miwarin/implicittls_svr.c

## implicittls_svr.c
/*
  Implicit TLS のサーバー
  gcc -g implicittls_svr.c -o implicittls_svr -L/usr/lib -I/usr/include -lssl -lcrypto

  クライアントは openssl を使って

    openssl s_client -connect 192.168.1.20:465

  こんな感じでやると楽
*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <openssl/bio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>

#define PORT 465
#define CRT_FILE_PATH "/etc/ssl/myCA/ca.crt"
#define PRIVATE_KEY_PATH "/etc/ssl/myCA/private/ca.key"

int main(int ac, char** av)
{
  int soc;
  struct sockaddr_in sa = {0};
  int optval;
  SSL_CTX *ctx = NULL;
  SSL *ssl = NULL;

  if((soc = socket(AF_INET, SOCK_STREAM, 0)) == -1)
  {
    perror("socket");
    return EXIT_FAILURE;
  }

  sa.sin_family = AF_INET;
  sa.sin_port = htons(PORT);
  sa.sin_addr.s_addr = htonl(INADDR_ANY);

  if(bind(soc, (struct sockaddr*)&sa, sizeof(sa)) == -1)
  {
    perror("bind");
    close(soc);
    return EXIT_FAILURE;
  }

  if(setsockopt(soc, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(int)) == -1)
  {
    perror("setsockopt");
    close(soc);
    return EXIT_FAILURE;
  }

  if(listen(soc, 32) == -1)
  {
    perror("listen");
    close(soc);
    return EXIT_FAILURE;
  }

  for(;;)
  {
    char recv_buf[1024];
    int recv_size;
    int fd;
    if((fd = accept(soc, NULL, NULL)) == -1)
    {
      perror("accept");
      close(soc);
      return EXIT_FAILURE;
    }

    SSL_library_init();
    SSL_load_error_strings();

    /* support SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2 */
    ctx = SSL_CTX_new(SSLv23_method());
    // SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);

    /*
    証明書と秘密鍵は SSL_new の *前* に読み込まないとエラーになる↓
    140170252607936:error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:1404:
     */

    /* 戻り値がわからんぞ */
    SSL_CTX_use_certificate_chain_file(ctx, CRT_FILE_PATH);

    /* 戻り値がわからんぞ */
    SSL_CTX_use_PrivateKey_file(ctx, PRIVATE_KEY_PATH, SSL_FILETYPE_PEM);

    ssl = SSL_new(ctx);

    if (SSL_set_fd(ssl, fd) == 0)
    {
      printf("SSL_set_fd error!\n");
      ERR_print_errors_fp(stderr);
      SSL_free(ssl);
      SSL_CTX_free(ctx);
      close(soc);
      return EXIT_FAILURE;
    }

    if(SSL_accept(ssl) != 1)
    {
      printf("SSL_accept error!\n");
      ERR_print_errors_fp(stderr);
      SSL_free(ssl);
      SSL_CTX_free(ctx);
      close(soc);
      return EXIT_FAILURE;
    }

    if((recv_size = SSL_read(ssl, recv_buf, sizeof(recv_buf) - 1)) <= 0)
    {
      printf("SSL_read error!\n");
      ERR_print_errors_fp(stderr);
      SSL_free(ssl);
      SSL_CTX_free(ctx);
      close(soc);
      return EXIT_FAILURE;
    }
    recv_buf[recv_size] = '\0';
    puts(recv_buf);
    close(fd);
  }

  SSL_free(ssl);
  SSL_CTX_free(ctx);
  close(soc);

  return EXIT_SUCCESS;
}
	/*
	Implicit TLS のサーバー
	gcc -g implicittls_svr.c -o implicittls_svr -L/usr/lib -I/usr/include -lssl -lcrypto

	クライアントは openssl を使って

	openssl s_client -connect 192.168.1.20:465

	こんな感じでやると楽
	*/

	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	#include <unistd.h>
	#include <errno.h>
	#include <sys/types.h>
	#include <sys/socket.h>
	#include <netinet/in.h>
	#include <openssl/bio.h>
	#include <openssl/ssl.h>
	#include <openssl/err.h>

	#define PORT 465
	#define CRT_FILE_PATH "/etc/ssl/myCA/ca.crt"
	#define PRIVATE_KEY_PATH "/etc/ssl/myCA/private/ca.key"

	int main(int ac, char** av)
	{
	int soc;
	struct sockaddr_in sa = {0};
	int optval;
	SSL_CTX *ctx = NULL;
	SSL *ssl = NULL;

	if((soc = socket(AF_INET, SOCK_STREAM, 0)) == -1)
	{
	perror("socket");
	return EXIT_FAILURE;
	}

	sa.sin_family = AF_INET;
	sa.sin_port = htons(PORT);
	sa.sin_addr.s_addr = htonl(INADDR_ANY);

	if(bind(soc, (struct sockaddr*)&sa, sizeof(sa)) == -1)
	{
	perror("bind");
	close(soc);
	return EXIT_FAILURE;
	}

	if(setsockopt(soc, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(int)) == -1)
	{
	perror("setsockopt");
	close(soc);
	return EXIT_FAILURE;
	}

	if(listen(soc, 32) == -1)
	{
	perror("listen");
	close(soc);
	return EXIT_FAILURE;
	}

	for(;;)
	{
	char recv_buf[1024];
	int recv_size;
	int fd;
	if((fd = accept(soc, NULL, NULL)) == -1)
	{
	perror("accept");
	close(soc);
	return EXIT_FAILURE;
	}

	SSL_library_init();
	SSL_load_error_strings();

	/* support SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2 */
	ctx = SSL_CTX_new(SSLv23_method());
	// SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);

	/*
	証明書と秘密鍵は SSL_new の前に読み込まないとエラーになる↓
	140170252607936:error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:1404:
	*/

	/* 戻り値がわからんぞ */
	SSL_CTX_use_certificate_chain_file(ctx, CRT_FILE_PATH);

	/* 戻り値がわからんぞ */
	SSL_CTX_use_PrivateKey_file(ctx, PRIVATE_KEY_PATH, SSL_FILETYPE_PEM);

	ssl = SSL_new(ctx);

	if (SSL_set_fd(ssl, fd) == 0)
	{
	printf("SSL_set_fd error!\n");
	ERR_print_errors_fp(stderr);
	SSL_free(ssl);
	SSL_CTX_free(ctx);
	close(soc);
	return EXIT_FAILURE;
	}

	if(SSL_accept(ssl) != 1)
	{
	printf("SSL_accept error!\n");
	ERR_print_errors_fp(stderr);
	SSL_free(ssl);
	SSL_CTX_free(ctx);
	close(soc);
	return EXIT_FAILURE;
	}

	if((recv_size = SSL_read(ssl, recv_buf, sizeof(recv_buf) - 1)) <= 0)
	{
	printf("SSL_read error!\n");
	ERR_print_errors_fp(stderr);
	SSL_free(ssl);
	SSL_CTX_free(ctx);
	close(soc);
	return EXIT_FAILURE;
	}
	recv_buf[recv_size] = '\0';
	puts(recv_buf);
	close(fd);
	}

	SSL_free(ssl);
	SSL_CTX_free(ctx);
	close(soc);

	return EXIT_SUCCESS;
	}