从配置文件中读参数, 建立TLS服务器, 死等客户端来连接. 客户端连接后, 打印客户端发来的内容.
配置文件格式有要求
# Example config module configuration
# Name supplied by application to CONF_modules_load_file
# and section containing configuration
testapp = test_sect
# Comment out the next line to ignore configuration errors
config_diagnostics = 1
[test_sect]
# list of configuration modules
# SSL configuration module
ssl_conf = ssl_sect
[ssl_sect]
# list of SSL configurations
server = server_sect
[server_sect]
# Only support 3 curves
Curves = P-521:P-384:P-256
# Restricted signature algorithms
SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512
# Certificates and keys
RSA.Certificate=server.pem
ECDSA.Certificate=server-ec.pem
如果exe同级目录的2个.pem没摆全, 从配置文件中读取配置建立TLS服务器就会失败.
/*!
\file server-cmod.c
\brief 从配置文件中读参数, 建立TLS服务器, 死等客户端来连接. 客户端连接后, 打印客户端发来的内容.
配置文件格式有要求
*/
/*
* Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* A minimal TLS server it ses SSL_CTX_config and a configuration file to
* set most server parameters.
*/
#include <stdio.h>
#include <signal.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/conf.h>
#include "my_openSSL_lib.h"
int main(int argc, char *argv[])
{
unsigned char buf[512];
char *psz_port = "*:4433";
BIO *bio_in = NULL;
BIO *bio_ssl, *bio_tmp;
SSL_CTX *ctx_ssl;
int ret = EXIT_FAILURE, i;
ctx_ssl = SSL_CTX_new(TLS_server_method());
/*! testapp = test_sect */
if (CONF_modules_load_file("cmod.cnf", "testapp", 0) <= 0) {
fprintf(stderr, "Error processing config file\n");
goto err;
}
/*!
如果配置文件中指定的pem没放到程序工作目录, 会失败
RSA.Certificate=server.pem
ECDSA.Certificate=server-ec.pem
*/
if (SSL_CTX_config(ctx_ssl, "server") == 0) {
fprintf(stderr, "Error configuring server.\n");
goto err;
}
/* Setup server side SSL bio */
bio_ssl = BIO_new_ssl(ctx_ssl, 0);
if ((bio_in = BIO_new_accept(psz_port)) == NULL)
goto err;
/*
* This means that when a new connection is accepted on 'in', The ssl_bio
* will be 'duplicated' and have the new socket BIO push into it.
* Basically it means the SSL BIO will be automatically setup
*/
BIO_set_accept_bios(bio_in, bio_ssl);
again:
/*
* The first call will setup the accept socket, and the second will get a
* socket. In this loop, the first actual accept will occur in the
* BIO_read() function.
*/
if (BIO_do_accept(bio_in) <= 0)
goto err;
for (;;) {
i = BIO_read(bio_in, buf, sizeof(buf));
if (i == 0) {
/*
* If we have finished, remove the underlying BIO stack so the
* next time we call any function for this BIO, it will attempt
* to do an accept
*/
printf("Done\n");
bio_tmp = BIO_pop(bio_in);
BIO_free_all(bio_tmp);
goto again;
}
if (i < 0) {
if (BIO_should_retry(bio_in))
continue;
goto err;
}
fwrite(buf, 1, i, stdout);
fflush(stdout);
}
ret = EXIT_SUCCESS;
err:
if (ret != EXIT_SUCCESS)
ERR_print_errors_fp(stderr);
BIO_free(bio_in);
return ret;
}