7ebf7674be
Reviewed by: PR:
126 lines
3.5 KiB
C++
126 lines
3.5 KiB
C++
/* serv.cpp - Minimal ssleay server for Unix
|
|
30.9.1996, Sampo Kellomaki <sampo@iki.fi> */
|
|
|
|
#include <stdio.h>
|
|
#include <memory.h>
|
|
#include <errno.h>
|
|
#include <sys/types.h>
|
|
#include <sys/socket.h>
|
|
#include <netinet/in.h>
|
|
#include <arpa/inet.h>
|
|
#include <netdb.h>
|
|
|
|
#include <openssl/rsa.h> /* SSLeay stuff */
|
|
#include <openssl/crypto.h>
|
|
#include <openssl/x509.h>
|
|
#include <openssl/pem.h>
|
|
#include <openssl/ssl.h>
|
|
#include <openssl/err.h>
|
|
|
|
#define HOME "/usr/users/sampo/sibs/tim/"
|
|
#define CERTF HOME "plain-cert.pem"
|
|
#define KEYF HOME "plain-key.pem"
|
|
|
|
#define CHK_NULL(x) if ((x)==NULL) exit (1)
|
|
#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
|
|
#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
|
|
|
|
void main ()
|
|
{
|
|
int err;
|
|
int listen_sd;
|
|
int sd;
|
|
struct sockaddr_in sa_serv;
|
|
struct sockaddr_in sa_cli;
|
|
int client_len;
|
|
SSL_CTX* ctx;
|
|
SSL* ssl;
|
|
X509* client_cert;
|
|
char* str;
|
|
char buf [4096];
|
|
|
|
/* SSL preliminaries. We keep the certificate and key with the context. */
|
|
|
|
SSL_load_error_strings();
|
|
ctx = SSL_CTX_new (); CHK_NULL(ctx);
|
|
|
|
err = SSL_CTX_use_RSAPrivateKey_file (ctx, KEYF, SSL_FILETYPE_PEM);
|
|
CHK_SSL(err);
|
|
|
|
err = SSL_CTX_use_certificate_file (ctx, CERTF, SSL_FILETYPE_PEM);
|
|
CHK_SSL(err);
|
|
|
|
/* ----------------------------------------------- */
|
|
/* Prepare TCP socket for receiving connections */
|
|
|
|
listen_sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(listen_sd, "socket");
|
|
|
|
memset (&sa_serv, '\0', sizeof(sa_serv));
|
|
sa_serv.sin_family = AF_INET;
|
|
sa_serv.sin_addr.s_addr = INADDR_ANY;
|
|
sa_serv.sin_port = htons (1111); /* Server Port number */
|
|
|
|
err = bind(listen_sd, (struct sockaddr*) &sa_serv,
|
|
sizeof (sa_serv)); CHK_ERR(err, "bind");
|
|
|
|
/* Receive a TCP connection. */
|
|
|
|
err = listen (listen_sd, 5); CHK_ERR(err, "listen");
|
|
|
|
client_len = sizeof(sa_cli);
|
|
sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len);
|
|
CHK_ERR(sd, "accept");
|
|
close (listen_sd);
|
|
|
|
printf ("Connection from %lx, port %x\n",
|
|
sa_cli.sin_addr.s_addr, sa_cli.sin_port);
|
|
|
|
/* ----------------------------------------------- */
|
|
/* TCP connection is ready. Do server side SSL. */
|
|
|
|
ssl = SSL_new (ctx); CHK_NULL(ssl);
|
|
SSL_set_fd (ssl, sd);
|
|
err = SSL_accept (ssl); CHK_SSL(err);
|
|
|
|
/* Get the cipher - opt */
|
|
|
|
printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
|
|
|
|
/* Get client's certificate (note: beware of dynamic allocation) - opt */
|
|
|
|
client_cert = SSL_get_peer_certificate (ssl);
|
|
if (client_cert != NULL) {
|
|
printf ("Client certificate:\n");
|
|
|
|
str = X509_NAME_oneline (X509_get_subject_name (client_cert));
|
|
CHK_NULL(str);
|
|
printf ("\t subject: %s\n", str);
|
|
Free (str);
|
|
|
|
str = X509_NAME_oneline (X509_get_issuer_name (client_cert));
|
|
CHK_NULL(str);
|
|
printf ("\t issuer: %s\n", str);
|
|
Free (str);
|
|
|
|
/* We could do all sorts of certificate verification stuff here before
|
|
deallocating the certificate. */
|
|
|
|
X509_free (client_cert);
|
|
} else
|
|
printf ("Client does not have certificate.\n");
|
|
|
|
/* DATA EXCHANGE - Receive message and send reply. */
|
|
|
|
err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);
|
|
buf[err] = '\0';
|
|
printf ("Got %d chars:'%s'\n", err, buf);
|
|
|
|
err = SSL_write (ssl, "I hear you.", strlen("I hear you.")); CHK_SSL(err);
|
|
|
|
/* Clean up. */
|
|
|
|
close (sd);
|
|
SSL_free (ssl);
|
|
SSL_CTX_free (ctx);
|
|
}
|
|
/* EOF - serv.cpp */
|