amir-saniyan/OpenSSL Server Example.md

## cert.pem
-----BEGIN CERTIFICATE-----
MIIDazCCAlOgAwIBAgIUUIpiquLgjqfDNnivQgSmP4Ego34wDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xOTA5MDgxNTE2NDlaFw0yOTA5
MDUxNTE2NDlaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDSYxdJsATM1OpinK+cLZrpdFFfykKVhIiP2+LGoqOk
urI1H2qcZ3nRhRCybRrz9ARgJ4h3YM8j8tWkuR3MVxJdgWfuNgV23nLcFmaP7Zfa
4McQbc6+mtoJ2xXAfIYRDIOvPsbOSHtu4PYVu+OafPj1rkCslI1gItXOtHHMz6CA
zqWesoLD4LJC+H2zBcj8orxcxxtX0z1+IYOST2IsWOT7Wla+yP7i9jawOSE0I5b5
iOkZMS3IuXiZM8EXTKYmoWUIoiggkYTrzHKBF2bStBafsiFe2gQ9uXxvtZbPRAUq
EJ+gnsQOZEHXZhYrpBQ4SorWX6TCX5Fiy2OFy4aE1laBAgMBAAGjUzBRMB0GA1Ud
DgQWBBQwz4i+rnFMxhZSSG91BxQu+h0SrDAfBgNVHSMEGDAWgBQwz4i+rnFMxhZS
SG91BxQu+h0SrDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA3
zDZ3UFNmWlCLA9ZCTZTgyl6FH6zftfwR42fTWawWAJ5vMz3sWiDWqQRVglbZSQNA
wgED9+nM0PhjBP1XKQFMWOprKYeKV/k7q7Qaq4abcajZEC3Cc0W4IPUpYdAwgXKG
b04MbV+CtEW6Q3LkxucarPim0nYrt5gZH6H4fRw5+Vcg0kwR0sasXB5BezcpB07g
aZ9coURqFjyzJKuhnBFe/spmKjPaJzUiMsq4Um2O5wqzVXmSoa2AmChUdB77GcUe
18EubBNSIHXmKbQ82F46aERhynBKBfL4+aENx38Saa4YE+kZ2dO+212VYDG9214p
EDus5115Xa1aP+UQC9ZM
-----END CERTIFICATE-----

