diff options
Diffstat (limited to 'demos/ssl/serv.cpp')
-rw-r--r-- | demos/ssl/serv.cpp | 126 |
1 files changed, 126 insertions, 0 deletions
diff --git a/demos/ssl/serv.cpp b/demos/ssl/serv.cpp new file mode 100644 index 0000000000..8681f2f22b --- /dev/null +++ b/demos/ssl/serv.cpp @@ -0,0 +1,126 @@ +/* serv.cpp - Minimal ssleay server for Unix + 30.9.1996, Sampo Kellomaki <sampo@iki.fi> */ + +#include <stdio.h> +#include <memory.h> +#include <errno.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> +#include <netdb.h> + +#include "rsa.h" /* SSLeay stuff */ +#include "crypto.h" +#include "x509.h" +#include "pem.h" +#include "ssl.h" +#include "err.h" + +#define HOME "/usr/users/sampo/sibs/tim/" +#define CERTF HOME "plain-cert.pem" +#define KEYF HOME "plain-key.pem" + +#define CHK_NULL(x) if ((x)==NULL) exit (1) +#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); } +#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); } + +void main () +{ + int err; + int listen_sd; + int sd; + struct sockaddr_in sa_serv; + struct sockaddr_in sa_cli; + int client_len; + SSL_CTX* ctx; + SSL* ssl; + X509* client_cert; + char* str; + char buf [4096]; + + /* SSL preliminaries. We keep the certificate and key with the context. */ + + SSL_load_error_strings(); + ctx = SSL_CTX_new (); CHK_NULL(ctx); + + err = SSL_CTX_use_RSAPrivateKey_file (ctx, KEYF, SSL_FILETYPE_PEM); + CHK_SSL(err); + + err = SSL_CTX_use_certificate_file (ctx, CERTF, SSL_FILETYPE_PEM); + CHK_SSL(err); + + /* ----------------------------------------------- */ + /* Prepare TCP socket for receiving connections */ + + listen_sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(listen_sd, "socket"); + + memset (&sa_serv, '\0', sizeof(sa_serv)); + sa_serv.sin_family = AF_INET; + sa_serv.sin_addr.s_addr = INADDR_ANY; + sa_serv.sin_port = htons (1111); /* Server Port number */ + + err = bind(listen_sd, (struct sockaddr*) &sa_serv, + sizeof (sa_serv)); CHK_ERR(err, "bind"); + + /* Receive a TCP connection. */ + + err = listen (listen_sd, 5); CHK_ERR(err, "listen"); + + client_len = sizeof(sa_cli); + sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len); + CHK_ERR(sd, "accept"); + close (listen_sd); + + printf ("Connection from %lx, port %x\n", + sa_cli.sin_addr.s_addr, sa_cli.sin_port); + + /* ----------------------------------------------- */ + /* TCP connection is ready. Do server side SSL. */ + + ssl = SSL_new (ctx); CHK_NULL(ssl); + SSL_set_fd (ssl, sd); + err = SSL_accept (ssl); CHK_SSL(err); + + /* Get the cipher - opt */ + + printf ("SSL connection using %s\n", SSL_get_cipher (ssl)); + + /* Get client's certificate (note: beware of dynamic allocation) - opt */ + + client_cert = SSL_get_peer_certificate (ssl); + if (client_cert != NULL) { + printf ("Client certificate:\n"); + + str = X509_NAME_oneline (X509_get_subject_name (client_cert)); + CHK_NULL(str); + printf ("\t subject: %s\n", str); + Free (str); + + str = X509_NAME_oneline (X509_get_issuer_name (client_cert)); + CHK_NULL(str); + printf ("\t issuer: %s\n", str); + Free (str); + + /* We could do all sorts of certificate verification stuff here before + deallocating the certificate. */ + + X509_free (client_cert); + } else + printf ("Client does not have certificate.\n"); + + /* DATA EXCHANGE - Receive message and send reply. */ + + err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err); + buf[err] = '\0'; + printf ("Got %d chars:'%s'\n", err, buf); + + err = SSL_write (ssl, "I hear you.", strlen("I hear you.")); CHK_SSL(err); + + /* Clean up. */ + + close (sd); + SSL_free (ssl); + SSL_CTX_free (ctx); +} +/* EOF - serv.cpp */ |