miwarin/implicittls_cli_cert.c

## implicittls_cli_cert.c
/*
  Implicit TLS のクライアント(証明書を検証する版)
  gcc -g implicittls_cli_cert.c -o implicittls_cli_cert -L/usr/lib -I/usr/include -lssl -lcrypto
*/

#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
//#include <openssl/bio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>

#define SERVER_ADDR "192.168.1.24"
#define SERVER_PORT 465
#define CA_FILE_PATH "/etc/ssl/myCA/ca.crt"

int main(int ac, char** av)
{
  struct sockaddr_in server_addr;
  struct hostent* host;
  int soc;
  SSL_CTX* ssl_ctx;
  SSL* ssl;
  long x509_verify_result;

  soc = socket(AF_INET, SOCK_STREAM, 0);
  if(soc == -1)
  {
    printf("socket fail: %s", strerror(errno));
    return EXIT_FAILURE;
  }
  puts("socket ok");

  if((host = gethostbyname(SERVER_ADDR)) == NULL)
  {
    printf("socket fail: %s", strerror(errno));
    close(soc);
    return EXIT_FAILURE;
  }
  puts("gethostbyname ok");

  server_addr.sin_family = AF_INET;
  server_addr.sin_port = htons(SERVER_PORT);
  server_addr.sin_addr.s_addr = *(in_addr_t*)host->h_addr_list[0];
  if(connect(soc, (struct sockaddr*)&server_addr, sizeof(server_addr)) == -1)
  {
    printf("connect fail: %s", strerror(errno));
    close(soc);
    return EXIT_FAILURE;
  }
  puts("connect ok");

  SSL_library_init();
  SSL_load_error_strings();

  /* support SSLv3, TLSv1, TLSv1.1 and TLSv1.2 */
  ssl_ctx = SSL_CTX_new(TLS_method());
  ssl = SSL_new(ssl_ctx);
  if(SSL_set_fd(ssl, soc) == 0)
  {
    printf("SSL_set_fd fail: %s", strerror(errno));
    ERR_print_errors_fp(stderr);
    SSL_free(ssl);
    SSL_CTX_free(ssl_ctx);
    close(soc);
    return EXIT_FAILURE;
  }
  puts("SSL_set_fd ok");

  if(SSL_CTX_load_verify_locations(ssl_ctx, CA_FILE_PATH, NULL) != 1)
  {
    printf("SSL_set_fd fail: %s", strerror(errno));
    ERR_print_errors_fp(stderr);
    SSL_free(ssl);
    SSL_CTX_free(ssl_ctx);
    close(soc);
    return EXIT_FAILURE;
  }
  puts("SSL_CTX_load_verify_locations ok");

  if(SSL_connect(ssl) != 1)
  {
    printf("SSL_set_fd fail: %s", strerror(errno));
    ERR_print_errors_fp(stderr);
    SSL_free(ssl);
    SSL_CTX_free(ssl_ctx);
    close(soc);
    return EXIT_FAILURE;
  }
  puts("SSL_connect ok");

  x509_verify_result = SSL_get_verify_result(ssl);
  if(x509_verify_result == 0)
  {
    X509* x509;
    puts("x509_verify_result ok");
    x509 = SSL_get_peer_certificate(ssl);
    puts("--------------------------------------");
    X509_print_fp(stdout, x509);
    puts("--------------------------------------");
  }
  else
  {
    printf("x509_verify_result fail: %s",
      X509_verify_cert_error_string(x509_verify_result));
    ERR_print_errors_fp(stderr);
    SSL_free(ssl);
    SSL_CTX_free(ssl_ctx);
    close(soc);
    return EXIT_FAILURE;
  }
  puts("SSL_get_verify_result ok");

  SSL_shutdown(ssl);
  SSL_free(ssl);
  SSL_CTX_free(ssl_ctx);
  close(soc);

  return EXIT_SUCCESS;
}
	/*
	Implicit TLS のクライアント(証明書を検証する版)
	gcc -g implicittls_cli_cert.c -o implicittls_cli_cert -L/usr/lib -I/usr/include -lssl -lcrypto
	*/

