4,450
社区成员
发帖
与我相关
我的任务
分享
//client端代码
#include <openssl/rand.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <sys/socket.h>
#include <resolv.h>
#include <stdlib.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <errno.h>
#include <curses.h>
#define PORT 443
#define SERVER "127.0.0.1"
#define CACERT "/home/test/linux-kernel/SDK-SFSS/SDK-SFSS/OpenSSL/test/cacert.pem"
#define MYCERTF "/home/test/linux-kernel/SDK-SFSS/SDK-SFSS/OpenSSL/test/cacert2.pem"
#define MYKEYF "/home/test/linux-kernel/SDK-SFSS/SDK-SFSS/OpenSSL/test/privkey2.pem"
#define MSGLENGTH 1024
int
main ()
{
struct sockaddr_in sin;
int seed_int[100];
SSL *ssl;
SSL_METHOD *meth;
SSL_CTX *ctx;
int i;
OpenSSL_add_ssl_algorithms ();
SSL_load_error_strings ();
meth = (SSL_METHOD *) TLSv1_client_method ();
ctx = SSL_CTX_new (meth);
if (NULL == ctx)
exit (1);
SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER, NULL);
SSL_CTX_load_verify_locations (ctx, CACERT, NULL);
if (0 == SSL_CTX_use_certificate_file (ctx, MYCERTF, SSL_FILETYPE_PEM))
{
ERR_print_errors_fp (stderr);
exit (1);
}
if (0 == SSL_CTX_use_PrivateKey_file (ctx, MYKEYF, SSL_FILETYPE_PEM))
{
ERR_print_errors_fp (stderr);
exit (1);
}
if (!SSL_CTX_check_private_key (ctx))
{
printf ("Private key does not match the certificate public key/n");
exit (1);
}
srand ((unsigned) time (NULL));
for (i = 0; i < 100; i++)
seed_int[i] = rand ();
RAND_seed (seed_int, sizeof (seed_int));
SSL_CTX_set_cipher_list (ctx, "RC4-MD5");
SSL_CTX_set_mode (ctx, SSL_MODE_AUTO_RETRY);
int sock;
printf ("Begin tcp socket.../n");
sock = socket (AF_INET, SOCK_STREAM, 0);
if (sock == -1)
{
printf ("SOCKET error. /n");
}
memset (&sin, '/0', sizeof (sin));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = inet_addr (SERVER); /* Server IP */
sin.sin_port = htons (PORT); /* Server Port number */
int icnn = connect (sock, (struct sockaddr *) &sin, sizeof (sin));
if (icnn == -1)
{
printf ("can not connect to server,%s/n", strerror (errno));
exit (1);
}
ssl = SSL_new (ctx);
if (NULL == ssl)
exit (1);
if (0 >= SSL_set_fd (ssl, sock))
{
printf ("Attach to Line fail!/n");
exit (1);
}
int k = SSL_connect (ssl);
if (0 == k)
{
printf ("%d/n", k);
printf ("SSL connect fail!/n");
exit (1);
}
printf ("connect to server/n");
char sendmsg[MSGLENGTH] = "/0";
char revmsg[MSGLENGTH] = "/0";
int err = SSL_read (ssl, revmsg, sizeof (revmsg));
revmsg[err] = '/0';
printf ("%s/n", revmsg);
while (1)
{
printf ("please input the data to send:/n");
scanf ("%s", sendmsg);
SSL_write (ssl, sendmsg, strlen (sendmsg));
printf ("send message ' %s ' success/n", sendmsg);
}
SSL_shutdown (ssl);
SSL_free (ssl);
SSL_CTX_free (ctx);
close (sock);
getch ();
return 0;
}
//server 服务器端代码
#include <stdio.h>
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <curses.h>
#define MSGLENGTH 1024
#define PORT 443
#define CACERT "/home/test/linux-kernel/SDK-SFSS/SDK-SFSS/OpenSSL/test/cacert2.pem"
