├── README.md ├── certs ├── client │ ├── client.crt │ ├── client.csr │ └── client.key ├── root │ ├── root.crt │ ├── root.csr │ ├── root.key │ └── root.srl └── server │ ├── server.crt │ ├── server.csr │ └── server.key ├── makefile ├── ssl_client.c ├── ssl_common.h └── ssl_server.c /README.md: -------------------------------------------------------------------------------- 1 | ## ssl_socket_demo 2 | 基于OpenSSL工具包实现SSL Client/Server简单安全交互程序 3 | 4 | ### 一、关于客户端及服务端程序的编译: 5 | ```bash 6 | $ make #编译 7 | $ make clean #编译清除 8 | ``` 9 | 10 | ### 二、涉及到证书及密钥生成方法说明: 11 | 12 | #### 1、CA根密钥及证书生成过程: 13 | ```bash 14 | # 生成根密钥 15 | $ openssl genrsa -des3 -out root.key 16 | # 生成根证书 17 | $ openssl req -new -key root.key -out root.csr 18 | # 根证书自签名 19 | $ openssl x509 -req -days 3650 -sha1 -extensions v3_ca -signkey root.key -in root.csr -out root.crt 20 | ``` 21 | 22 | #### 2、服务端密钥及证书生成过程: 23 | ```bash 24 | # 生成服务端密钥 25 | $ openssl genrsa -des3 -out server.key 2048 26 | # 生成服务端证书 27 | $ openssl req -new -key server.key -out server.csr 28 | # 使用根证书及密钥签发服务端子证书 29 | $ openssl x509 -req -days 3650 -sha1 -extensions v3_req -CA root.crt -CAkey root.key -CAcreateserial -in server.csr -out server.crt 30 | ``` 31 | #### 3、客户端密钥及证书生成过程: 32 | ```bash 33 | # 生成客户端密钥 34 | $ openssl genrsa -des3 -out client.key 2048 35 | # 生成客户端证书 36 | $ openssl req -new -key client.key -out client.csr 37 | # 使用根证书及密钥签发客户端子证书 38 | $ openssl x509 -req -days 3650 -sha1 -extensions v3_req -CA root.crt -CAkey root.key -CAcreateserial -in client.csr -out client.crt 39 | ``` 40 | **合并证书和密钥生成PFX文件:** 41 | ```bash 42 | # PFX格式供客户端安装 43 | $ openssl pkcs12 -export -in client.crt -inkey client.key -out client.pfx 44 | ``` 45 | 46 | -------------------------------------------------------------------------------- /certs/client/client.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICuTCCAmMCCQD7tOV7IrV3gTANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJD 3 | TjEQMA4GA1UECBMHc2ljaHVhbjEQMA4GA1UEBxMHY2hlbmdkdTELMAkGA1UEChMC 4 | d3MxCzAJBgNVBAsTAndzMQ0wCwYDVQQDEwRyb290MSEwHwYJKoZIhvcNAQkBFhJy 5 | b290QHdvbmRlcnNvZnQuY24wHhcNMTUwMzA4MTcxMTE4WhcNMjUwMzA1MTcxMTE4 6 | WjCBgTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB3NpY2h1YW4xEDAOBgNVBAcTB2No 7 | ZW5nZHUxCzAJBgNVBAoTAndzMQswCQYDVQQLEwJ3czEPMA0GA1UEAxMGY2xpZW50 8 | MSMwIQYJKoZIhvcNAQkBFhRjbGllbnRAd29uZGVyc29mdC5jbjCCASIwDQYJKoZI 9 | hvcNAQEBBQADggEPADCCAQoCggEBAMJJV+xlIrapc1BNpnhEcTICEQyJaTvr/Wbq 10 | p/Wc58q7a7aILkIIlTfc8pDhgM37twrKq9mcfQG3KO43m+rTa3I60kJaKhI2WZhK 11 | +VxxtU170EcilgDVi1VFaPaBzHeNUcKaFnALq+TmMsuKPyalBTwzJL9FIxXHdy23 12 | ORwQ0BXrOoARRA2Q2aS+QLIYAqht598jpOtV3XBWSTxT8RL0o7bmgtBt6Cz55scz 13 | 6s1gcSvY3MQSzHfwBlZILx8d393+Px8Rv2BbDgDd2ZIw6Yqqjdb65goKhuJvoIn6 14 | gF6oa0jtyVs2SstBHRZLCkS8UcG6tC7/CgtKLxDxoNWK/Krzc1MCAwEAATANBgkq 15 | hkiG9w0BAQUFAANBADai/Cv4SEch0rximJmNlZJo9h+PLHgrbQzCReNPzWh3Iu4z 16 | bJRkyALxHvQXN2ptZMi0I28pACZjF3uDKPRDm4I= 17 | -----END CERTIFICATE----- 18 | -------------------------------------------------------------------------------- /certs/client/client.csr: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIICxzCCAa8CAQAwgYExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdzaWNodWFuMRAw 3 | DgYDVQQHEwdjaGVuZ2R1MQswCQYDVQQKEwJ3czELMAkGA1UECxMCd3MxDzANBgNV 4 | BAMTBmNsaWVudDEjMCEGCSqGSIb3DQEJARYUY2xpZW50QHdvbmRlcnNvZnQuY24w 5 | ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCSVfsZSK2qXNQTaZ4RHEy 6 | AhEMiWk76/1m6qf1nOfKu2u2iC5CCJU33PKQ4YDN+7cKyqvZnH0BtyjuN5vq02ty 7 | OtJCWioSNlmYSvlccbVNe9BHIpYA1YtVRWj2gcx3jVHCmhZwC6vk5jLLij8mpQU8 8 | MyS/RSMVx3cttzkcENAV6zqAEUQNkNmkvkCyGAKobeffI6TrVd1wVkk8U/ES9KO2 9 | 5oLQbegs+ebHM+rNYHEr2NzEEsx38AZWSC8fHd/d/j8fEb9gWw4A3dmSMOmKqo3W 10 | +uYKCobib6CJ+oBeqGtI7clbNkrLQR0WSwpEvFHBurQu/woLSi8Q8aDVivyq83NT 11 | AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAaEGtl9ComdgsJHy3uY8xQVYNhoj1 12 | nKApALlDbtFlfkUlPfg+uv+FLvnE/9XTaOL1JXsLls69ujxDHgPdT0xPcvgLpWGJ 13 | Cnh8nuCHKV4Z5qzQIbaSm8uLAkY1n/Vwe8dzxZMwingHqVYhedNifWFJOZuZISr4 14 | PFxqk9menBbEKMyZ0WKjdecNYb5QhallSf8nTJKwSb7E67OO+8u0f/mG5V7MXEyY 15 | B0H8p4+g4ROYLzJOVaB1+e7coJ4snNqDl4OZJLYgvmKq0OZ36pWqWUtTcOhDcqaS 16 | SinWHRcnQiFiFiNTSAVG1YHlYedx6MRmLtryXZdDm6mrdzU9O6YHyuLP/A== 17 | -----END CERTIFICATE REQUEST----- 18 | -------------------------------------------------------------------------------- /certs/client/client.