Openssl實現ssl通訊例項

下面例項中使用的證書請參考openssl詳解自行生成

/* 載入使用者的數字證書，此證書用來傳送給客戶端。證書裡包含有公鑰 */

if(ssl_ctx_use_certificate_file(pctx, certificate_path, ssl_filetype_pem) <= 0)

#if 1

/*設定私鑰的解鎖密碼*/

ssl_ctx_set_default_passwd_cb_userdata(pctx, "123456");

#endif

/* 載入使用者私鑰 */

if(ssl_ctx_use_privatekey_file(pctx, private_key_path, ssl_filetype_pem) <= 0)

/* 檢查使用者私鑰是否正確 */

if(ssl_ctx_check_private_key(pctx) <= 0)

/*證書驗證*/

ssl_ctx_set_verify(pctx,ssl_verify_none,null);

ssl_ctx_set_options (pctx, ssl_op_all | ssl_op_no_sslv2 |ssl_op_no_sslv3);

ssl_ctx_set_mode(pctx, ssl_mode_auto_retry);

listen_socket = socket(af_inet,sock_stream,0); /* open the socket */

if(listen_socket < 0)

memset(&serveraddr,0,sizeof(serveraddr));

serveraddr.sin_addr.s_addr= inaddr_any;

serveraddr.sin_family = af_inet;

serveraddr.sin_port = htons(u16port);

if(bind(listen_socket, (struct sockaddr *)&serveraddr, sizeof (serveraddr)) < 0)

if(listen(listen_socket, 5) < 0)

while(1)

/*基於pctx產生乙個新的ssl*/

pssl = ssl_new(pctx);

if(null == pssl)

/*將連線的socket加入到ssl*/

ssl_set_fd(pssl,client_socket);

/*建立ssl連線（握手）*/

if(ssl_accept(pssl) <= 0)

/*接收客戶端的訊息*/

iret = ssl_read(pssl, szbuf, sizeof(szbuf));

if(iret > 0)

/*傳送訊息給客戶端*/

ssl_write(pssl, pretstr, strlen(pretstr));

printf("%s %d \n",__func__,__line__);

/*關閉ssl連線*/

ssl_shutdown(pssl);

close(client_socket);

} }while(0);

if (pssl)

if (pctx)

if(client_socket > 0)

if(listen_socket > 0)

}client.c

#include "stdio.h"
#include #include #include #include #include #include #include const char* phostaddr = "127.0.0.1";
const unsigned short u16port = 10001;
const char* const pcapath = "./ca/democa/cacert.pem";;
#define virify_server_ca 1
int main(int argc ,char*ar**)
; char szsubject[1024]=;
char szissuer[256]=;
do #if virify_server_ca
/*載入ca證書（對端證書需要用ca證書來驗證）*/
if(ssl_ctx_load_verify_locations(pctx,pcapath, null) !=1)
/*設定對端證書驗證*/
ssl_ctx_set_verify(pctx,ssl_verify_peer,null);
#endif
#if 0
if (!ssl_ctx_set_cipher_list (pctx, "all"))
#endif
memset(&remotedevaddr,0,sizeof(remotedevaddr)); 
remotedevaddr.sin_addr.s_addr=inet_addr(phostaddr);
remotedevaddr.sin_family = af_inet;
remotedevaddr.sin_port = htons(u16port);
remote_socket = socket(af_inet,sock_stream,0); /* open the socket */
if(remote_socket < 0)
if(connect(remote_socket, (struct sockaddr *)&remotedevaddr, sizeof (remotedevaddr)) < 0)
/*基於pctx產生乙個新的ssl*/
pssl = ssl_new(pctx);
if(null == pssl)
/*將連線的socket加入到ssl*/
ssl_set_fd(pssl,remote_socket);
/*ssl握手*/
iret = ssl_connect(pssl);
if(iret < 0)
#if virify_server_ca 
/*獲取驗證對端證書的結果*/
if(x509_v_ok != ssl_get_verify_result(pssl))
/*獲取對端證書*/
px509cert = ssl_get_peer_certificate(pssl);
if( null == px509cert)
/*獲取證書使用者屬性*/
px509subject = x509_get_subject_name(px509cert);
if( null == px509subject)
x509_name_oneline(px509subject, szsubject, sizeof(szsubject) -1);
x509_name_oneline(x509_get_issuer_name(px509cert), szissuer, sizeof(szissuer) -1); 
x509_name_get_text_by_nid(px509subject, nid_commonname, szbuf, sizeof(szbuf)-1);
printf("szsubject =%s \nszissuer =%s\n commonname =%s\n",szsubject,szissuer,szbuf);
#endif 
ssl_write(pssl, "hello ssl", strlen("hello ssl"));
printf("client send text:\"hello ssl\" to server\n");
ssl_shutdown(pssl);
}while(0);
#if virify_server_ca
if(px509cert)
#endif
if (pssl)
if (pctx)
if(remote_socket > 0) 
}

makefile:

all:server client .phony:all server:server.c gcc $^ -o $@ -wall -g -lssl client:client.c gcc $^ -o $@ -wall -g -lssl .phony:clean clean:

rm -f server client

串列埠通訊實現

前段時間編寫了串列埠通訊的用的是rs 232資料線 include 標準輸入輸出定義 include 標準函式庫定義 include unix 標準函式定義 include include include include include include define dev dev ttys1 d...

socket通訊實現

為了實現socket的通訊驗證，寫了乙個簡單的客服端向伺服器端通訊的伺服器端 1 版本驗證 word wversionrequested makeword 2 2 wsadata result int err wsastartup wversionrequested,result if err 0...

Thrift協議通訊實現

做乙個demo感受一下整個過程，demo是簡單的計算器功能。1 目錄結構 genphp thrift r gen php server computethrift.thrift lib thrift 的 lib資料夾 computethrift.thrift 介面thrift檔案 computeha...

Openssl實現ssl通訊例項

串列埠通訊實現

socket通訊實現

Thrift協議通訊實現

相關推薦