openssl test

hoge.c

#include <stdio.h>
#include <unistd.h>

#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/x509v3.h>

int verify_cb(int ok, X509_STORE_CTX* context) {
    printf("verify result: %d\n", ok);
    return 1;  // always succeed; we will catch the error in our get_verify_result() call
}

int main(int argc, char** argv) {

  SSL_CTX *context;
  const char *pemFile = "";
  const char *caFile = "";
  STACK_OF(X509_NAME) *cert_names;
  int ret;

  SSL_library_init();
  SSL_load_error_strings();
  ERR_load_crypto_strings();

  OpenSSL_add_all_algorithms();

  context = SSL_CTX_new(SSLv23_method());
  if (context == NULL) {
    ERR_print_errors_fp(stdout);
    return 1;
  }

  ret = SSL_CTX_use_certificate_chain_file(context, pemFile);
  if (ret == 0) {
    ERR_print_errors_fp(stdout);
    return 1;
  }

  ret = SSL_CTX_use_PrivateKey_file(context, pemFile, SSL_FILETYPE_PEM);
  if (ret == 0) {
      ERR_print_errors_fp(stdout);
    return 1;
  }

  cert_names = SSL_load_client_CA_file(caFile);
  if (cert_names == NULL) {
    ERR_print_errors_fp(stdout);
    return 1;
  }
  SSL_CTX_set_client_CA_list(context, cert_names);

  ret = SSL_CTX_load_verify_locations(context, caFile, NULL);
  if (ret == 0) {
    ERR_print_errors_fp(stdout);
    return 1;
  }

  SSL_CTX_set_verify(context, SSL_VERIFY_PEER, verify_cb);
  sleep(5);

  ERR_free_strings();
  printf("successfully exited\n");
  return 0;
}

Makefile

hoge: hoge.c
        gcc -o $@ -g $^ `pkg-config --cflags --libs /usr/lib/x86_64-linux-gnu/pkgconfig/openssl.pc`

.PHONY: clean run

clean:
        rm -rf hoge hoge.o
run: hoge
        ./hoge