#define MSGLENGTH 1024
#define PORT 443
#define CACERT "./private/ca.crt"
#define SVRCERTF "./certs/server.crt"
#define SVRKEYF "./private/server.key"
int
main ()
{
int sock;
SSL_METHOD *meth;
SSL_CTX *ctx;
SSL *ssl;
OpenSSL_add_ssl_algorithms ();
SSL_load_error_strings ();
meth = (SSL_METHOD *) TLSv1_server_method ();
ctx = SSL_CTX_new (meth);
if (NULL == ctx)
exit (1);
SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER, NULL);
SSL_CTX_load_verify_locations (ctx, CACERT, NULL);
if (0 == SSL_CTX_use_certificate_file (ctx, SVRCERTF, SSL_FILETYPE_PEM))
{
ERR_print_errors_fp (stderr);
exit (1);
}
if (0 == SSL_CTX_use_PrivateKey_file (ctx, SVRKEYF, SSL_FILETYPE_PEM))
{
ERR_print_errors_fp (stderr);
exit (1);
}
if (!SSL_CTX_check_private_key (ctx))
{
printf ("Private key does not match the certificate public key/n");
exit (1);
}
SSL_CTX_set_cipher_list (ctx, "RC4-MD5");
SSL_CTX_set_mode (ctx, SSL_MODE_AUTO_RETRY);
printf ("Begin tcp socket.../n");
sock = socket (AF_INET, SOCK_STREAM, 0);
if (sock == -1)
{
printf ("SOCKET error! /n");
return 0;
}
struct sockaddr_in addr;
memset (&addr, '/0', sizeof (addr));
addr.sin_family = AF_INET;
addr.sin_port = htons (PORT); /* Server Port number */
addr.sin_addr.s_addr = INADDR_ANY;
int nResult = bind (sock, (struct sockaddr *) &addr, sizeof (addr));
if (nResult == -1)
{
printf ("bind socket error/n");
return 0;
}
printf ("server start successfully,port:%d/nwaiting for connections/n",
PORT);
struct sockaddr_in sa_cli;
int err = listen (sock, 5);
if (-1 == err)
exit (1);
int client_len = sizeof (sa_cli);
int ss = accept (sock, (struct sockaddr *) &sa_cli, &client_len);
if (ss == -1)
{
exit (1);
}
close (sock);
printf ("Connection from %d, port %d/n", sa_cli.sin_addr.s_addr,
sa_cli.sin_port);
ssl = SSL_new (ctx);
if (NULL == ssl)
exit (1);
if (0 == SSL_set_fd (ssl, ss))
{
printf ("Attach to Line fail!/n");
exit (1);
}
int k = SSL_accept (ssl);
if (0 == k)
{
printf ("%d/n", k);
printf ("SSL connect fail!/n");
exit (1);
}
X509 *client_cert;
client_cert = SSL_get_peer_certificate (ssl);
printf ("find a customer to try to connect/n");
if (client_cert != NULL)
{
printf ("Client certificate:/n");
char *str =
X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
if (NULL == str)
{
printf ("auth error!/n");
exit (1);
}
printf ("subject: %s/n", str);
str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0);
if (NULL == str)
{
printf ("certificate name is null/n");
exit (1);
}
printf ("issuer: %s/n", str);
printf ("connect successfully/n");
X509_free (client_cert);
OPENSSL_free (str);
}
else
{
printf ("can not find the customer's certificate/n");
exit (1);
}
char buf[MSGLENGTH];
SSL_write (ssl, "Server is connect to you!/n",
strlen ("Server is connect to you!/n"));
printf ("Listen to the client: /n");
while (1)
{
err = SSL_read (ssl, buf, sizeof (buf));
buf[err] = '/0';
printf ("%s/n", buf);
}
SSL_shutdown (ssl);
SSL_free (ssl);
SSL_CTX_free (ctx);
getch ();
return 0;
}
makefile
all:client.c server.c
gcc -Wall -o client client.c -I/usr/openssl-1.0.0c/include /usr/openssl-1.0.0c/libssl.a /usr/openssl-1.0.0c/libcrypto.a -ldl
gcc -Wall -o server server.c -I/usr/openssl-1.0.0c/include /usr/openssl-1.0.0c/libssl.a /usr/openssl-1.0.0c/libcrypto.a -ldl
clean::
rm -f client server