openssl3.2 - 官方dmeo学习 - server-cmod.c

文章目录

    • openssl3.2 - 官方dmeo学习 - server-cmod.c
    • 概述
    • 配置文件格式样例
    • 笔记
    • END

openssl3.2 - 官方dmeo学习 - server-cmod.c

概述

从配置文件中读参数, 建立TLS服务器, 死等客户端来连接. 客户端连接后, 打印客户端发来的内容.
配置文件格式有要求

配置文件格式样例

# Example config module configuration

# Name supplied by application to CONF_modules_load_file
# and section containing configuration
testapp = test_sect

# Comment out the next line to ignore configuration errors
config_diagnostics = 1

[test_sect]
# list of configuration modules

# SSL configuration module
ssl_conf = ssl_sect

[ssl_sect]
# list of SSL configurations
server = server_sect

[server_sect]
# Only support 3 curves
Curves = P-521:P-384:P-256
# Restricted signature algorithms
SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512
# Certificates and keys
RSA.Certificate=server.pem
ECDSA.Certificate=server-ec.pem

如果exe同级目录的2个.pem没摆全, 从配置文件中读取配置建立TLS服务器就会失败.

笔记

/*!
\file server-cmod.c
\brief  从配置文件中读参数, 建立TLS服务器, 死等客户端来连接. 客户端连接后, 打印客户端发来的内容.
        配置文件格式有要求
*/

/*
 * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * A minimal TLS server it ses SSL_CTX_config and a configuration file to
 * set most server parameters.
 */

#include 
#include 
#include 
#include 
#include 
#include 

#include "my_openSSL_lib.h"

int main(int argc, char *argv[])
{
    unsigned char buf[512];
    char *psz_port = "*:4433";
    BIO *bio_in = NULL;
    BIO *bio_ssl, *bio_tmp;
    SSL_CTX *ctx_ssl;
    int ret = EXIT_FAILURE, i;

    ctx_ssl = SSL_CTX_new(TLS_server_method());

    /*! testapp = test_sect */
    if (CONF_modules_load_file("cmod.cnf", "testapp", 0) <= 0) {
        fprintf(stderr, "Error processing config file\n");
        goto err;
    }

    /*!
    如果配置文件中指定的pem没放到程序工作目录, 会失败
    RSA.Certificate=server.pem
    ECDSA.Certificate=server-ec.pem
    */
    if (SSL_CTX_config(ctx_ssl, "server") == 0) {
        fprintf(stderr, "Error configuring server.\n");
        goto err;
    }

    /* Setup server side SSL bio */
    bio_ssl = BIO_new_ssl(ctx_ssl, 0);

    if ((bio_in = BIO_new_accept(psz_port)) == NULL)
        goto err;

    /*
     * This means that when a new connection is accepted on 'in', The ssl_bio
     * will be 'duplicated' and have the new socket BIO push into it.
     * Basically it means the SSL BIO will be automatically setup
     */
    BIO_set_accept_bios(bio_in, bio_ssl);

 again:
    /*
     * The first call will setup the accept socket, and the second will get a
     * socket.  In this loop, the first actual accept will occur in the
     * BIO_read() function.
     */

    if (BIO_do_accept(bio_in) <= 0)
        goto err;

    for (;;) {
        i = BIO_read(bio_in, buf, sizeof(buf));
        if (i == 0) {
            /*
             * If we have finished, remove the underlying BIO stack so the
             * next time we call any function for this BIO, it will attempt
             * to do an accept
             */
            printf("Done\n");
            bio_tmp = BIO_pop(bio_in);
            BIO_free_all(bio_tmp);
            goto again;
        }
        if (i < 0) {
            if (BIO_should_retry(bio_in))
                continue;
            goto err;
        }
        fwrite(buf, 1, i, stdout);
        fflush(stdout);
    }

    ret = EXIT_SUCCESS;
 err:
    if (ret != EXIT_SUCCESS)
        ERR_print_errors_fp(stderr);
    BIO_free(bio_in);
    return ret;
}

END

你可能感兴趣的:(openSSL,openSSL)