## key.pem
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDSYxdJsATM1Opi
nK+cLZrpdFFfykKVhIiP2+LGoqOkurI1H2qcZ3nRhRCybRrz9ARgJ4h3YM8j8tWk
uR3MVxJdgWfuNgV23nLcFmaP7Zfa4McQbc6+mtoJ2xXAfIYRDIOvPsbOSHtu4PYV
u+OafPj1rkCslI1gItXOtHHMz6CAzqWesoLD4LJC+H2zBcj8orxcxxtX0z1+IYOS
T2IsWOT7Wla+yP7i9jawOSE0I5b5iOkZMS3IuXiZM8EXTKYmoWUIoiggkYTrzHKB
F2bStBafsiFe2gQ9uXxvtZbPRAUqEJ+gnsQOZEHXZhYrpBQ4SorWX6TCX5Fiy2OF
y4aE1laBAgMBAAECggEBAKYI79MGp/MjQUrLz0eZMj11v9ayH/Qx4ThvVzxeFHmn
oYaNIa0HeLsiobe+pVvLwzxDVs6nxzHerj7OnTarrOHAg84aMhvKmKkawJxr7MEf
TdqoXlZMjTDkBvmfDIsd7jr6dxlLWKZ7wZoLayd741q4x2+r2Rr6wvPbskfpwAiG
HxWFf2pk1K2MR8+0qnRVqFkaHoHJDBzmBqDH0knHSIk2iTLxdDW9tZ9f1GdyPRyC
05ABN5p+byQAqHoVd7pwPF4uNGR6iV2bqhrwnE2Z6JqIEqaEmchmZXmD4dc2TRcw
gdRRZp/kcG4rFVjttZwOSospv5n5QhvgcLzK4alXLWUCgYEA6zpiS6imvrh6OnC+
ynnb9zq2EdY34+OZCejSbmRFUj69mfsaG2wz1xXiJvnsJev5ZxSuHHBBy9mnr5Xs
DYOMVemd0lIGmOcYcHEF/5BR2UwOuUdEFKaCD0Tfk5U3EvY242OXk17zlyso0OKy
T+eXOZtREvewvaTZDUlM2a1834cCgYEA5Pclc2NzQL0Rm0nHUpIKYjS4Kxwcoovy
Iy2WLiJ/nLuJryaItNAJRSvi7e+kZ7CDQdYo5bN9tdBVFJ1ybP3b1RWrUCz6IY7O
xGb10Bn1g8/wp5aK5Eut5D79N4Ys3B6rB8zkm3yvrcsDfG8Gz15yMmwDJZvlDMks
tHEIOSW6S7cCgYEAoSKnfyiSwQdiQ3JEYDNF6YAAhQt30dZxWYZx0ElD62krPLX0
VmCyyl4lQ4nkqL2TZXeXJcgIano5EmDjCQbaNWgJQrAJ8Ogtp6jk8QKN7wrY8zbM
flDpu0f02AZZadXcF7x7cuqSdzWLijwg5ffBcibhTNr76Y1pWl6iFGNxrTUCgYEA
ltJ+Ju4ho0ln6aTF2Yw9rscPccZIzoHk9Gs4/BbZfMLERU3ay1AmaxwnlZg/8dWC
AMIzmmuLqVIcWUIFd+oY/toRSPT3p1dMuG8iCPywjy1QVvSBdTSszSb44bROpIjH
HJJJHGsbxh1upG72S27pRnGD+SghzzRNcGbshchmWS0CgYBkaBXqFCP/YndZ/zZJ
uNZrN1J5/VMn1VryVGe5pDvsxp7zaxH7EGJf5HUnsQruUv+5UkECWnI/lO9vEjLl
bALvyDedqFdxVAG9Moszs+aOGaY6xiUSS2iR3wEE5pvkalxhuYnt0AA3IDzm4wKs
jH40chnqS2qX9/ZT2scQBwSx1Q==
-----END PRIVATE KEY-----

## OpenSSL Server Example.md

      
    Raw
  

              OpenSSL Server Example.md
            
          
    OpenSSL Server Example

This sample code shows how to create an OpenSSL server application.
Compilation

Prerequisites:
$ sudo apt-get install gcc pkg-config libssl-dev openssl
Build:
$ gcc openssl_server.c -lssl -lcrypto -o openssl_server
-- or --
$ gcc openssl_server.c `pkg-config --libs libssl libcrypto` -o openssl_server
Build (Statically):
$ gcc openssl_server.c -static -lssl -lcrypto -ldl -pthread -Wl,--whole-archive -lpthread -Wl,--no-whole-archive -o openssl_server
-- or --
$ gcc openssl_server.c -static `pkg-config --libs --static libssl libcrypto` -Wl,--whole-archive -lpthread -Wl,--no-whole-archive -o openssl_server
Gerating Certification & Private Key Files

To generating new cert.pem and key.pem files, run the following command:
$ openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem
Running and Testing Application

Run the application ($ ./openssl_server) and then open a browser and navigate to https://localhost:12345/.

  
## openssl_server.c
#include <stdio.h>
#include <stdlib.h>

#include <sys/socket.h>
#include <arpa/inet.h>

#include <openssl/ssl.h>
#include <openssl/err.h>

/* openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem */
#define CERTIFICATE_FILE_NAME "cert.pem"
#define PRIVATE_KEY_FILE_NAME "key.pem"

#define PORT_NUMBER 12345

#define SERVER_RESPONSE "HTTP/1.1 200 OK\r\n\r\nHello World!"

int main()
{
    /* Initializing OpenSSL. */

    SSL_load_error_strings();

    OpenSSL_add_ssl_algorithms();

    /* Create context. */

    SSL_CTX* context = SSL_CTX_new(TLSv1_2_server_method());
    if (context == NULL)
    {
        perror("Unable to create SSL context.\n");
        ERR_print_errors_fp(stderr);
        return EXIT_FAILURE;
    }

