int argc, char **argv)
{
SSL *ssl;
SSL_CTX *ctx;
/* SSL library initialize */
SSL_library_init();
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
if ((ctx = SSL_CTX_new(SSLv23_client_method())) == NULL)
{
ERR_print_errors_fp(stderr);
exit(1);
}
int sockfd;
struct sockaddr_in servaddr;
if ((sockfd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1)
err_sys("socket");
bzero(&servaddr, sizeof(servaddr));
servaddr.sin_family = AF_INET;
servaddr.sin_port = htons(PORT);
if (inet_pton(AF_INET, argv[1], &servaddr.sin_addr) <= 0)
err_sys("inet_pton");
if (connect(sockfd, (SA *)&servaddr, sizeof(servaddr)) == -1)
err_sys("connect");
/* create ssl */
ssl = SSL_new(ctx);
SSL_set_fd(ssl, sockfd);
if (SSL_connect(ssl) == -1)
{
ERR_print_errors_fp(stderr);
exit(1);
}
char buf[BUFSIZ];
ssize_t nread;
bzero(buf, sizeof(buf));
if ((nread = SSL_read(ssl, buf, sizeof(buf))) < 0)
{
ERR_print_errors_fp(stderr);
exit(1);
}
if (write(STDOUT_FILENO, buf, nread) != nread)
err_sys("write");
SSL_shutdown(ssl);
SSL_free(ssl);
SSL_CTX_free(ctx);
exit(0);
}
void err_sys(const char *errmsg)
{
perror(errmsg);
exit(1);
}
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u1/39758/showart_381533.html |
|