linux openssl 编程 Server端

OpenSSL 是一个强大的安全套接字层密码库，囊括主要的密码算法、常用的密钥和证书封装管理功能及SSL协议，并提供丰富的应用程序供测试或其它目的使用。

直接进行编程步骤：

1.首先确保电脑端拥有openssl库，我这采用的方式是直接使用源码，然后进行编译，编译方式可以参考以下链接地址：

http://www.wangyan.org/blog/install-openssl-from-source.html

2.Server端源码：

openssl_server.c

#include <stdio.h>#include <stdlib.h>#include <errno.h>#include <string.h>#include <sys/types.h>#include <netinet/in.h>#include <sys/socket.h>#include <sys/wait.h>#include <unistd.h>#include <arpa/inet.h>#include <openssl/ssl.h>#include <openssl/err.h>#defineMAXBUF1024int main(int argc,char **argv){struct sockaddr_inmy_addr,their_addr;unsigned intmyport;charbuf[MAXBUF + 1] = { 0 };SSL_CTX*ctx;int sockfd,new_fd;socklen_tlen;if (argc != 4){printf("Usage:%s [bind port] [CERT_PATH] [PRI_KEY_PATH]\n",argv[0]);return -1;}if (argv[1])myport = atoi(argv[1]);/*初始化openssl库*/SSL_library_init();OpenSSL_add_all_algorithms();SSL_load_error_strings();ctx = SSL_CTX_new(SSLv23_server_method());if (ctx == NULL){ERR_print_errors_fp(stdout);exit(-1);}/*加载服务器证书*/if (SSL_CTX_use_certificate_file(ctx, argv[2], SSL_FILETYPE_PEM) <= 0){ERR_print_errors_fp(stdout);exit(-1);}/*加载服务器私钥*/if (SSL_CTX_use_PrivateKey_file(ctx,argv[3],SSL_FILETYPE_PEM) <= 0){ERR_print_errors_fp(stdout);exit(-1);}if (!SSL_CTX_check_private_key(ctx)) {        ERR_print_errors_fp(stdout);        exit(-1);    }if ((sockfd = socket(PF_INET,SOCK_STREAM,0)) == -1){perror("socket");exit(-1);}else{printf("socket created\n");}bzero(&my_addr,sizeof(my_addr));my_addr.sin_family = PF_INET;my_addr.sin_port = htons(myport);my_addr.sin_addr.s_addr = INADDR_ANY;if (bind(sockfd,(struct sockaddr*)&my_addr,sizeof(struct sockaddr)) == -1){perror("bind");exit(-1);}elseprintf("binded\n");if (listen(sockfd,5) == -1){perror("listen");exit(-1);}elseprintf("begin to listen\n");while(1){SSL *ssl;len = sizeof(struct sockaddr);if ((new_fd = accept(sockfd,(struct sockaddr*)&their_addr,&len)) == -1){perror("accept");exit(-1);}elseprintf("server:got connection from %s,port %d,sockfd %d\n",inet_ntoa(their_addr.sin_addr),ntohs(their_addr.sin_port),new_fd);        ssl = SSL_new(ctx);        SSL_set_fd(ssl, new_fd);        if (SSL_accept(ssl) == -1) {            perror("accept");            close(new_fd);            break;        }        bzero(buf, MAXBUF + 1);        strcpy(buf, "server->client");        len = SSL_write(ssl, buf, strlen(buf));if (len <= 0) {            printf("message '%s' send error! error code:'%d',error info:'%s'\n",                 buf, errno, strerror(errno));            goto finish;        } else            printf("message '%s' send success!message total size:'%d'\n",                   buf, len);        bzero(buf, MAXBUF + 1);        len = SSL_read(ssl, buf, MAXBUF);        if (len > 0)            printf("recv message:'%s' ok!message total size:'%d'\n",                   buf, len);        else            printf("recv message error.error code:'%d',error info:'%s'\n",                 errno, strerror(errno));      finish:SSL_shutdown(ssl);        SSL_free(ssl);        close(new_fd);}    close(sockfd);    SSL_CTX_free(ctx);    return 0;}

3.编译

gcc -o ssl_server ssl_server.c -Wall -g -lssl

在我的机子上不能直接编译通过，提示没法找到相关的libssl.so库和libcrypto.so库，所以我利用了在第一步中编译出来的openssl库文件，修改gcc为：

gcc -o openssl_server openssl_server.c -Wall -lssl -lcrypto -L./openssl-1.0.2d/ -Wl,-rpath=./openssl-1.0.2d

openssl-1.0.2d为源码的文件夹，-Wl,rpath表示编译链接的时候的路径。

4.证书申请

私钥

openssl genrsa -out privkey.pem 1024

证书（试玩的证书，未向证书中心认证的）

openssl req -new -x509 -key privkey.pem -out CAcert.pem -days 1095

5.运行

Usage:openssl_server [bind port] [CERT_PATH] [PRI_KEY_PATH]