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | Proc-Type: 4,ENCRYPTED 3 | DEK-Info: DES-EDE3-CBC,613B92D596BA1C3E 4 | 5 | SKj0LxPI4gwvBTjxrDpHdvnzmxhPaRzqlZnU1e4xR4GM7nsSjEOITU9wJN8lY7/U 6 | NesCZk8G+bbOZ6Rc3TmPiG/usqnYCQx/uE+baOAYADWNRfqWmPedATHLzjZ4NVt5 7 | KXe8CwRXxSsiMefGp9lf0idnQnGbSeS59abNifdnCfXORoezzIfkkLTECI+pQQZQ 8 | 5AfeD+RlqpqGsN8SakNhUOLWTGT2OafMtB9jCN8ZrZfFDqTYH++MnVL4Ld3uweVC 9 | wfGRWRkaD8wXSULuLP8BoWfmGY7FWIgxXKY4UxXsTYrDBd0dY7RK81xJaZxZvNLp 10 | ZtF6x0t3rTdeDwazuJvGCb209dE51FFZbEp04f9s/brgM1HbCgXKJJMM1Q0UgU9y 11 | sKPkFa/ekFBqZn5T4z2EYJ7LWcxNHi4IpG0YqcR8QoTEFAz+w8mRZABrSl0EUCnd 12 | eZkk0q33twMenCTP51fKcuH3t/7KW4jv7uzs0UbMOfDFx9I0UgPsEQE0JJKxEGH9 13 | H9vMZIAJOPZgd8eqRYWcEqTHpvP95sLILdGTAUPeJ9QgQj/YclURI1VzdyNtDA9d 14 | C+ttonJQoCmTD+7SCr/CphLueX3FSxqO7U87p7iECT/ONwN7qWv7OnIpNQAk6Do8 15 | zsLGFNJJrZJNJoZm6JOb0bXJvkbNem83oPYdhUB9jP9nvAOSYtOHldQhyMsGxtb9 16 | CuRS5KyZ/mv6nlAXj8S08rQ4zpeX/JpqduO3tLPZzxALlvSFZkqJQhPa4Y7pQTuu 17 | gvU+qTq8ud8DHS3bDjm3S6rTEwy92WRShiV+fKRKQd/eS8OjbHvQ7p3L7r7HJUjz 18 | zvqH5JU0VrY1C++VM3uK9RMUsl3scsRaoXv0qfzTczW1ack6X69aQYkpNvBvGTFQ 19 | gXmmR46bWlxqH3/LzKYivHFFTw3YPFraV4ynrFcyr238T1xH+fFq/mTVjoWusIvX 20 | WuB4afU+BmCYskIL/uPFnyjOyrRpKOfmnZrihle6sacXzVZZzeZEeEC1tEthmmu5 21 | FGumhb++oc2Rhxi4ynLHjfZf16hOhWJxL82D+Xc2Hl/b8OBMUDW4loepbzaqNjmU 22 | ksSGro7FLImlycmwPOU1z67gf2lPHwYKmxAO2UIiCPaIknSywSrmLpiMsksoDB3c 23 | sFV9M/x19c/P0BEE+bbMInU3BKpAWMgV3Fnn3NPRJjd6C9+AU80P8Ojo8ufLl4Vd 24 | WA1aLr9ngzo0lNSwn+oLnuPfNPP9Ex/ZoAmkSF4d2kVoxmkJvWYqsXZTBo0KaE66 25 | D/SF65Z4T9tn9z90GcbYSsLgB1JdyzyWDkuMuU4IsGrYIWerLVmUZ6fK5HRB6TLB 26 | PHysN1D37b+tYIbtKXBSttINL8sUSR1yfT4mF5EkQ8Z0RgSbCgu3hYfMKrVNAQSy 27 | B51Llcs4u5vBFEdK7quC5VAOvKmTDQngGgocDWgX9eOD6KlQ8ObSF2VGif1cPko2 28 | W0lJJfCMX1EcmYmPOyvGGKYzKB7ycNM+gPMZn90CsJC0Zmml+5zR29Zm5HhzZsLk 29 | Qx7t4CQ1OJLOZLHM5ogyWSuOWNjYe3oJ8aRXnaDSRve3OiR98PtdKX4u4f6mS1D0 30 | -----END RSA PRIVATE KEY----- 31 | -------------------------------------------------------------------------------- /certs/root/root.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIB7DCCAZYCCQCQAv02xxCF4DANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJD 3 | TjEQMA4GA1UECBMHc2ljaHVhbjEQMA4GA1UEBxMHY2hlbmdkdTELMAkGA1UEChMC 4 | d3MxCzAJBgNVBAsTAndzMQ0wCwYDVQQDEwRyb290MSEwHwYJKoZIhvcNAQkBFhJy 5 | b290QHdvbmRlcnNvZnQuY24wHhcNMTUwMzA4MTcwNTQzWhcNMjUwMzA1MTcwNTQz 6 | WjB9MQswCQYDVQQGEwJDTjEQMA4GA1UECBMHc2ljaHVhbjEQMA4GA1UEBxMHY2hl 7 | bmdkdTELMAkGA1UEChMCd3MxCzAJBgNVBAsTAndzMQ0wCwYDVQQDEwRyb290MSEw 8 | HwYJKoZIhvcNAQkBFhJyb290QHdvbmRlcnNvZnQuY24wXDANBgkqhkiG9w0BAQEF 9 | AANLADBIAkEAvJZnJlS6KO6UlHjb9hpFke84TMnzCz6XpCdG5tW3arRflR3fau6u 10 | f5K/Fr+YBjWWyWNY6O1MAPbTixJvrDc9KwIDAQABMA0GCSqGSIb3DQEBBQUAA0EA 11 | RiZrgaMpm6uD7z0o9HOSuIaxwa0fTeIAxnDRbyvjfwto0g2HKy6qPYeFplPbF4e4 12 | o+BRrbQU07OR4j93fo3uVw== 13 | -----END CERTIFICATE----- 14 | -------------------------------------------------------------------------------- /certs/root/root.csr: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIIBNzCB4gIBADB9MQswCQYDVQQGEwJDTjEQMA4GA1UECBMHc2ljaHVhbjEQMA4G 3 | A1UEBxMHY2hlbmdkdTELMAkGA1UEChMCd3MxCzAJBgNVBAsTAndzMQ0wCwYDVQQD 4 | EwRyb290MSEwHwYJKoZIhvcNAQkBFhJyb290QHdvbmRlcnNvZnQuY24wXDANBgkq 5 | hkiG9w0BAQEFAANLADBIAkEAvJZnJlS6KO6UlHjb9hpFke84TMnzCz6XpCdG5tW3 6 | arRflR3fau6uf5K/Fr+YBjWWyWNY6O1MAPbTixJvrDc9KwIDAQABoAAwDQYJKoZI 7 | hvcNAQEFBQADQQAq/F3HZTvxYH6V38BnykGfW8slwJVb2A1s12M8uy9tl4qAtn/h 8 | b9jUg9gmixuFYybYvLGitjbGXeNgQCZafBcb 9 | -----END CERTIFICATE REQUEST----- 10 | -------------------------------------------------------------------------------- /certs/root/root.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | Proc-Type: 4,ENCRYPTED 3 | DEK-Info: DES-EDE3-CBC,0517D61BEB7C5EE4 4 | 5 | jB9XJN3yxCOTpQjsxnPOty9ydV5Pa8ch3f3hwJk6Nt1tCWkVXF/EPKwVrGEyaDaD 6 | 4N5IAj3DtVLotC6UHMCJXXEOT+XNGEaQfcYV/Gh+QQi2ygqP2YXLPSGqo89p/9WN 7 | ffBMGWFl/DIUvRsdMDk0Kkv8DPGb9BOXCSM1hj76fx+PH9pyJDA1i0xtrefw1Ksc 8 | 2JFc4LdIDcUl2Jolb3alUMviyQnmyefpqOWM8zBubaSMK5IIv5tuQ9xbZyvqzImb 9 | m6F/p7gepkvptrQIMRIxzlcprtQyKLOa26KEgRgnxJCZ0ke+k3rbcA270TD4XKsE 10 | AWTq4eIhO8Hx+O6IsEWSU7htLlcg1zrtkL3rHGHrj5PsfCjd0jXawxe4wMyRhUAt 11 | x5/DpUuyjfelLZn/VhTNi3M3b/QPRxeR4fDP4MCgQiE= 12 | -----END RSA PRIVATE KEY----- 13 | -------------------------------------------------------------------------------- /certs/root/root.srl: -------------------------------------------------------------------------------- 1 | FBB4E57B22B57781 2 | -------------------------------------------------------------------------------- /certs/server/server.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICuTCCAmMCCQD7tOV7IrV3gDANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJD 3 | TjEQMA4GA1UECBMHc2ljaHVhbjEQMA4GA1UEBxMHY2hlbmdkdTELMAkGA1UEChMC 4 | d3MxCzAJBgNVBAsTAndzMQ0wCwYDVQQDEwRyb290MSEwHwYJKoZIhvcNAQkBFhJy 5 | b290QHdvbmRlcnNvZnQuY24wHhcNMTUwMzA4MTcwNzU2WhcNMjUwMzA1MTcwNzU2 6 | WjCBgTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB3NpY2h1YW4xEDAOBgNVBAcTB2No 7 | ZW5nZHUxCzAJBgNVBAoTAndzMQswCQYDVQQLEwJ3czEPMA0GA1UEAxMGc2VydmVy 8 | MSMwIQYJKoZIhvcNAQkBFhRzZXJ2ZXJAd29uZGVyc29mdC5jbjCCASIwDQYJKoZI 9 | hvcNAQEBBQADggEPADCCAQoCggEBAM2WsnMmTb2nKMKS7IKMYd75wsBSBKiGAHBJ 10 | YIe2ZX4zpkrt+8CAq5jaIifzNK7QpI1279z2cRxeypqxqjXSSkzxTQSDylYGqQPF 11 | WvE7L80nBSwmTRhrGAAh018EHkZJDTOlTHmIsYz/o/RIqyOI+NCztssIiqQBG4Oy 12 | V5vJGjm7y/+hvPgTwxJd/L6BmNW4Rcay9772dVPHGDRyDMHMorLDS3CEgqsQc/rM 13 | p+vWkLgNW3m+h2a1znwYwHOJqkaFwoFxsIxUe2VpDwYU0fOGZMrfCBE3gNZK5rDv 14 | URgmUuhbSNiTZKleF2w1kZ4Rv8O4YvTrsW/Skfmg8L1vzwXGfoMCAwEAATANBgkq 15 | hkiG9w0BAQUFAANBABdeMhw6RBv26eoDqDaJderYcU3XgRfWsH7Eyvf4c/hpcpRT 16 | qrF1rSjH7Ka4wRAqC6uQFyFYkbbVF5+LD9qwtso= 17 | -----END CERTIFICATE----- 18 | -------------------------------------------------------------------------------- /certs/server/server.csr: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIICxzCCAa8CAQAwgYExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdzaWNodWFuMRAw 3 | DgYDVQQHEwdjaGVuZ2R1MQswCQYDVQQKEwJ3czELMAkGA1UECxMCd3MxDzANBgNV 4 | BAMTBnNlcnZlcjEjMCEGCSqGSIb3DQEJARYUc2VydmVyQHdvbmRlcnNvZnQuY24w 5 | ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNlrJzJk29pyjCkuyCjGHe 6 | +cLAUgSohgBwSWCHtmV+M6ZK7fvAgKuY2iIn8zSu0KSNdu/c9nEcXsqasao10kpM 7 | 8U0Eg8pWBqkDxVrxOy/NJwUsJk0YaxgAIdNfBB5GSQ0zpUx5iLGM/6P0SKsjiPjQ 8 | s7bLCIqkARuDslebyRo5u8v/obz4E8MSXfy+gZjVuEXGsve+9nVTxxg0cgzBzKKy 9 | w0twhIKrEHP6zKfr1pC4DVt5vodmtc58GMBziapGhcKBcbCMVHtlaQ8GFNHzhmTK 10 | 3wgRN4DWSuaw71EYJlLoW0jYk2SpXhdsNZGeEb/DuGL067Fv0pH5oPC9b88Fxn6D 11 | AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAFq8E/omHfyWO+POUAGVIh4giZ5yJ 12 | OEks5K7Tk6IT04mv+5TrpJleReJDLBKGiYyYGGq8l6NOFKLCmoEguPlg9Lg4Jf3B 13 | heRkP6Re4XYUophb57brZNo5lF0Pz/vkpky1Vj7bDwBBlNrvJUN7ooLzt31bibx0 14 | 7ajAsN54ZQllg6x7rQk8QZVstdYAg4yFCTLlCSbolFIQrixQ1Xqco2qGokpWW4i4 15 | HG2SXktfBaITewntDK2bqM5dR/FMf5bXlDYKQ/x+VgnbhDDIZ368kYlEkZ8aGZDd 16 | VzPKlM0UfnmfbTQla7SPFFpy3hMDJsYRY9Tli1NhTcxXRrEK29GjZ+gy+A== 17 | -----END CERTIFICATE REQUEST----- 18 | -------------------------------------------------------------------------------- /certs/server/server.