Created
July 27, 2018 04:03
-
-
Save miwarin/ca1af253fb156115fd71ff50c36c04db to your computer and use it in GitHub Desktop.
Implicit TLS のクライアント(証明書を検証する版)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
Implicit TLS のクライアント(証明書を検証する版) | |
gcc -g implicittls_cli_cert.c -o implicittls_cli_cert -L/usr/lib -I/usr/include -lssl -lcrypto | |
*/ | |
#include <stdio.h> | |
#include <string.h> | |
#include <errno.h> | |
#include <unistd.h> | |
#include <sys/types.h> | |
#include <sys/socket.h> | |
#include <netinet/in.h> | |
#include <netdb.h> | |
//#include <openssl/bio.h> | |
#include <openssl/ssl.h> | |
#include <openssl/err.h> | |
#define SERVER_ADDR "192.168.1.24" | |
#define SERVER_PORT 465 | |
#define CA_FILE_PATH "/etc/ssl/myCA/ca.crt" | |
int main(int ac, char** av) | |
{ | |
struct sockaddr_in server_addr; | |
struct hostent* host; | |
int soc; | |
SSL_CTX* ssl_ctx; | |
SSL* ssl; | |
long x509_verify_result; | |
soc = socket(AF_INET, SOCK_STREAM, 0); | |
if(soc == -1) | |
{ | |
printf("socket fail: %s", strerror(errno)); | |
return EXIT_FAILURE; | |
} | |
puts("socket ok"); | |
if((host = gethostbyname(SERVER_ADDR)) == NULL) | |
{ | |
printf("socket fail: %s", strerror(errno)); | |
close(soc); | |
return EXIT_FAILURE; | |
} | |
puts("gethostbyname ok"); | |
server_addr.sin_family = AF_INET; | |
server_addr.sin_port = htons(SERVER_PORT); | |
server_addr.sin_addr.s_addr = *(in_addr_t*)host->h_addr_list[0]; | |
if(connect(soc, (struct sockaddr*)&server_addr, sizeof(server_addr)) == -1) | |
{ | |
printf("connect fail: %s", strerror(errno)); | |
close(soc); | |
return EXIT_FAILURE; | |
} | |
puts("connect ok"); | |
SSL_library_init(); | |
SSL_load_error_strings(); | |
/* support SSLv3, TLSv1, TLSv1.1 and TLSv1.2 */ | |
ssl_ctx = SSL_CTX_new(TLS_method()); | |
ssl = SSL_new(ssl_ctx); | |
if(SSL_set_fd(ssl, soc) == 0) | |
{ | |
printf("SSL_set_fd fail: %s", strerror(errno)); | |
ERR_print_errors_fp(stderr); | |
SSL_free(ssl); | |
SSL_CTX_free(ssl_ctx); | |
close(soc); | |
return EXIT_FAILURE; | |
} | |
puts("SSL_set_fd ok"); | |
if(SSL_CTX_load_verify_locations(ssl_ctx, CA_FILE_PATH, NULL) != 1) | |
{ | |
printf("SSL_set_fd fail: %s", strerror(errno)); | |
ERR_print_errors_fp(stderr); | |
SSL_free(ssl); | |
SSL_CTX_free(ssl_ctx); | |
close(soc); | |
return EXIT_FAILURE; | |
} | |
puts("SSL_CTX_load_verify_locations ok"); | |
if(SSL_connect(ssl) != 1) | |
{ | |
printf("SSL_set_fd fail: %s", strerror(errno)); | |
ERR_print_errors_fp(stderr); | |
SSL_free(ssl); | |
SSL_CTX_free(ssl_ctx); | |
close(soc); | |
return EXIT_FAILURE; | |
} | |
puts("SSL_connect ok"); | |
x509_verify_result = SSL_get_verify_result(ssl); | |
if(x509_verify_result == 0) | |
{ | |
X509* x509; | |
puts("x509_verify_result ok"); | |
x509 = SSL_get_peer_certificate(ssl); | |
puts("--------------------------------------"); | |
X509_print_fp(stdout, x509); | |
puts("--------------------------------------"); | |
} | |
else | |
{ | |
printf("x509_verify_result fail: %s", | |
X509_verify_cert_error_string(x509_verify_result)); | |
ERR_print_errors_fp(stderr); | |
SSL_free(ssl); | |
SSL_CTX_free(ssl_ctx); | |
close(soc); | |
return EXIT_FAILURE; | |
} | |
puts("SSL_get_verify_result ok"); | |
SSL_shutdown(ssl); | |
SSL_free(ssl); | |
SSL_CTX_free(ssl_ctx); | |
close(soc); | |
return EXIT_SUCCESS; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment