OpenSSL is a strong Secure Sockets Layer cipher library that includes key cryptographic algorithms , common key and certificate encapsulation management functions , and SSL protocols, and provides a rich set of applications for testing or other purposes.
Direct Programming Steps:
1. First ensure that the computer side has the OpenSSL library, I use the way is directly using the source code, and then compile, compile method can refer to the following link address:
Http://www.wangyan.org/blog/install-openssl-from-source.html
2.Server Terminal Source:
Openssl_server.c
#include <stdio.h> #include <stdlib.h> #include <errno.h> #include <string.h> #include <sys/ types.h> #include <netinet/in.h> #include <sys/socket.h> #include <sys/wait.h> #include < unistd.h> #include <arpa/inet.h> #include <openssl/ssl.h> #include <openssl/err.h># Definemaxbuf1024int Main (int argc,char **argv) {struct sockaddr_inmy_addr,their_addr;unsigned intmyport;charbuf[ Maxbuf + 1] = {0}; Ssl_ctx*ctx;int sockfd,new_fd;socklen_tlen;if (argc! = 4) {printf ("usage:%s [bind port] [Cert_path] [pri_key_path]\n", Argv[0]); return-1;} if (argv[1]) MyPort = Atoi (argv[1]);/* Initialize the OpenSSL library */ssl_library_init (); Openssl_add_all_algorithms (); Ssl_load_error_strings (); ctx = Ssl_ctx_new (Sslv23_server_method ()); if (ctx = = NULL) {ERR_PRINT_ERRORS_FP (stdout); Exit (-1);} /* Load Server certificate */if (Ssl_ctx_use_certificate_file (CTX, argv[2], Ssl_filetype_pem) <= 0) {ERR_PRINT_ERRORS_FP (stdout); Exit (-1);} /* Load the server private key */if (Ssl_ctx_use_privatekey_file (ctx,argv[3],ssl_filetYPE_PEM) <= 0) {ERR_PRINT_ERRORS_FP (stdout); exit (-1);} if (! Ssl_ctx_check_private_key (CTX)) {ERR_PRINT_ERRORS_FP (stdout); Exit (-1); }if ((SOCKFD = socket (pf_inet,sock_stream,0)) = =-1) {perror ("socket"); exit (-1);} else{printf ("Socket created\n");} Bzero (&my_addr,sizeof (MY_ADDR)); my_addr.sin_family = Pf_inet;my_addr.sin_port = Htons (myport); my_addr.sin_ ADDR.S_ADDR = Inaddr_any;if (Bind (SOCKFD, (struct sockaddr*) &my_addr,sizeof (struct sockaddr)) = =-1) {perror ("bind" ); exit (-1);} elseprintf ("binded\n"), if (listen (sockfd,5) = =-1) {perror ("listen"); exit (-1);} elseprintf ("Begin to Listen\n"), while (1) {SSL *ssl;len = sizeof (struct sockaddr), if (new_fd = Accept (SOCKFD, (struct sockaddr*) (&their_addr,&len)) = =-1) {perror ("accept"); exit (-1);} elseprintf ("Server:got connection from%s,port%d,sockfd%d\n", Inet_ntoa (THEIR_ADDR.SIN_ADDR), Ntohs (their_addr.sin_ Port), NEW_FD); SSL = Ssl_new (CTX); SSL_SET_FD (SSL, NEW_FD); if (ssl_accept (SSL) = =-1) { Perror ("accept"); Close (NEW_FD); Break } bzero (buf, maxbuf + 1); strcpy (buf, "server->client"); Len = Ssl_write (SSL, buf, strlen (BUF)); if (len <= 0) {printf ("message '%s ' Send error! Error code: '%d ', error info: '%s ' \ n ', buf, errno, Strerror (errno)); Goto finish; } else printf ("message '%s ' send success!message total size: '%d ' \ n", buf, Len); Bzero (buf, maxbuf + 1); Len = Ssl_read (SSL, buf, maxbuf); if (len > 0) printf ("recv message: '%s ' ok!message total size: '%d ' \ n", buf, Len); else printf ("recv Message Error.error code: '%d ', error info: '%s ' \ n", errno, Strerror (errno)); Finish:ssl_shutdown (SSL); Ssl_free (SSL); Close (NEW_FD);} Close (SOCKFD); Ssl_ctx_free (CTX); return 0;}
3. Compiling
Gcc-o Ssl_server ssl_server.c-wall-g-lssl
On my machine can not be directly compiled through, it is not possible to find the relevant libssl.so library and libcrypto.so library, so I took advantage of the first step to compile the OpenSSL library file, modify GCC as:
Gcc-o Openssl_server openssl_server.c-wall-lssl-lcrypto-l./openssl-1.0.2d/-wl,-rpath=./openssl-1.0.2d
Openssl-1.0.2d is the source folder,-wl,rpath represents the path when the link is compiled.
4. Certificate Request
Private
OpenSSL genrsa-out Privkey.pem 1024
Certificate (Demo certificate, not certified by Certificate authority)
OpenSSL Req-new-x509-key privkey.pem-out cacert.pem-days 1095
5. Running
Usage:openssl_server [Bind port] [Cert_path] [Pri_key_path]
Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.
Linux OpenSSL programming server side