Skip to content

Instantly share code, notes, and snippets.

@amir-saniyan
Last active April 28, 2024 05:17
Show Gist options
  • Save amir-saniyan/5c90f0098b171c5fc01fa143c1dc43ad to your computer and use it in GitHub Desktop.
Save amir-saniyan/5c90f0098b171c5fc01fa143c1dc43ad to your computer and use it in GitHub Desktop.
OpenSSL Server Example
-----BEGIN CERTIFICATE-----
MIIDazCCAlOgAwIBAgIUUIpiquLgjqfDNnivQgSmP4Ego34wDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xOTA5MDgxNTE2NDlaFw0yOTA5
MDUxNTE2NDlaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDSYxdJsATM1OpinK+cLZrpdFFfykKVhIiP2+LGoqOk
urI1H2qcZ3nRhRCybRrz9ARgJ4h3YM8j8tWkuR3MVxJdgWfuNgV23nLcFmaP7Zfa
4McQbc6+mtoJ2xXAfIYRDIOvPsbOSHtu4PYVu+OafPj1rkCslI1gItXOtHHMz6CA
zqWesoLD4LJC+H2zBcj8orxcxxtX0z1+IYOST2IsWOT7Wla+yP7i9jawOSE0I5b5
iOkZMS3IuXiZM8EXTKYmoWUIoiggkYTrzHKBF2bStBafsiFe2gQ9uXxvtZbPRAUq
EJ+gnsQOZEHXZhYrpBQ4SorWX6TCX5Fiy2OFy4aE1laBAgMBAAGjUzBRMB0GA1Ud
DgQWBBQwz4i+rnFMxhZSSG91BxQu+h0SrDAfBgNVHSMEGDAWgBQwz4i+rnFMxhZS
SG91BxQu+h0SrDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA3
zDZ3UFNmWlCLA9ZCTZTgyl6FH6zftfwR42fTWawWAJ5vMz3sWiDWqQRVglbZSQNA
wgED9+nM0PhjBP1XKQFMWOprKYeKV/k7q7Qaq4abcajZEC3Cc0W4IPUpYdAwgXKG
b04MbV+CtEW6Q3LkxucarPim0nYrt5gZH6H4fRw5+Vcg0kwR0sasXB5BezcpB07g
aZ9coURqFjyzJKuhnBFe/spmKjPaJzUiMsq4Um2O5wqzVXmSoa2AmChUdB77GcUe
18EubBNSIHXmKbQ82F46aERhynBKBfL4+aENx38Saa4YE+kZ2dO+212VYDG9214p
EDus5115Xa1aP+UQC9ZM
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDSYxdJsATM1Opi
nK+cLZrpdFFfykKVhIiP2+LGoqOkurI1H2qcZ3nRhRCybRrz9ARgJ4h3YM8j8tWk
uR3MVxJdgWfuNgV23nLcFmaP7Zfa4McQbc6+mtoJ2xXAfIYRDIOvPsbOSHtu4PYV
u+OafPj1rkCslI1gItXOtHHMz6CAzqWesoLD4LJC+H2zBcj8orxcxxtX0z1+IYOS
T2IsWOT7Wla+yP7i9jawOSE0I5b5iOkZMS3IuXiZM8EXTKYmoWUIoiggkYTrzHKB
F2bStBafsiFe2gQ9uXxvtZbPRAUqEJ+gnsQOZEHXZhYrpBQ4SorWX6TCX5Fiy2OF
y4aE1laBAgMBAAECggEBAKYI79MGp/MjQUrLz0eZMj11v9ayH/Qx4ThvVzxeFHmn
oYaNIa0HeLsiobe+pVvLwzxDVs6nxzHerj7OnTarrOHAg84aMhvKmKkawJxr7MEf
TdqoXlZMjTDkBvmfDIsd7jr6dxlLWKZ7wZoLayd741q4x2+r2Rr6wvPbskfpwAiG
HxWFf2pk1K2MR8+0qnRVqFkaHoHJDBzmBqDH0knHSIk2iTLxdDW9tZ9f1GdyPRyC
05ABN5p+byQAqHoVd7pwPF4uNGR6iV2bqhrwnE2Z6JqIEqaEmchmZXmD4dc2TRcw
gdRRZp/kcG4rFVjttZwOSospv5n5QhvgcLzK4alXLWUCgYEA6zpiS6imvrh6OnC+
ynnb9zq2EdY34+OZCejSbmRFUj69mfsaG2wz1xXiJvnsJev5ZxSuHHBBy9mnr5Xs
DYOMVemd0lIGmOcYcHEF/5BR2UwOuUdEFKaCD0Tfk5U3EvY242OXk17zlyso0OKy
T+eXOZtREvewvaTZDUlM2a1834cCgYEA5Pclc2NzQL0Rm0nHUpIKYjS4Kxwcoovy
Iy2WLiJ/nLuJryaItNAJRSvi7e+kZ7CDQdYo5bN9tdBVFJ1ybP3b1RWrUCz6IY7O
xGb10Bn1g8/wp5aK5Eut5D79N4Ys3B6rB8zkm3yvrcsDfG8Gz15yMmwDJZvlDMks
tHEIOSW6S7cCgYEAoSKnfyiSwQdiQ3JEYDNF6YAAhQt30dZxWYZx0ElD62krPLX0
VmCyyl4lQ4nkqL2TZXeXJcgIano5EmDjCQbaNWgJQrAJ8Ogtp6jk8QKN7wrY8zbM
flDpu0f02AZZadXcF7x7cuqSdzWLijwg5ffBcibhTNr76Y1pWl6iFGNxrTUCgYEA
ltJ+Ju4ho0ln6aTF2Yw9rscPccZIzoHk9Gs4/BbZfMLERU3ay1AmaxwnlZg/8dWC
AMIzmmuLqVIcWUIFd+oY/toRSPT3p1dMuG8iCPywjy1QVvSBdTSszSb44bROpIjH
HJJJHGsbxh1upG72S27pRnGD+SghzzRNcGbshchmWS0CgYBkaBXqFCP/YndZ/zZJ
uNZrN1J5/VMn1VryVGe5pDvsxp7zaxH7EGJf5HUnsQruUv+5UkECWnI/lO9vEjLl
bALvyDedqFdxVAG9Moszs+aOGaY6xiUSS2iR3wEE5pvkalxhuYnt0AA3IDzm4wKs
jH40chnqS2qX9/ZT2scQBwSx1Q==
-----END PRIVATE KEY-----

OpenSSL Server Example

This sample code shows how to create an OpenSSL server application.

Compilation

Prerequisites:

$ sudo apt-get install gcc pkg-config libssl-dev openssl

Build:

$ gcc openssl_server.c -lssl -lcrypto -o openssl_server

-- or --

$ gcc openssl_server.c `pkg-config --libs libssl libcrypto` -o openssl_server

Build (Statically):

$ gcc openssl_server.c -static -lssl -lcrypto -ldl -pthread -Wl,--whole-archive -lpthread -Wl,--no-whole-archive -o openssl_server

-- or --

$ gcc openssl_server.c -static `pkg-config --libs --static libssl libcrypto` -Wl,--whole-archive -lpthread -Wl,--no-whole-archive -o openssl_server

Gerating Certification & Private Key Files

To generating new cert.pem and key.pem files, run the following command:

$ openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem

Running and Testing Application

Run the application ($ ./openssl_server) and then open a browser and navigate to https://localhost:12345/.

#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
/* openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem */
#define CERTIFICATE_FILE_NAME "cert.pem"
#define PRIVATE_KEY_FILE_NAME "key.pem"
#define PORT_NUMBER 12345
#define SERVER_RESPONSE "HTTP/1.1 200 OK\r\n\r\nHello World!"
int main()
{
/* Initializing OpenSSL. */
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
/* Create context. */
SSL_CTX* context = SSL_CTX_new(TLSv1_2_server_method());
if (context == NULL)
{
perror("Unable to create SSL context.\n");
ERR_print_errors_fp(stderr);
return EXIT_FAILURE;
}
/* Configure context. */
SSL_CTX_set_ecdh_auto(context, 1);
if (SSL_CTX_use_certificate_file(context, CERTIFICATE_FILE_NAME, SSL_FILETYPE_PEM) <= 0)
{
perror("Unable to read cert.pem.\n");
ERR_print_errors_fp(stderr);
return EXIT_FAILURE;
}
if (SSL_CTX_use_PrivateKey_file(context, PRIVATE_KEY_FILE_NAME, SSL_FILETYPE_PEM) <= 0)
{
perror("Unable to read key.pem.\n");
ERR_print_errors_fp(stderr);
return EXIT_FAILURE;
}
/* Create socket. */
struct sockaddr_in addr;
addr.sin_family = AF_INET;
addr.sin_port = htons(PORT_NUMBER);
addr.sin_addr.s_addr = htonl(INADDR_ANY);
int sock = socket(AF_INET, SOCK_STREAM, 0);
if (sock < 0)
{
perror("Unable to create socket.\n");
exit(EXIT_FAILURE);
}
if (bind(sock, (struct sockaddr*)&addr, sizeof(addr)) < 0)
{
perror("Unable to bind.\n");
exit(EXIT_FAILURE);
}
if (listen(sock, 1) < 0)
{
perror("Unable to listen.\n");
exit(EXIT_FAILURE);
}
/* Handle connections. */
while(1)
{
struct sockaddr_in addr;
uint len = sizeof(addr);
int client = accept(sock, (struct sockaddr*)&addr, &len);
if (client < 0)
{
perror("Unable to accept.\n");
exit(EXIT_FAILURE);
}
SSL* ssl = SSL_new(context);
SSL_set_fd(ssl, client);
if (SSL_accept(ssl) <= 0)
{
perror("Unable to SSL accept.\n");
ERR_print_errors_fp(stderr);
}
else
{
printf("New SSL connection accepted.\n");
SSL_write(ssl, SERVER_RESPONSE, strlen(SERVER_RESPONSE));
}
SSL_free(ssl);
ssl = NULL;
close(client);
client = -1;
}
/* Cleanup. */
close(sock);
sock = -1;
SSL_CTX_free(context);
context = NULL;
EVP_cleanup();
return EXIT_SUCCESS;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment