openssl编程之服务端
继续上篇博客,我们有了openssl的客户端程序,本篇博文将详细介绍服务端的openssl编程
服务端使用的证书相关文件:ca.crt,server.crt,server.key,关于证书和key的生成,请参考:http://blog.csdn.net/fly2010love/article/details/46415307
程序如下:
#include "openssl/bio.h" #include "openssl/ssl.h" #include "openssl/err.h" #include <sys/types.h>#ifndef WIN32 #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <unistd.h>#else #define close(x) closesocket(x)#endif#include <cstdio>#define SERVER_PORT 8080#define CA_CERT_FILE "server/ca.crt"#define SERVER_CERT_FILE "server/server.crt"#define SERVER_KEY_FILE "server/server.key"typedef struct sockaddr SA;int TcpInit(){ int listener; do{ listener = ::socket(AF_INET, SOCK_STREAM, 0); if( listener == -1 ) return false; struct sockaddr_in sin; sin.sin_family = AF_INET; sin.sin_addr.s_addr = 0; sin.sin_port = htons(SERVER_PORT); if( ::bind(listener, (SA*)&sin, sizeof(sin)) < 0 ) break; if( ::listen(listener, 5) < 0) break; return listener; }while(0); return -1;}int main(int argc, char **argv) { #ifdef WIN32 WSADATA wsaData; int iResult = WSAStartup(MAKEWORD(2, 2), &wsaData); if (iResult != NO_ERROR) { printf("Error at WSAStartup()\n"); exit(-1); } printf("Server Running in WONDOWS\n");#else printf("Server Running in LINUX\n");#endif SSL_CTX *ctx; SSL *ssl; X509 *client_cert; char szBuffer[1024]; int nLen; struct sockaddr_in addr; int nListenFd, nAcceptFd; nListenFd = TcpInit(); SSLeay_add_ssl_algorithms(); OpenSSL_add_all_algorithms(); SSL_load_error_strings(); ERR_load_BIO_strings(); memset(&addr, 0, sizeof(addr));#ifndef WIN32 socklen_t len = sizeof(addr);#else int len = sizeof(addr);#endif nAcceptFd = accept(nListenFd, (struct sockaddr *)&addr, &len); ctx = SSL_CTX_new (SSLv23_method()); if( ctx == NULL) { printf("SSL_CTX_new error!\n"); return -1; } SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); if(!SSL_CTX_load_verify_locations(ctx, CA_CERT_FILE, NULL)) { printf("SSL_CTX_load_verify_locations error!\n"); ERR_print_errors_fp(stderr); return -1; } if(SSL_CTX_use_certificate_file(ctx, SERVER_CERT_FILE, SSL_FILETYPE_PEM) <= 0) { printf("SSL_CTX_use_certificate_file error!\n"); ERR_print_errors_fp(stderr); return -1; } if(SSL_CTX_use_PrivateKey_file(ctx, SERVER_KEY_FILE, SSL_FILETYPE_PEM) <= 0) { printf("SSL_CTX_use_PrivateKey_file error!\n"); ERR_print_errors_fp(stderr); return -1; } if(!SSL_CTX_check_private_key(ctx)) { printf("SSL_CTX_check_private_key error!\n"); ERR_print_errors_fp(stderr); return -1; } ssl = SSL_new (ctx); if(!ssl) { printf("SSL_new error!\n"); ERR_print_errors_fp(stderr); return -1; } SSL_set_fd (ssl, nAcceptFd); while(1){ if(SSL_accept (ssl) != 1) { int icode = -1; ERR_print_errors_fp(stderr); int iret = SSL_get_error(ssl, icode); printf("SSL_accept error! code = %d, iret = %d\n", icode, iret); } else break; } memset(szBuffer, 0, sizeof(szBuffer)); nLen = SSL_read(ssl,szBuffer, sizeof(szBuffer)); fprintf(stderr, "Get Len %d %s ok\n", nLen, szBuffer); strcat(szBuffer, "\n this is from server========server resend to client"); SSL_write(ssl, szBuffer, strlen(szBuffer)); SSL_free (ssl); SSL_CTX_free (ctx); close(nAcceptFd); }
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
编写makefile后者使用g++ -o xxx.cpp -I/usr/local/ssl/include/ -lssl test进行编译得到test可执行文件
现在有了客户端和服务端的执行文件,我们进行测试:
服务器端:
[root@localhost SSLTest]# ./test Server Running in LINUXGet Len 56 this is from client+++++++++++++++client send to server ok[root@localhost SSLTest]#
客户端:
[root@localhost SSLTestC]# ./test Server Running in LINUXSSL_CTX_load_verify_locations start!Get Len 108 this is from client+++++++++++++++client send to server this is from server========server resend to client ok[root@localhost SSLTestC]#
表明服务器和客户端已经通信成功,通过抓包工具可以看到,所有字符消息已经变成不可识别的乱码,linux可使用tcpdump进行抓包,在windows使用wireshark进行查看,windows直接使用wireshark抓包即可
后面博文将介绍如何在libevent中加入ssl会话加密功能,虽然bufferevent有相应的bufferevent_socket_openssl_new等接口,但本人在使用过程中发现,并未成功,故抛弃了bufferevent方式,使用原始的event_add的方式进行处理,请关注后续更新
参考博客:http://hoytluo.blog.51cto.com/1154435/564822/
原文链接:http://blog.csdn.net/fly2010love/article/details/46458963