OpenSSL 是一个强大的安全套接字层密码库,囊括主要的密码算法、常用的密钥和证书封装管理功能及SSL协议,并提供丰富的应用程序供测试或其它目的使用。
直接进行编程步骤:
1.首先确保电脑端拥有openssl库,我这采用的方式是直接使用源码,然后进行编译,编译方式可以参考以下链接地址:
http://www.wangyan.org/blog/install-openssl-from-source.html
2.Server端源码:
openssl_server.c
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#define MAXBUF 1024
int main(int argc,char **argv)
{
struct sockaddr_in my_addr,their_addr;
unsigned int myport;
char buf[MAXBUF + 1] = { 0 };
SSL_CTX *ctx;
int sockfd,new_fd;
socklen_t len;
if (argc != 4)
{
printf("Usage:%s [bind port] [CERT_PATH] [PRI_KEY_PATH]\n",argv[0]);
return -1;
}
if (argv[1])
myport = atoi(argv[1]);
/*初始化openssl库*/
SSL_library_init();
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
ctx = SSL_CTX_new(SSLv23_server_method());
if (ctx == NULL)
{
ERR_print_errors_fp(stdout);
exit(-1);
}
/*加载服务器证书*/
if (SSL_CTX_use_certificate_file(ctx, argv[2], SSL_FILETYPE_PEM) <= 0)
{
ERR_print_errors_fp(stdout);
exit(-1);
}
/*加载服务器私钥*/
if (SSL_CTX_use_PrivateKey_file(ctx,argv[3],SSL_FILETYPE_PEM) <= 0)
{
ERR_print_errors_fp(stdout);
exit(-1);
}
if (!SSL_CTX_check_private_key(ctx))
{
ERR_print_errors_fp(stdout);
exit(-1);
}
if ((sockfd = socket(PF_INET,SOCK_STREAM,0)) == -1)
{
perror("socket");
exit(-1);
}
else
{
printf("socket created\n");
}
bzero(&my_addr,sizeof(my_addr));
my_addr.sin_family = PF_INET;
my_addr.sin_port = htons(myport);
my_addr.sin_addr.s_addr = INADDR_ANY;
if (bind(sockfd,(struct sockaddr*)&my_addr,sizeof(struct sockaddr)) == -1)
{
perror("bind");
exit(-1);
}
else
printf("binded\n");
if (listen(sockfd,5) == -1)
{
perror("listen");
exit(-1);
}
else
printf("begin to listen\n");
while(1)
{
SSL *ssl;
len = sizeof(struct sockaddr);
if ((new_fd = accept(sockfd,(struct sockaddr*)&their_addr,&len)) == -1)
{
perror("accept");
exit(-1);
}
else
printf("server:got connection from %s,port %d,sockfd %d\n",inet_ntoa(their_addr.sin_addr),ntohs(their_addr.sin_port),new_fd);
ssl = SSL_new(ctx);
SSL_set_fd(ssl, new_fd);
if (SSL_accept(ssl) == -1) {
perror("accept");
close(new_fd);
break;
}
bzero(buf, MAXBUF + 1);
strcpy(buf, "server->client");
len = SSL_write(ssl, buf, strlen(buf));
if (len <= 0) {
printf("message '%s' send error! error code:'%d',error info:'%s'\n",
buf, errno, strerror(errno));
goto finish;
} else
printf("message '%s' send success!message total size:'%d'\n",
buf, len);
bzero(buf, MAXBUF + 1);
len = SSL_read(ssl, buf, MAXBUF);
if (len > 0)
printf("recv message:'%s' ok!message total size:'%d'\n",
buf, len);
else
printf("recv message error.error code:'%d',error info:'%s'\n",
errno, strerror(errno));
finish:
SSL_shutdown(ssl);
SSL_free(ssl);
close(new_fd);
}
close(sockfd);
SSL_CTX_free(ctx);
return 0;
}
3.编译
gcc -o ssl_server ssl_server.c -Wall -g -lssl在我的机子上不能直接编译通过,提示没法找到相关的libssl.so库和libcrypto.so库,所以我利用了在第一步中编译出来的openssl库文件,修改gcc为:
gcc -o openssl_server openssl_server.c -Wall -lssl -lcrypto -L./openssl-1.0.2d/ -Wl,-rpath=./openssl-1.0.2dopenssl-1.0.2d为源码的文件夹,-Wl,rpath表示编译链接的时候的路径。
4.证书申请
私钥
openssl genrsa -out privkey.pem 1024证书(试玩的证书,未向证书中心认证的)
openssl req -new -x509 -key privkey.pem -out CAcert.pem -days 10955.运行
Usage:openssl_server [bind port] [CERT_PATH] [PRI_KEY_PATH]
版权声明:本文为博主原创文章,未经博主允许不得转载。
原文地址:http://blog.csdn.net/pingd/article/details/47805349