#define SVRCERTF "/home/test/linux-kernel/SDK-SFSS/SDK-SFSS/OpenSSL/test/cacert.pem"
#define SVRKEYF "/home/test/linux-kernel/SDK-SFSS/SDK-SFSS/OpenSSL/test/privkey.pem"
int
main ()
{
int sock;
SSL_METHOD *meth;
SSL_CTX *ctx;
SSL *ssl;
OpenSSL_add_ssl_algorithms ();
SSL_load_error_strings ();
meth = (SSL_METHOD *) TLSv1_server_method ();
ctx = SSL_CTX_new (meth);
if (NULL == ctx)
exit (1);
SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER, NULL);
SSL_CTX_load_verify_locations (ctx, CACERT, NULL);
//载入证书
if (0 == SSL_CTX_use_certificate_file (ctx, SVRCERTF, SSL_FILETYPE_PEM))
{
ERR_print_errors_fp (stderr);
exit (1);
}
//载入私钥
if (0 == SSL_CTX_use_PrivateKey_file (ctx, SVRKEYF, SSL_FILETYPE_PEM))
{
ERR_print_errors_fp (stderr);
exit (1);
}
//验证
if (!SSL_CTX_check_private_key (ctx))
{
printf ("Private key does not match the certificate public key/n");
exit (1);
}
SSL_CTX_set_cipher_list (ctx, "RC4-MD5");
SSL_CTX_set_mode (ctx, SSL_MODE_AUTO_RETRY);
printf ("Begin tcp socket.../n");
sock = socket (AF_INET, SOCK_STREAM, 0);
if (sock == -1)
{
printf ("SOCKET error! /n");
return 0;
}
struct sockaddr_in addr;
memset (&addr, '/0', sizeof (addr));
addr.sin_family = AF_INET;
addr.sin_port = htons (PORT); /* Server Port number */
addr.sin_addr.s_addr = INADDR_ANY;
int nResult = bind (sock, (struct sockaddr *) &addr, sizeof (addr));
if (nResult == -1)
{
printf ("bind socket error/n");
return 0;
}
printf ("server start successfully,port:%d/nwaiting for connections/n",
PORT);
struct sockaddr_in sa_cli;
int err = listen (sock, 5);
if (-1 == err)
exit (1);
int client_len = sizeof (sa_cli);
int ss = accept (sock, (struct sockaddr *) &sa_cli, &client_len);
if (ss == -1)
{
exit (1);
}
close (sock);
printf ("Connection from %d, port %d/n", sa_cli.sin_addr.s_addr,
sa_cli.sin_port);
ssl = SSL_new (ctx);
if (NULL == ssl)
exit (1);
if (0 == SSL_set_fd (ssl, ss))
{
printf ("Attach to Line fail!/n");
exit (1);
}
int k = SSL_accept (ssl);
if (0 == k)
{
printf ("%d/n", k);
printf ("SSL connect fail!/n");
exit (1);
}
X509 *client_cert;
client_cert = SSL_get_peer_certificate (ssl);
printf ("find to try to connect/n");
if (client_cert != NULL)
{
printf ("Client certificate:/n");
char *str =
X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
if (NULL == str)
{
printf ("auth error!/n");
exit (1);
}
printf ("subject: %s/n", str);
str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0);
if (NULL == str)
{
printf ("certificate name is null/n");
exit (1);
}
printf ("issuer: %s/n", str);
printf ("connect successfully/n");
X509_free (client_cert);
OPENSSL_free (str);
}
else
{
printf ("can not find the customer's certificate/n");
exit (1);
}
char buf[MSGLENGTH];
SSL_write (ssl, "Server is connect to you!/n",
strlen ("Server is connect to you!/n"));
printf ("Listen to the client: /n");
while (1)
{
err = SSL_read (ssl, buf, sizeof (buf));
buf[err] = '/0';
printf ("%s/n", buf);
}
SSL_shutdown (ssl);
SSL_free (ssl);
SSL_CTX_free (ctx);
getch ();
return 0;
}