Created
July 25, 2018 08:27
-
-
Save messyidea/b224aabf7b4043a8cad975520718b53b to your computer and use it in GitHub Desktop.
simple ssl server demo
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// 编译:gcc -Wall -o ssl-server test.c -L/usr/lib -lssl -lcrypto | |
// 证书:https://www.akadia.com/services/ssh_test_certificate.html | |
#include <stdio.h> | |
#include <unistd.h> | |
#include <sys/socket.h> | |
#include <arpa/inet.h> | |
#include <openssl/ssl.h> | |
#include <openssl/err.h> | |
int create_socket(int port) | |
{ | |
int s; | |
struct sockaddr_in addr; | |
addr.sin_family = AF_INET; | |
addr.sin_port = htons(port); | |
addr.sin_addr.s_addr = htonl(INADDR_ANY); | |
s = socket(AF_INET, SOCK_STREAM, 0); | |
if (s < 0) { | |
perror("Unable to create socket"); | |
exit(EXIT_FAILURE); | |
} | |
if (bind(s, (struct sockaddr*)&addr, sizeof(addr)) < 0) { | |
perror("Unable to bind"); | |
exit(EXIT_FAILURE); | |
} | |
if (listen(s, 1) < 0) { | |
perror("Unable to listen"); | |
exit(EXIT_FAILURE); | |
} | |
return s; | |
} | |
void init_openssl() | |
{ | |
SSL_load_error_strings(); | |
OpenSSL_add_ssl_algorithms(); | |
} | |
void cleanup_openssl() | |
{ | |
EVP_cleanup(); | |
} | |
SSL_CTX *create_context() | |
{ | |
const SSL_METHOD *method; | |
SSL_CTX *ctx; | |
method = SSLv23_server_method(); | |
ctx = SSL_CTX_new(method); | |
if (!ctx) { | |
perror("Unable to create SSL context"); | |
ERR_print_errors_fp(stderr); | |
exit(EXIT_FAILURE); | |
} | |
return ctx; | |
} | |
void configure_context(SSL_CTX *ctx) | |
{ | |
SSL_CTX_set_ecdh_auto(ctx, 1); | |
/* Set the key and cert */ | |
if (SSL_CTX_use_certificate_file(ctx, "cert.pem", SSL_FILETYPE_PEM) <= 0) { | |
ERR_print_errors_fp(stderr); | |
exit(EXIT_FAILURE); | |
} | |
if (SSL_CTX_use_PrivateKey_file(ctx, "key.pem", SSL_FILETYPE_PEM) <= 0 ) { | |
ERR_print_errors_fp(stderr); | |
exit(EXIT_FAILURE); | |
} | |
} | |
int main(int argc, char **argv) | |
{ | |
int sock; | |
SSL_CTX *ctx; | |
init_openssl(); | |
ctx = create_context(); | |
configure_context(ctx); | |
sock = create_socket(4433); | |
/* Handle connections */ | |
while(1) { | |
struct sockaddr_in addr; | |
uint len = sizeof(addr); | |
SSL *ssl; | |
const char reply[] = "test\n"; | |
int client = accept(sock, (struct sockaddr*)&addr, &len); | |
if (client < 0) { | |
perror("Unable to accept"); | |
exit(EXIT_FAILURE); | |
} | |
ssl = SSL_new(ctx); | |
SSL_set_fd(ssl, client); | |
if (SSL_accept(ssl) <= 0) { | |
ERR_print_errors_fp(stderr); | |
} | |
else { | |
SSL_write(ssl, reply, strlen(reply)); | |
} | |
SSL_free(ssl); | |
close(client); | |
} | |
close(sock); | |
SSL_CTX_free(ctx); | |
cleanup_openssl(); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment