Linux OpenSSL programming server side

OpenSSL is a strong Secure Sockets Layer cipher library that includes key cryptographic algorithms , common key and certificate encapsulation management functions , and SSL protocols, and provides a rich set of applications for testing or other purposes.

Direct Programming Steps:

1. First ensure that the computer side has the OpenSSL library, I use the way is directly using the source code, and then compile, compile method can refer to the following link address:

Http://www.wangyan.org/blog/install-openssl-from-source.html

2.Server Terminal Source:

Openssl_server.c

#include <stdio.h> #include <stdlib.h> #include <errno.h> #include <string.h> #include <sys/ types.h> #include <netinet/in.h> #include <sys/socket.h> #include <sys/wait.h> #include < unistd.h> #include <arpa/inet.h> #include <openssl/ssl.h> #include <openssl/err.h># Definemaxbuf1024int Main (int argc,char **argv) {struct sockaddr_inmy_addr,their_addr;unsigned intmyport;charbuf[ Maxbuf + 1] = {0}; Ssl_ctx*ctx;int sockfd,new_fd;socklen_tlen;if (argc! = 4) {printf ("usage:%s [bind port] [Cert_path] [pri_key_path]\n", Argv[0]); return-1;} if (argv[1]) MyPort = Atoi (argv[1]);/* Initialize the OpenSSL library */ssl_library_init (); Openssl_add_all_algorithms (); Ssl_load_error_strings (); ctx = Ssl_ctx_new (Sslv23_server_method ()); if (ctx = = NULL) {ERR_PRINT_ERRORS_FP (stdout); Exit (-1);} /* Load Server certificate */if (Ssl_ctx_use_certificate_file (CTX, argv[2], Ssl_filetype_pem) <= 0) {ERR_PRINT_ERRORS_FP (stdout); Exit (-1);} /* Load the server private key */if (Ssl_ctx_use_privatekey_file (ctx,argv[3],ssl_filetYPE_PEM) <= 0) {ERR_PRINT_ERRORS_FP (stdout); exit (-1);} if (!        Ssl_ctx_check_private_key (CTX)) {ERR_PRINT_ERRORS_FP (stdout);    Exit (-1); }if ((SOCKFD = socket (pf_inet,sock_stream,0)) = =-1) {perror ("socket"); exit (-1);} else{printf ("Socket created\n");} Bzero (&my_addr,sizeof (MY_ADDR)); my_addr.sin_family = Pf_inet;my_addr.sin_port = Htons (myport); my_addr.sin_ ADDR.S_ADDR = Inaddr_any;if (Bind (SOCKFD, (struct sockaddr*) &my_addr,sizeof (struct sockaddr)) = =-1) {perror ("bind" ); exit (-1);} elseprintf ("binded\n"), if (listen (sockfd,5) = =-1) {perror ("listen"); exit (-1);} elseprintf ("Begin to Listen\n"), while (1) {SSL *ssl;len = sizeof (struct sockaddr), if (new_fd = Accept (SOCKFD, (struct sockaddr*) (&their_addr,&len)) = =-1) {perror ("accept"); exit (-1);} elseprintf ("Server:got connection from%s,port%d,sockfd%d\n", Inet_ntoa (THEIR_ADDR.SIN_ADDR), Ntohs (their_addr.sin_        Port), NEW_FD);        SSL = Ssl_new (CTX);        SSL_SET_FD (SSL, NEW_FD);        if (ssl_accept (SSL) = =-1) {    Perror ("accept");            Close (NEW_FD);        Break        } bzero (buf, maxbuf + 1);        strcpy (buf, "server->client"); Len = Ssl_write (SSL, buf, strlen (BUF)); if (len <= 0) {printf ("message '%s ' Send error!            Error code: '%d ', error info: '%s ' \ n ', buf, errno, Strerror (errno));        Goto finish;        } else printf ("message '%s ' send success!message total size: '%d ' \ n", buf, Len);        Bzero (buf, maxbuf + 1);        Len = Ssl_read (SSL, buf, maxbuf);        if (len > 0) printf ("recv message: '%s ' ok!message total size: '%d ' \ n", buf, Len);      else printf ("recv Message Error.error code: '%d ', error info: '%s ' \ n", errno, Strerror (errno));        Finish:ssl_shutdown (SSL);        Ssl_free (SSL);    Close (NEW_FD);}    Close (SOCKFD);    Ssl_ctx_free (CTX); return 0;}

3. Compiling

Gcc-o Ssl_server ssl_server.c-wall-g-lssl

On my machine can not be directly compiled through, it is not possible to find the relevant libssl.so library and libcrypto.so library, so I took advantage of the first step to compile the OpenSSL library file, modify GCC as:

Gcc-o Openssl_server openssl_server.c-wall-lssl-lcrypto-l./openssl-1.0.2d/-wl,-rpath=./openssl-1.0.2d

Openssl-1.0.2d is the source folder,-wl,rpath represents the path when the link is compiled.

4. Certificate Request

Private

OpenSSL genrsa-out Privkey.pem 1024

Certificate (Demo certificate, not certified by Certificate authority)

OpenSSL Req-new-x509-key privkey.pem-out cacert.pem-days 1095

5. Running

Usage:openssl_server [Bind port] [Cert_path] [Pri_key_path]

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Linux OpenSSL programming server side