	#include <stdio.h>
	#include <string.h>
	#include <errno.h>
	#include <unistd.h>
	#include <sys/types.h>
	#include <sys/socket.h>
	#include <netinet/in.h>
	#include <netdb.h>
	//#include <openssl/bio.h>
	#include <openssl/ssl.h>
	#include <openssl/err.h>

	#define SERVER_ADDR "192.168.1.24"
	#define SERVER_PORT 465
	#define CA_FILE_PATH "/etc/ssl/myCA/ca.crt"

	int main(int ac, char** av)
	{
	struct sockaddr_in server_addr;
	struct hostent* host;
	int soc;
	SSL_CTX* ssl_ctx;
	SSL* ssl;
	long x509_verify_result;

	soc = socket(AF_INET, SOCK_STREAM, 0);
	if(soc == -1)
	{
	printf("socket fail: %s", strerror(errno));
	return EXIT_FAILURE;
	}
	puts("socket ok");

	if((host = gethostbyname(SERVER_ADDR)) == NULL)
	{
	printf("socket fail: %s", strerror(errno));
	close(soc);
	return EXIT_FAILURE;
	}
	puts("gethostbyname ok");

	server_addr.sin_family = AF_INET;
	server_addr.sin_port = htons(SERVER_PORT);
	server_addr.sin_addr.s_addr = (in_addr_t)host->h_addr_list[0];
	if(connect(soc, (struct sockaddr*)&server_addr, sizeof(server_addr)) == -1)
	{
	printf("connect fail: %s", strerror(errno));
	close(soc);
	return EXIT_FAILURE;
	}
	puts("connect ok");

	SSL_library_init();
	SSL_load_error_strings();

	/* support SSLv3, TLSv1, TLSv1.1 and TLSv1.2 */
	ssl_ctx = SSL_CTX_new(TLS_method());
	ssl = SSL_new(ssl_ctx);
	if(SSL_set_fd(ssl, soc) == 0)
	{
	printf("SSL_set_fd fail: %s", strerror(errno));
	ERR_print_errors_fp(stderr);
	SSL_free(ssl);
	SSL_CTX_free(ssl_ctx);
	close(soc);
	return EXIT_FAILURE;
	}
	puts("SSL_set_fd ok");

	if(SSL_CTX_load_verify_locations(ssl_ctx, CA_FILE_PATH, NULL) != 1)
	{
	printf("SSL_set_fd fail: %s", strerror(errno));
	ERR_print_errors_fp(stderr);
	SSL_free(ssl);
	SSL_CTX_free(ssl_ctx);
	close(soc);
	return EXIT_FAILURE;
	}
	puts("SSL_CTX_load_verify_locations ok");

	if(SSL_connect(ssl) != 1)
	{
	printf("SSL_set_fd fail: %s", strerror(errno));
	ERR_print_errors_fp(stderr);
	SSL_free(ssl);
	SSL_CTX_free(ssl_ctx);
	close(soc);
	return EXIT_FAILURE;
	}
	puts("SSL_connect ok");

	x509_verify_result = SSL_get_verify_result(ssl);
	if(x509_verify_result == 0)
	{
	X509* x509;
	puts("x509_verify_result ok");
	x509 = SSL_get_peer_certificate(ssl);
	puts("--------------------------------------");
	X509_print_fp(stdout, x509);
	puts("--------------------------------------");
	}
	else
	{
	printf("x509_verify_result fail: %s",
	X509_verify_cert_error_string(x509_verify_result));
	ERR_print_errors_fp(stderr);
	SSL_free(ssl);
	SSL_CTX_free(ssl_ctx);
	close(soc);
	return EXIT_FAILURE;
	}
	puts("SSL_get_verify_result ok");

	SSL_shutdown(ssl);
	SSL_free(ssl);
	SSL_CTX_free(ssl_ctx);
	close(soc);

	return EXIT_SUCCESS;
	}