    /* Configure context. */

    SSL_CTX_set_ecdh_auto(context, 1);

    if (SSL_CTX_use_certificate_file(context, CERTIFICATE_FILE_NAME, SSL_FILETYPE_PEM) <= 0)
    {
        perror("Unable to read cert.pem.\n");
        ERR_print_errors_fp(stderr);
        return EXIT_FAILURE;
    }

    if (SSL_CTX_use_PrivateKey_file(context, PRIVATE_KEY_FILE_NAME, SSL_FILETYPE_PEM) <= 0)
    {
        perror("Unable to read key.pem.\n");
        ERR_print_errors_fp(stderr);
        return EXIT_FAILURE;
    }

    /* Create socket. */

    struct sockaddr_in addr;
    addr.sin_family = AF_INET;
    addr.sin_port = htons(PORT_NUMBER);
    addr.sin_addr.s_addr = htonl(INADDR_ANY);

    int sock = socket(AF_INET, SOCK_STREAM, 0);
    if (sock < 0)
    {
        perror("Unable to create socket.\n");
        exit(EXIT_FAILURE);
    }

    if (bind(sock, (struct sockaddr*)&addr, sizeof(addr)) < 0)
    {
        perror("Unable to bind.\n");
        exit(EXIT_FAILURE);
    }

    if (listen(sock, 1) < 0)
    {
        perror("Unable to listen.\n");
        exit(EXIT_FAILURE);
    }

    /* Handle connections. */
    while(1)
    {
        struct sockaddr_in addr;
        uint len = sizeof(addr);
        int client = accept(sock, (struct sockaddr*)&addr, &len);
        if (client < 0)
        {
            perror("Unable to accept.\n");
            exit(EXIT_FAILURE);
        }

        SSL* ssl = SSL_new(context);

        SSL_set_fd(ssl, client);

        if (SSL_accept(ssl) <= 0)
        {
            perror("Unable to SSL accept.\n");
            ERR_print_errors_fp(stderr);
        }
        else
        {
            printf("New SSL connection accepted.\n");
            SSL_write(ssl, SERVER_RESPONSE, strlen(SERVER_RESPONSE));
        }

        SSL_free(ssl);
        ssl = NULL;

        close(client);
        client = -1;
    }

    /* Cleanup. */

    close(sock);
    sock = -1;

    SSL_CTX_free(context);
    context = NULL;

    EVP_cleanup();