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | Proc-Type: 4,ENCRYPTED 3 | DEK-Info: DES-EDE3-CBC,69B21B62CF094A9C 4 | 5 | xj8Lwzi9UvGjlTqhTZApX5KJhlTW6+f0gCC/9gR8aR2xYcrPyVDBfDR8xhdf3XeJ 6 | gZcyBV7396MRzrxpb0FPxvNXnXXBCGqUXo063XJj0M5fhI5KRBKvoowoLjbo1YPH 7 | oFuH+NGRWWz9lrCF9l3QbNJa8UaWP+RbbXHrwRg3/kuM2T8sKUnnw16xsIErqXPX 8 | ZZ7z+RkYO9h1FYw3qviYp2KnAOakhaYiBVX+PGNpTmyBedyb4zfbdSvcfu5MjfXm 9 | ACxLSsDYNWY2xvIox1AI+G9ogSJV0AlIf30FM/qacepTA7N6DgS6NM8SlF3pzBVH 10 | 1Ew2m7J3KMLfzTShc0F0v4rLnUhBvlnuqCglSOUrjQDWCdY535QLOxpKECr2K20Z 11 | 8xUZzdIJJGPR2zh6RvLxDWsAYOpoktvQAwxn69S76EKkI2GOcO3hdErGvff1Ej9r 12 | YFXtClToglGF/Im4DSm+45bGSvdiR0cvH53seIBv8Y1HPfDKqD9de39PaxJUPXuS 13 | FfnblBhOoNfl5WhnmvBnvEbhY/7k26d74W2oFEqmp+wAFHszi5SP2pWPL0yUcX5M 14 | FNh/LqOg7JBrhPPCOEjOK6b/ow4HriDWjQT0holvKICRUn4QisEL5QTQIsE6UVs4 15 | ZBb6CJ9xEPpz2tGx14C2Z+rzmfwMYw0W/vHKE6VvJZ2zToye8cjZNfuKEakAMwAw 16 | oMkLeakyTc1JgEXUoYnMFavGwzVOhxTLJ4dbWVrWwEjAQzKNFll2/Tj290a2ANEI 17 | 2rn0cPhHd+YIh6oH4RHN0hwD4FVbp1hTaN7HAOKpo9Gaw8bwPUXWyl9AqY2myW0W 18 | eVBbgD+WT1TSmioe8Xr0RSng4OwGrjNDsIwU7mQ212ODT9fGXRTRP3QFtk5rxgQ2 19 | 8nn2hOw4RZaO+EDUWSuw1qK9qInsHYAWJWNYHn7mf6rueQT4X7xP3/F9wTMCO9As 20 | iqZ+vOqlLyAA4yXwprhp0LfxiLXXWm6Rt0dtMXAogJhCtsWMcNF07f3kOCzST8zL 21 | wkOvL3kpmCMxy0UJSSMYTyFQLcsJJkyR6/9JqBqNrv0xOcxrsGf3Jti0rARoiHv8 22 | MTwgK3gvsC5OvJY2MSS+m9p8EUICvkElD303USp/hZS69rYtMMRxL/RtSmU90t6A 23 | ykXT48dyDqzr+BdJU7UOkUZz++IhPZg+oR9jov2lHlY4q+tEdQn29l0t2WCHuyB4 24 | 0AanW0ynAm9kKWq35v5ntmcwuUPmKZ612wtBER32mgWbQlio+ANK8RLscpKNQwIV 25 | p9irIRKCoCLs4rn3s5hxKW387CX9EBVLSJDZUPtYbrwK8wgt+27t7sfwOe3LJ6FJ 26 | 7oP4CeE7sOHzOzfgYIL/UIDqnk5piUa3batkzLDzF7mU9Z6Sqp4481OKqSZuYRDj 27 | 6zPzToJ57qqB/nxzrK2eyNs+gs2foO3M8twgCIL+fmx82EpAIuB3rRvOdBJ2DhOd 28 | SIgUppDSsbJyvVBYLP1DY05116pE0nfoscRGcF2Ds7YKijdZWAZwwCM6QV96KKjM 29 | VsrirRfPTFP/iXrVfaVwAz6NP7PM1tK8w8U9Tkmy00sBEbxItOt0sgfKGgDUvQGk 30 | -----END RSA PRIVATE KEY----- 31 | -------------------------------------------------------------------------------- /makefile: -------------------------------------------------------------------------------- 1 | LDFLAGS = -lssl 2 | 3 | all : ssl_client ssl_server 4 | 5 | ssl_client : ssl_client.o 6 | gcc -g $(LDFLAGS) $^ -o $@ 7 | ssl_server : ssl_server.o 8 | gcc -g $(LDFLAGS) $^ -o $@ 9 | 10 | ssl_client.o ssl_server.o : ssl_common.h 11 | 12 | .PHONY : clean 13 | clean : 14 | rm ssl_client ssl_server ssl_client.o ssl_server.o 15 | 16 | -------------------------------------------------------------------------------- /ssl_client.c: -------------------------------------------------------------------------------- 1 | /* 2 | *FileName : ssl_client.c 3 | *Author : JiangInk 4 | *Version : V0.1 5 | *Date : 2015.03.10 6 | */ 7 | 8 | /*****************************************************************************/ 9 | /*** ssl_client.c ***/ 10 | /*** ***/ 11 | /*** Demonstrate an SSL client. ***/ 12 | /*****************************************************************************/ 13 | 14 | #include 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include "ssl_common.h" 24 | 25 | /*---------------------------------------------------------------------*/ 26 | /*--- open_connection - create socket and connect to server. ---*/ 27 | /*---------------------------------------------------------------------*/ 28 | int open_connection(const char *hostname, int port) 29 | { 30 | int sd; 31 | struct hostent *host; 32 | struct sockaddr_in addr; 33 | 34 | if ( (host = gethostbyname(hostname)) == NULL ) 35 | { 36 | perror(hostname); 37 | abort(); 38 | } 39 | sd = socket(AF_INET, SOCK_STREAM, 0); 40 | bzero(&addr, sizeof(addr)); 41 | addr.sin_family = AF_INET; 42 | addr.sin_port = htons(port); 43 | addr.sin_addr.s_addr = *(long*)(host->h_addr); 44 | if ( connect(sd, (struct sockaddr*)&addr, sizeof(addr)) != 0 ) 45 | { 46 | close(sd); 47 | perror(hostname); 48 | abort(); 49 | } 50 | return