标签:hand read tools use eth ror pac sel bind
I‘m sorry to hurt those who have difficulty in English but I don‘t have CHS input method installed on my openSUSE. This passage is primitively written for students suffering Computer Networks in BUPT.
Under most Linux Release you can install openssl and libopenssl with your package manager, for example openSUSE:
#zypper in openssl openssl-devel
But on Ubuntu you must run this instead:
#apt-get install openssl libssl-devel
If you are using Windows, go directly to their official wiki and download the binary version that suits you and just install it. This is the easiest way. You can also compile the source code by yourself, seeing this passage.
If you were using JetBrains CLION with CMake, just add the following configure code onto your CMakeLists.txt:
link_libraries(ssl crypto) include_directories(openssl) link_directories(openssl)
Else if you were using Visual Studio, refer to this StackOverflow Question.
Else if you were using other IDEs(Dev-cpp for example), you should have made it clear how to configure its compile settings.
include openssl‘s .h file:
#include <openssl/ssl.h> #include <openssl/bio.h> #include <openssl/err.h>
do initializing work:
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
//ctx is a special structure to storage related configuration about this ssl connection.
SSL_CTX* ctx = SSL_CTX_new(SSLv23_server_method());
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);//using single DH is good for you. See the ref link at the end of this passage for details.
//I‘ll introduce how to gen cert.pem and key.pem later. Be patience.
if (!SSL_CTX_use_certificate_file(ctx, "cert/cert.pem", SSL_FILETYPE_PEM)) {
printf("cert error\n");
}
if (!SSL_CTX_use_PrivateKey_file(ctx, "cert/key.pem", SSL_FILETYPE_PEM)) {
printf("pkey error\n");
}
if (!SSL_CTX_check_private_key(ctx)) {
printf("pkey invalid\n");
}
SSL* ssl = SSL_new(ctx);//Create a ssl connection from ctx configuration.
to generate a self-signed ssl cert and private key, run this with your openssl program:
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out cert.pem
##################################################################################### #key.pem is your PrivateKey file and cert.pem is your CA cert file. Expired day was # #set to 365 days. If you were interested in this command, just google it! #
#####################################################################################
i assumed that you have successfully create a socket and accept it with a handle/FileDescriber(named fd)connection upon port 465, then we shall deal with it:
SSL_set_fd(ssl, fd);//bind this ssl connection upon your fd if(SSL_accept(ssl) <=0){//openssl is smart enough to do handshake itself printf("ssl accept error!"); SSL_shutdown(ssl); SSL_free(ssl); }
and you can enjoy your ssl socket connection, just to do some replacement:
//replace this: send(fd, buf, bufsize, 0); //with this: SSL_write(ssl, buf, bufsize); // //and replace this: recv(fd, r_buf, r_bufsize, 0); //with this: SSL_read(ssl, r_buf, r_bufsize);
https://www.ibm.com/support/knowledgecenter/zh/SSWHYP_4.0.0/com.ibm.apimgmt.cmc.doc/task_apionprem_gernerate_self_signed_openSSL.html
https://stackoverflow.com/questions/7698488/turn-a-simple-socket-into-an-ssl-socket
http://www.cnblogs.com/etangyushan/p/3679457.html
Make a self-signed certificate SSL socket server for you
标签:hand read tools use eth ror pac sel bind
原文地址:http://www.cnblogs.com/predmetch/p/8016117.html