    return EXIT_SUCCESS;
}
	-----BEGIN CERTIFICATE-----
	MIIDazCCAlOgAwIBAgIUUIpiquLgjqfDNnivQgSmP4Ego34wDQYJKoZIhvcNAQEL
	BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
	GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xOTA5MDgxNTE2NDlaFw0yOTA5
	MDUxNTE2NDlaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
	HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
	AQUAA4IBDwAwggEKAoIBAQDSYxdJsATM1OpinK+cLZrpdFFfykKVhIiP2+LGoqOk
	urI1H2qcZ3nRhRCybRrz9ARgJ4h3YM8j8tWkuR3MVxJdgWfuNgV23nLcFmaP7Zfa
	4McQbc6+mtoJ2xXAfIYRDIOvPsbOSHtu4PYVu+OafPj1rkCslI1gItXOtHHMz6CA
	zqWesoLD4LJC+H2zBcj8orxcxxtX0z1+IYOST2IsWOT7Wla+yP7i9jawOSE0I5b5
	iOkZMS3IuXiZM8EXTKYmoWUIoiggkYTrzHKBF2bStBafsiFe2gQ9uXxvtZbPRAUq
	EJ+gnsQOZEHXZhYrpBQ4SorWX6TCX5Fiy2OFy4aE1laBAgMBAAGjUzBRMB0GA1Ud
	DgQWBBQwz4i+rnFMxhZSSG91BxQu+h0SrDAfBgNVHSMEGDAWgBQwz4i+rnFMxhZS
	SG91BxQu+h0SrDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA3
	zDZ3UFNmWlCLA9ZCTZTgyl6FH6zftfwR42fTWawWAJ5vMz3sWiDWqQRVglbZSQNA
	wgED9+nM0PhjBP1XKQFMWOprKYeKV/k7q7Qaq4abcajZEC3Cc0W4IPUpYdAwgXKG
	b04MbV+CtEW6Q3LkxucarPim0nYrt5gZH6H4fRw5+Vcg0kwR0sasXB5BezcpB07g
	aZ9coURqFjyzJKuhnBFe/spmKjPaJzUiMsq4Um2O5wqzVXmSoa2AmChUdB77GcUe
	18EubBNSIHXmKbQ82F46aERhynBKBfL4+aENx38Saa4YE+kZ2dO+212VYDG9214p
	EDus5115Xa1aP+UQC9ZM
	-----END CERTIFICATE-----
	-----BEGIN PRIVATE KEY-----
	MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDSYxdJsATM1Opi
	nK+cLZrpdFFfykKVhIiP2+LGoqOkurI1H2qcZ3nRhRCybRrz9ARgJ4h3YM8j8tWk
	uR3MVxJdgWfuNgV23nLcFmaP7Zfa4McQbc6+mtoJ2xXAfIYRDIOvPsbOSHtu4PYV
	u+OafPj1rkCslI1gItXOtHHMz6CAzqWesoLD4LJC+H2zBcj8orxcxxtX0z1+IYOS
	T2IsWOT7Wla+yP7i9jawOSE0I5b5iOkZMS3IuXiZM8EXTKYmoWUIoiggkYTrzHKB
	F2bStBafsiFe2gQ9uXxvtZbPRAUqEJ+gnsQOZEHXZhYrpBQ4SorWX6TCX5Fiy2OF
	y4aE1laBAgMBAAECggEBAKYI79MGp/MjQUrLz0eZMj11v9ayH/Qx4ThvVzxeFHmn
	oYaNIa0HeLsiobe+pVvLwzxDVs6nxzHerj7OnTarrOHAg84aMhvKmKkawJxr7MEf
	TdqoXlZMjTDkBvmfDIsd7jr6dxlLWKZ7wZoLayd741q4x2+r2Rr6wvPbskfpwAiG
	HxWFf2pk1K2MR8+0qnRVqFkaHoHJDBzmBqDH0knHSIk2iTLxdDW9tZ9f1GdyPRyC
	05ABN5p+byQAqHoVd7pwPF4uNGR6iV2bqhrwnE2Z6JqIEqaEmchmZXmD4dc2TRcw
	gdRRZp/kcG4rFVjttZwOSospv5n5QhvgcLzK4alXLWUCgYEA6zpiS6imvrh6OnC+
	ynnb9zq2EdY34+OZCejSbmRFUj69mfsaG2wz1xXiJvnsJev5ZxSuHHBBy9mnr5Xs
	DYOMVemd0lIGmOcYcHEF/5BR2UwOuUdEFKaCD0Tfk5U3EvY242OXk17zlyso0OKy
	T+eXOZtREvewvaTZDUlM2a1834cCgYEA5Pclc2NzQL0Rm0nHUpIKYjS4Kxwcoovy
	Iy2WLiJ/nLuJryaItNAJRSvi7e+kZ7CDQdYo5bN9tdBVFJ1ybP3b1RWrUCz6IY7O
	xGb10Bn1g8/wp5aK5Eut5D79N4Ys3B6rB8zkm3yvrcsDfG8Gz15yMmwDJZvlDMks
	tHEIOSW6S7cCgYEAoSKnfyiSwQdiQ3JEYDNF6YAAhQt30dZxWYZx0ElD62krPLX0
	VmCyyl4lQ4nkqL2TZXeXJcgIano5EmDjCQbaNWgJQrAJ8Ogtp6jk8QKN7wrY8zbM
	flDpu0f02AZZadXcF7x7cuqSdzWLijwg5ffBcibhTNr76Y1pWl6iFGNxrTUCgYEA
	ltJ+Ju4ho0ln6aTF2Yw9rscPccZIzoHk9Gs4/BbZfMLERU3ay1AmaxwnlZg/8dWC
	AMIzmmuLqVIcWUIFd+oY/toRSPT3p1dMuG8iCPywjy1QVvSBdTSszSb44bROpIjH
	HJJJHGsbxh1upG72S27pRnGD+SghzzRNcGbshchmWS0CgYBkaBXqFCP/YndZ/zZJ
	uNZrN1J5/VMn1VryVGe5pDvsxp7zaxH7EGJf5HUnsQruUv+5UkECWnI/lO9vEjLl
	bALvyDedqFdxVAG9Moszs+aOGaY6xiUSS2iR3wEE5pvkalxhuYnt0AA3IDzm4wKs
	jH40chnqS2qX9/ZT2scQBwSx1Q==
	-----END PRIVATE KEY-----
	#include <stdio.h>
	#include <stdlib.h>

