69,382
社区成员
发帖
与我相关
我的任务
分享
#include<stdio.h>
#include<signal.h>
#include<openssl/err.h>
#include<openssl/ssl.h>
#define CERT_FILE
BIO *in =NULL;
void close_up()
{
if( in !=NULL)
BIO_free(in);
}
int main(argc,argv)
int argc;
char *argv[];
{
char *port=NULL;
BIO *ssl_bio,*tmp;
SSL_CTX *ctx;
SSL *ssl;
char buf[512];
int ret=1,i;
if(argc<=1)
port="*:4433";
else
port=argv[1];
signal(SIGINT,close_up);
SSL_load_error_strings();
#ifdef WATT32
debug_init();
sock_init();
#endif
/* Add ciphers and message digests */
OpenSSL_add_ssl_algorithms();
ctx=SSL_CTX_new(SSLv23_server_method());
if (!SSL_CTX_use_certificate_file(ctx,CERT_FILE,SSL_FILETYPE_PEM))
goto err;
if (!SSL_CTX_use_PrivateKey_file(ctx,CERT_FILE,SSL_FILETYPE_PEM))
goto err;
if (!SSL_CTX_check_private_key(ctx))
goto err;
/* Setup server side SSL bio */
ssl=SSL_new(ctx);
ssl_bio=BIO_new_ssl(ctx,0);
if((in=BIO_new_accept(port))==NULL)
goto err;
/* This means that when a new connection is acceptede on 'in',
* The ssl_bio will be 'dupilcated' and have the new sockets
* BIO push into it. Basically it means the SSL BIO will be
* automatically setup */
BIO_set_accept_bios(in,ssl_bio);
again:
/* The first call will setup the accept socket, and the seconds
* will get a socket. In this loop, the first actual accept
* will occur in the BIO_read() function. */
if(BIO_do_accept(in)<=0)
goto err;
for( ; ; )
{
i=BIO_read(in,buf,512);
if(i==0)
{
/* If we have finished, remove the underlying
* BIO stack so the next time we call any function
* for this BIO, it will attempt to do an
* accept */
printf("Done\n");
tmp=BIO_pop(in);
BIO_free_all(tmp);
goto again;
}
if(i<0)
goto err;
fwrite(buf,1,i,stdout);
fflush(stdout);
}
ret=0;
err:
if(ret)
{
ERR_print_errors_fp(stderr);
}
if(in!=NULL)
BIO_free(in);
exit(ret);
return(!ret);
}
//简单的说便是:SSL客户端(也是TCP的客户端)在TCP链接建立之后,发出一个ClientHello来发起握手,这个消息里面包含了自己可实现的算法列表和其它一些需要的消息,SSL的服务器端会回应一个ServerHello,这里面确定了这次通信所需要的算法,然后发过去自己的证书(里面包含了身份和自己的公钥)。Client在收到这个消息后会生成一个秘密消息,用SSL服务器的公钥加密后传过去,SSL服务器端用自己的私钥解密后,会话密钥协商成功,双方可以用同一份会话密钥来通信了。