sd; 51 | } 52 | 53 | /*---------------------------------------------------------------------*/ 54 | /*--- init_client_ctx - initialize the SSL engine. ---*/ 55 | /*---------------------------------------------------------------------*/ 56 | SSL_CTX* init_client_ctx(void) 57 | { 58 | SSL_METHOD *method; 59 | SSL_CTX *ctx; 60 | 61 | SSL_library_init(); /* init algorithms library */ 62 | OpenSSL_add_all_algorithms(); /* load & register all cryptos, etc. */ 63 | SSL_load_error_strings(); /* load all error messages */ 64 | //method = SSLv23_client_method(); /* create new server-method instance */ 65 | method = TLSv1_client_method(); 66 | ctx = SSL_CTX_new(method); /* create new context from method */ 67 | if ( ctx == NULL ) 68 | { 69 | ERR_print_errors_fp(stderr); 70 | abort(); 71 | } 72 | return ctx; 73 | } 74 | 75 | /*---------------------------------------------------------------------*/ 76 | /*--- verify_callback - SSL_CTX_set_verify callback function. ---*/ 77 | /*---------------------------------------------------------------------*/ 78 | int verify_callback(int ok, X509_STORE_CTX *store) 79 | { 80 | char data[256]; 81 | if (ok) 82 | { 83 | fprintf(stderr, "verify_callback\n{\n"); 84 | X509 *cert = X509_STORE_CTX_get_current_cert(store); 85 | int depth = X509_STORE_CTX_get_error_depth(store); 86 | int err = X509_STORE_CTX_get_error(store); 87 | 88 | fprintf(stderr, "certificate at depth: %i\n", depth); 89 | memset(data, 0, sizeof(data)); 90 | X509_NAME_oneline(X509_get_issuer_name(cert), data, 256); 91 | fprintf(stderr, "issuer = %s\n", data); 92 | X509_NAME_oneline(X509_get_subject_name(cert), data, 256); 93 | fprintf(stderr, "subject = %s\n", data); 94 | fprintf(stderr, "error status: %i:%s\n}\n", err, X509_verify_cert_error_string(err)); 95 | } 96 | return ok; 97 | } 98 | 99 | /*---------------------------------------------------------------------*/ 100 | /*--- load_certificates - load from files. ---*/ 101 | /*---------------------------------------------------------------------*/ 102 | void load_certificates(SSL_CTX* ctx, char* CaFile, char* CertFile, char* KeyFile) 103 | { 104 | #if 1 105 | /* set maximum depth for the certificate chain */ 106 | //SSL_CTX_set_verify_depth(ctx, 1); 107 | /* set verify mode*/ 108 | SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_callback); 109 | /* load CA certificate file */ 110 | if (SSL_CTX_load_verify_locations(ctx, CaFile, NULL) <=0) 111 | { 112 | ERR_print_errors_fp(stderr); 113 | abort(); 114 | } 115 | #endif 116 | /* set the local certificate from CertFile */ 117 | if ( SSL_CTX_use_certificate_file(ctx, CertFile, SSL_FILETYPE_PEM) <= 0 ) 118 | { 119 | ERR_print_errors_fp(stderr); 120 | abort(); 121 | } 122 | /* set server private key password */ 123 | SSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)PRIKEY_PASSWD); 124 | /* set the private key from KeyFile (may be the same as CertFile) */ 125 | if ( SSL_CTX_use_PrivateKey_file(ctx, KeyFile, SSL_FILETYPE_PEM) <= 0 ) 126 | { 127 | ERR_print_errors_fp(stderr); 128 | abort(); 129 | } 130 | /* verify private key */ 131 | if ( !SSL_CTX_check_private_key(ctx) ) 132 | { 133 | fprintf(stderr, "Private key does not match the public certificate\n"); 134 | abort(); 135 | } 136 | /* set SSL cipher type */ 137 | //SSL_CTX_set_cipher_list(ctx, ALGO_TYPE); 138 | } 139 | 140 | /*---------------------------------------------------------------------*/ 141 | /*--- show_certs_info - print out the certificates. ---*/ 142 | /*---------------------------------------------------------------------*/ 143 | void show_certs_info(SSL* ssl) 144 | { X509 *cert; 145 | char *line; 146 | 147 | cert = SSL_get_peer_certificate(ssl); /* get the server's certificate */ 148 | if ( cert != NULL ) 149 | { 150 | printf("Server certificates:\n"); 151 | line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0); 152 | printf("Subject: %s\n", line); 153 | free(line); /* free the malloc'ed string */ 154 | line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0); 155 | printf("Issuer: %s\n", line); 156 | free(line); /* free the malloc'ed string */ 157 | X509_free(cert); /* free the malloc'ed certificate copy */ 158 | } 159 | else 160 | printf("No certificates.