	#include <sys/socket.h>
	#include <arpa/inet.h>

	#include <openssl/ssl.h>
	#include <openssl/err.h>

	/* openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem */
	#define CERTIFICATE_FILE_NAME "cert.pem"
	#define PRIVATE_KEY_FILE_NAME "key.pem"

	#define PORT_NUMBER 12345

	#define SERVER_RESPONSE "HTTP/1.1 200 OK\r\n\r\nHello World!"

	int main()
	{
	/* Initializing OpenSSL. */

	SSL_load_error_strings();

	OpenSSL_add_ssl_algorithms();

	/* Create context. */

	SSL_CTX* context = SSL_CTX_new(TLSv1_2_server_method());
	if (context == NULL)
	{
	perror("Unable to create SSL context.\n");
	ERR_print_errors_fp(stderr);
	return EXIT_FAILURE;
	}

	/* Configure context. */

	SSL_CTX_set_ecdh_auto(context, 1);

	if (SSL_CTX_use_certificate_file(context, CERTIFICATE_FILE_NAME, SSL_FILETYPE_PEM) <= 0)
	{
	perror("Unable to read cert.pem.\n");
	ERR_print_errors_fp(stderr);
	return EXIT_FAILURE;
	}

	if (SSL_CTX_use_PrivateKey_file(context, PRIVATE_KEY_FILE_NAME, SSL_FILETYPE_PEM) <= 0)
	{
	perror("Unable to read key.pem.\n");
	ERR_print_errors_fp(stderr);
	return EXIT_FAILURE;
	}

	/* Create socket. */

	struct sockaddr_in addr;
	addr.sin_family = AF_INET;
	addr.sin_port = htons(PORT_NUMBER);
	addr.sin_addr.s_addr = htonl(INADDR_ANY);

	int sock = socket(AF_INET, SOCK_STREAM, 0);
	if (sock < 0)
	{
	perror("Unable to create socket.\n");
	exit(EXIT_FAILURE);
	}

	if (bind(sock, (struct sockaddr*)&addr, sizeof(addr)) < 0)
	{
	perror("Unable to bind.\n");
	exit(EXIT_FAILURE);
	}

	if (listen(sock, 1) < 0)
	{
	perror("Unable to listen.\n");
	exit(EXIT_FAILURE);
	}

	/* Handle connections. */
	while(1)
	{
	struct sockaddr_in addr;
	uint len = sizeof(addr);
	int client = accept(sock, (struct sockaddr*)&addr, &len);
	if (client < 0)
	{
	perror("Unable to accept.\n");
	exit(EXIT_FAILURE);
	}

	SSL* ssl = SSL_new(context);

	SSL_set_fd(ssl, client);

	if (SSL_accept(ssl) <= 0)
	{
	perror("Unable to SSL accept.\n");
	ERR_print_errors_fp(stderr);
	}
	else
	{
	printf("New SSL connection accepted.\n");
	SSL_write(ssl, SERVER_RESPONSE, strlen(SERVER_RESPONSE));
	}

	SSL_free(ssl);
	ssl = NULL;

	close(client);
	client = -1;
	}

	/* Cleanup. */

	close(sock);
	sock = -1;

	SSL_CTX_free(context);
	context = NULL;

	EVP_cleanup();

	return EXIT_SUCCESS;
	}