1 /* serv.cpp - Minimal ssleay server for Unix
2 30.9.1996, Sampo Kellomaki <sampo@iki.fi> */
3
4
5 /* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b
6 Simplified to be even more minimal
7 12/98 - 4/99 Wade Scholine <wades@mail.cybg.com> */
8
9 #include <stdio.h>
10 #include <unistd.h>
11 #include <stdlib.h>
12 #include <memory.h>
13 #include <errno.h>
14 #include <sys/types.h>
15 #include <sys/socket.h>
16 #include <netinet/in.h>
17 #include <arpa/inet.h>
18 #include <netdb.h>
19
20 #include <openssl/rsa.h> /* SSLeay stuff */
21 #include <openssl/crypto.h>
22 #include <openssl/x509.h>
23 #include <openssl/pem.h>
24 #include <openssl/ssl.h>
25 #include <openssl/err.h>
26
27
28 /* define HOME to be dir for key and cert files... */
29 #define HOME "./"
30 /* Make these what you want for cert & key files */
31 #define CERTF HOME "foo-cert.pem"
32 #define KEYF HOME "foo-cert.pem"
33
34
35 #define CHK_NULL(x) if ((x)==NULL) exit (1)
36 #define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
37 #define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
38
main()39 void main ()
40 {
41 int err;
42 int listen_sd;
43 int sd;
44 struct sockaddr_in sa_serv;
45 struct sockaddr_in sa_cli;
46 size_t client_len;
47 SSL_CTX* ctx;
48 SSL* ssl;
49 X509* client_cert;
50 char* str;
51 char buf [4096];
52 SSL_METHOD *meth;
53
54 /* SSL preliminaries. We keep the certificate and key with the context. */
55
56 SSL_load_error_strings();
57 SSLeay_add_ssl_algorithms();
58 meth = SSLv23_server_method();
59 ctx = SSL_CTX_new (meth);
60 if (!ctx) {
61 ERR_print_errors_fp(stderr);
62 exit(2);
63 }
64
65 if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) {
66 ERR_print_errors_fp(stderr);
67 exit(3);
68 }
69 if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) {
70 ERR_print_errors_fp(stderr);
71 exit(4);
72 }
73
74 if (!SSL_CTX_check_private_key(ctx)) {
75 fprintf(stderr,"Private key does not match the certificate public key\n");
76 exit(5);
77 }
78
79 /* ----------------------------------------------- */
80 /* Prepare TCP socket for receiving connections */
81
82 listen_sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(listen_sd, "socket");
83
84 memset (&sa_serv, '\0', sizeof(sa_serv));
85 sa_serv.sin_family = AF_INET;
86 sa_serv.sin_addr.s_addr = INADDR_ANY;
87 sa_serv.sin_port = htons (1111); /* Server Port number */
88
89 err = bind(listen_sd, (struct sockaddr*) &sa_serv,
90 sizeof (sa_serv)); CHK_ERR(err, "bind");
91
92 /* Receive a TCP connection. */
93
94 err = listen (listen_sd, 5); CHK_ERR(err, "listen");
95
96 client_len = sizeof(sa_cli);
97 sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len);
98 CHK_ERR(sd, "accept");
99 close (listen_sd);
100
101 printf ("Connection from %lx, port %x\n",
102 sa_cli.sin_addr.s_addr, sa_cli.sin_port);
103
104 /* ----------------------------------------------- */
105 /* TCP connection is ready. Do server side SSL. */
106
107 ssl = SSL_new (ctx); CHK_NULL(ssl);
108 SSL_set_fd (ssl, sd);
109 err = SSL_accept (ssl); CHK_SSL(err);
110
111 /* Get the cipher - opt */
112
113 printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
114
115 /* Get client's certificate (note: beware of dynamic allocation) - opt */
116
117 client_cert = SSL_get_peer_certificate (ssl);
118 if (client_cert != NULL) {
119 printf ("Client certificate:\n");
120
121 str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
122 CHK_NULL(str);
123 printf ("\t subject: %s\n", str);
124 OPENSSL_free (str);
125
126 str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0);
127 CHK_NULL(str);
128 printf ("\t issuer: %s\n", str);
129 OPENSSL_free (str);
130
131 /* We could do all sorts of certificate verification stuff here before
132 deallocating the certificate. */
133
134 X509_free (client_cert);
135 } else
136 printf ("Client does not have certificate.\n");
137
138 /* DATA EXCHANGE - Receive message and send reply. */
139
140 err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);
141 buf[err] = '\0';
142 printf ("Got %d chars:'%s'\n", err, buf);
143
144 err = SSL_write (ssl, "I hear you.", strlen("I hear you.")); CHK_SSL(err);
145
146 /* Clean up. */
147
148 close (sd);
149 SSL_free (ssl);
150 SSL_CTX_free (ctx);
151 }
152 /* EOF - serv.cpp */
153