\n"); 161 | } 162 | 163 | /*---------------------------------------------------------------------*/ 164 | /*--- main - create SSL context and connect ---*/ 165 | /*---------------------------------------------------------------------*/ 166 | int main(int count, char *strings[]) 167 | { 168 | SSL_CTX *ctx; 169 | int server; 170 | SSL *ssl; 171 | char buf[1024]; 172 | int bytes; 173 | char *hostname, *portnum; 174 | 175 | if ( count != 3 ) 176 | { 177 | printf("usage: %s \n", strings[0]); 178 | exit(0); 179 | } 180 | hostname = strings[1]; 181 | portnum = strings[2]; 182 | 183 | ctx = init_client_ctx(); /* initialize SSL */ 184 | load_certificates(ctx, ROOTCERTF, CLIENT_CERT, CLIENT_KEYF); /* load certs */ 185 | server = open_connection(hostname, atoi(portnum)); 186 | ssl = SSL_new(ctx); /* create new SSL connection state */ 187 | SSL_set_fd(ssl, server); /* attach the socket descriptor */ 188 | if ( SSL_connect(ssl) == FAIL ) /* perform the connection */ 189 | { 190 | ERR_print_errors_fp(stderr); 191 | } 192 | else 193 | { 194 | char *msg = "Hi! I am Client!"; 195 | 196 | printf("Connected with %s encryption\n", SSL_get_cipher(ssl)); 197 | show_certs_info(ssl); /* get any certs */ 198 | SSL_write(ssl, msg, strlen(msg)); /* encrypt & send message */ 199 | memset(buf, 0, sizeof(buf)); 200 | bytes = SSL_read(ssl, buf, sizeof(buf)-1); /* get reply & decrypt */ 201 | buf[bytes] = '\0'; 202 | printf("Server msg: \"%s\"\n", buf); 203 | SSL_shutdown(ssl); /* shutdown SSL link */ 204 | SSL_free(ssl); /* release connection state */ 205 | } 206 | close(server); /* close socket */ 207 | SSL_CTX_free(ctx); /* release context */ 208 | 209 | return 0; 210 | } 211 | -------------------------------------------------------------------------------- /ssl_common.h: -------------------------------------------------------------------------------- 1 | /* 2 | *FileName : ssl_common.h 3 | *Author : JiangInk 4 | *Version : V0.1 5 | *Date : 2015.03.10 6 | */ 7 | 8 | #ifndef _SSL_COMMON_H_ 9 | #define _SSL_COMMON_H_ 10 | 11 | #define FAIL -1 12 | #define MAXBUF 1024 13 | #define PRIKEY_PASSWD "123456" //prikey password 14 | #define ALGO_TYPE "RC4-MD5" //algorithm type 15 | #define SERVER_CERT "certs/server/server.crt" //server cert file 16 | #define SERVER_KEYF "certs/server/server.key" //server key file 17 | #define CLIENT_CERT "certs/client/client.crt" //client cert file 18 | #define CLIENT_KEYF "certs/client/client.key" //client key file 19 | #define ROOTCERTF "certs/root/root.crt" //root cert file 20 | #define SERVERHTML \ 21 | "\n" \ 22 | "\n" \ 23 | "

Client Request:

\n" \ 24 | "

\n{\n%s\n}\n

\n" \ 25 | "
\n" \ 26 | "

Server Response:

\n" \ 27 | "

\n{\nHello! I am Server!\n}\n

\n" \ 28 | "\n" \ 29 | "" 30 | 31 | 32 | #endif /* !_SSL_COMMON_H_ */ 33 | 34 | -------------------------------------------------------------------------------- /ssl_server.c: -------------------------------------------------------------------------------- 1 | /* 2 | *FileName : ssl_server.c 3 | *Author : JiangInk 4 | *Version : V0.1 5 | *Date : 2015.03.10 6 | */ 7 | 8 | /*****************************************************************************/ 9 | /*** ssl_server.c ***/ 10 | /*** ***/ 11 | /*** Demonstrate an SSL server. ***/ 12 | /*****************************************************************************/ 13 | 14 | #include 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include "ssl_common.h" 23 | 24 | /*---------------------------------------------------------------------*/ 25 | /*--- open_listener - create server socket ---*/ 26 | /*---------------------------------------------------------------------*/ 27 | int open_listener(int port) 28 | { 29 | int sd; 30 | struct sockaddr_in addr; 31 | 32 | sd = socket(AF_INET, SOCK_STREAM, 0); 33 | bzero(&addr, sizeof(addr)); 34 | addr.sin_family = AF_INET; 35 | addr.sin_port = htons(port); 36 | addr.sin_addr.s_addr = INADDR_ANY; 37 | if ( bind(sd, (struct sockaddr*)&addr, sizeof(addr)) != 0 ) 38 | { 39 | perror("can't bind port"); 40 | abort(); 41 | } 42 | if ( listen(sd, 10) != 0 ) 43 | { 44 | perror("Can't configure listening port"); 45 | abort(); 46 | } 47 | return sd; 48 | } 49 | 50 | /*---------------------------------------------------------------------*/ 51 | /*--- init_server_ctx - initialize SSL server and create contexts ---*/ 52 | /*---------------------------------------------------------------------*/ 53 | SSL_CTX* init_server_ctx(void) 54 | { 55 | SSL_METHOD *method; 56 | SSL_CTX *ctx; 57 | 58 | SSL_library_init(); /* init algorithms library */ 59 | OpenSSL_add_all_algorithms(); /* load & register all cryptos, etc. */ 60 | SSL_load_error_strings(); /* load all error messages */ 61 | //method = SSLv23_server_method(); /* create new server-method instance */ 62 | method = TLSv1_server_method(); 63 | ctx = SSL_CTX_new(method); /* create new context from method */ 64 | if ( ctx == NULL ) 65 | { 66 | ERR_print_errors_fp(stderr); 67 | abort(); 68 | } 69 | return ctx; 70 | } 71 | 72 | /*---------------------------------------------------------------------*/ 73 | /*--- verify_callback - SSL_CTX_set_verify callback function. ---*/ 74 | /*---------------------------------------------------------------------*/ 75 | int verify_callback(int ok, X509_STORE_CTX *store) 76 | { 77 | char data[256]; 78 | if (ok) 79 | { 80 | fprintf(stderr, "verify_callback\n{\n"); 81 | X509 *cert = X509_STORE_CTX_get_current_cert(store); 82 | int depth = X509_STORE_CTX_get_error_depth(store); 83 | int err = X509_STORE_CTX_get_error(store); 84 | 85 | fprintf(stderr, "certificate at depth: %i\n", depth); 86 | memset(data, 0, sizeof(data)); 87 | X509_NAME_oneline(X509_get_issuer_name(cert), data, 256); 88 | fprintf(stderr, "issuer = %s\n", data); 89 | X509_NAME_oneline(X509_get_subject_name(cert), data, 256); 90 | fprintf(stderr, "subject = %s\n", data); 91 | fprintf(stderr, "error status: %i:%s\n}\n", err, X509_verify_cert_error_string(err)); 92 | } 93 | return ok; 94 | } 95 | 96 | /*---------------------------------------------------------------------*/ 97 | /*--- load_certificates - load from files. ---*/ 98 | /*---------------------------------------------------------------------*/ 99 | void load_certificates(SSL_CTX* ctx, char* CaFile, char* CertFile, char* KeyFile) 100 | { 101 | #if 1 102 | /* set maximum depth for the certificate chain */ 103 | //SSL_CTX_set_verify_depth(ctx, 1); 104 | /* set voluntary certification mode*/ 105 | SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); 106 | /* set mandatory certification mode*/ 107 | //SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback); 108 | /* load CA certificate file */ 109 | if (SSL_CTX_load_verify_locations(ctx, CaFile, NULL) <=0) 110 | { 111 | ERR_print_errors_fp(stderr); 112 | abort(); 113 | } 114 | #endif 115 | /* set the local certificate from CertFile */ 116 | if ( SSL_CTX_use_certificate_file(ctx, CertFile, SSL_FILETYPE_PEM) <= 0 ) 117 | { 118 | ERR_print_errors_fp(stderr); 119 | abort(); 120 | } 121 | /* set server private key password */ 122 | SSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)PRIKEY_PASSWD); 123 | /* set the private key from KeyFile (may be the same as CertFile) */ 124 | if ( SSL_CTX_use_PrivateKey_file(ctx, KeyFile, SSL_FILETYPE_PEM) <= 0 ) 125 | { 126 | ERR_print_errors_fp(stderr); 127 | abort(); 128 | } 129 | /* verify private key */ 130 | if ( !SSL_CTX_check_private_key(ctx) ) 131 | { 132 | fprintf(stderr, "Private key does not match the public certificate\n"); 133 | abort(); 134 | } 135 | /* set SSL cipher type */ 136 | SSL_CTX_set_cipher_list(ctx, ALGO_TYPE); 137 | } 138 | 139 | /*---------------------------------------------------------------------*/ 140 | /*--- show_certs_info - print out certificates. ---*/ 141 | /*---------------------------------------------------------------------*/ 142 | void show_certs_info(SSL* ssl) 143 | { 144 | X509 *cert; 145 | char *line; 146 | 147 | /* Get connect use algorithm type */ 148 | //printf("SSL connection using %s\n", SSL_get_cipher(ssl)); 149 | /* Get certificates (if available) */ 150 | cert = SSL_get_peer_certificate(ssl); 151 | if ( cert != NULL ) 152 | { 153 | printf("Server certificates:\n"); 154 | line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0); 155 | printf("Subject: %s\n", line); 156 | free(line); 157 | line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0); 158 | printf("Issuer: %s\n", line); 159 | free(line); 160 | X509_free(cert); 161 | } 162 | else 163 | printf("No certificates.\n"); 164 | } 165 | 166 | /*---------------------------------------------------------------------*/ 167 | /*--- server_handler - SSL servlet ---*/ 168 | /*---------------------------------------------------------------------*/ 169 | void server_handler(SSL* ssl) /* Serve the connection -- threadable */ 170 | { 171 | char buf[1024]; 172 | char reply[1280]; 173 | int sd, bytes; 174 | 175 | if (FAIL == SSL_accept(ssl)) /* do SSL-protocol accept */ 176 | { 177 | ERR_print_errors_fp(stderr); 178 | } 179 | else 180 | { 181 | show_certs_info(ssl); /* get any certificates */ 182 | bytes = SSL_read(ssl, buf, sizeof(buf)-1); /* get request */ 183 | if (FAIL == bytes) 184 | { 185 | ERR_print_errors_fp(stderr); 186 | } 187 | buf[bytes] = '\0'; 188 | printf("Client msg: \"%s\"\n", buf); 189 | snprintf(reply, sizeof(reply), SERVERHTML, buf); 190 | bytes = SSL_write(ssl, reply, strlen(reply)); /* send reply */ 191 | if (FAIL == bytes) 192 | { 193 | ERR_print_errors_fp(stderr); 194 | } 195 | } 196 | sd = SSL_get_fd(ssl); /* get socket connection */ 197 | //SSL_shutdown(ssl); /* shutdown SSL link */ 198 | SSL_free(ssl); /* release SSL state */ 199 | close(sd); /* close connection */ 200 | } 201 | 202 | /*---------------------------------------------------------------------*/ 203 | /*--- main - create SSL socket server. ---*/ 204 | /*---------------------------------------------------------------------*/ 205 | int main(int count, char *strings[]) 206 | { 207 | SSL_CTX *ctx; 208 | int server; 209 | char *portnum; 210 | 211 | if ( count != 2 ) 212 | { 213 | printf("Usage: %s \n", strings[0]); 214 | exit(0); 215 | } 216 | portnum = strings[1]; 217 | ctx = init_server_ctx(); /* initialize SSL */ 218 | load_certificates(ctx, ROOTCERTF, SERVER_CERT, SERVER_KEYF); /* load certs */ 219 | server = open_listener(atoi(portnum)); /* create server socket */ 220 | while (1) 221 | { struct sockaddr_in addr; 222 | int len = sizeof(addr); 223 | SSL *ssl; 224 | /* accept connection as usual */ 225 | int client = accept(server, (struct sockaddr*)&addr, &len); 226 | printf("Connection: %s:%d\n", 227 | inet_ntoa(addr.sin_addr), ntohs(addr.sin_port)); 228 | ssl = SSL_new(ctx); /* get new SSL state with context */ 229 | SSL_set_fd(ssl, client); /* set connection socket to SSL state */ 230 | server_handler(ssl); /* service connection */ 231 | } 232 | close(server); /* close server socket */ 233 | SSL_CTX_free(ctx); /* release context */ 234 | 235 | return 0; 236 | } 237 | --------------------------------------------------------------------------------