Linux下OpenSSL-1.0.0 c编写OpenSSL服务器和客户端 - linux编程基础

TOP

Linux下OpenSSL-1.0.0 c编写OpenSSL服务器和客户端(一)

2014-11-24 11:07:45 来源: 作者: 【大中小】浏览:0次

Tags：Linux OpenSSL-1.0.0 编写 OpenSSL 服务器客户端

ca.crt为自签名证书；
server.crt，server.key为服务器端的证书和私钥文件；
proxy.crt，proxy.key为代理服务器端的证书和私钥文件；
client.crt，client.key为客户端的证书和私钥文件。

#产生CA自签名证书
openssl genrsa -out ./private/ca.key -rand ./private/.rnd -des 2048
openssl req -new -x509 -days 3650 -key ./private/ca.key -out ./private/ca.crt -config openssl.cnf
openssl x509 -in ./private/ca.crt -noout -text

#产生server的证书过程
openssl genrsa -out ./private/server.key 1024
openssl req -new -key ./private/server.key -out ./newcerts/server.csr -config openssl.cnf
openssl ca -in ./newcerts/server.csr -cert ./private/ca.crt -keyfile ./private/ca.key -config openssl.cnf -policy policy_anything -out ./certs/server.crt
openssl x509 -in ./certs/server.crt -noout -text

#产生proxy的证书过程
openssl genrsa -out ./private/proxy.key 1024
openssl req -new -key ./private/proxy.key -out ./newcerts/proxy.csr -config openssl.cnf
openssl ca -in ./newcerts/proxy.csr -cert ./private/ca.crt -keyfile ./private/ca.key -config openssl.cnf -policy policy_anything -out ./certs/proxy.crt
openssl x509 -in ./certs/proxy.crt -noout -text

#产生client的证书过程
openssl genrsa -out ./private/client.key 1024
openssl req -new -key ./private/client.key -out ./newcerts/client.csr -config openssl.cnf
openssl ca -in ./newcerts/client.csr -cert ./private/ca.crt -keyfile ./private/ca.key -config openssl.cnf -policy policy_anything -out ./certs/client.crt
openssl x509 -in ./certs/client.crt -noout -text

//client
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include

#define PORT 443
#define SERVER "127.0.0.1"
#define CACERT "./private/ca.crt"
#define MYCERTF "./certs/proxy.crt"
#define MYKEYF "./private/proxy.key"
#define MSGLENGTH 1024
int
main ()
{
struct sockaddr_in sin;
int seed_int[100];

SSL *ssl;
SSL_METHOD *meth;
SSL_CTX *ctx;

int i;

OpenSSL_add_ssl_algorithms ();
SSL_load_error_strings ();
meth = (SSL_METHOD *) TLSv1_client_method ();
ctx = SSL_CTX_new (meth);
if (NULL == ctx)
exit (1);
SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER, NULL);
SSL_CTX_load_verify_locations (ctx, CACERT, NULL);
if (0 == SSL_CTX_use_certificate_file (ctx, MYCERTF, SSL_FILETYPE_PEM))
{
ERR_print_errors_fp (stderr);
exit (1);
}
if (0 == SSL_CTX_use_PrivateKey_file (ctx, MYKEYF, SSL_FILETYPE_PEM))
{
ERR_print_errors_fp (stderr);
exit (1);
}
if (!SSL_CTX_check_private_key (ctx))
{
printf ("Private key does not match the certificate public key/n");
exit (1);
}
srand ((unsigned) time (NULL));
for (i = 0; i < 100; i++)
seed_int[i] = rand ();
RAND_seed (seed_int, sizeof (seed_int));
SSL_CTX_set_cipher_list (ctx, "RC4-MD5");
SSL_CTX_set_mode (ctx, SSL_MODE_AUTO_RETRY);
int sock;
printf ("Begin tcp socket.../n");
sock = socket (AF_INET, SOCK_STREAM, 0);
if (sock == -1)
{
printf ("SOCKET error. /n");
}
memset (&sin, '/0', sizeof (sin));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = inet_addr (SERVER); /* Server IP */
sin.sin_port = htons (PORT); /* Server Port number */
int icnn = connect (sock, (struct sockaddr *) &sin, sizeof (sin));
if (icnn == -1)
{
printf ("can not connect to server,%s/n", strerror (errno));
exit (1);
}
ssl = SSL_new (ctx);
if (NULL == ssl)
exit (1);
if (0 >= SSL_set_fd (ssl, sock))
{
printf ("Attach to Line fail!/n");
exit (1);
}
int k = SSL_connect (ssl);
if (0 == k)
{
printf ("%d/n", k);
printf ("SSL connect fail!/n");
exit (1);
}
printf ("connect to server/n");
char sendmsg[MSGLENGTH] = "/0";
char revmsg[MSGLENGTH] = "/

首页上一页 1 2 3 下一页尾页 1/3/3
【大中小】【打印】【繁体】【投稿】【收藏】【推荐】【举报】【评论】【关闭】【返回顶部】
分享到:
上一篇：在Ubuntu 11.04下编写驱动程序	下一篇：Linux下和core说再见之：栈溢出

帐　　号:

密码: (新用户注册)

验证码:

表　　情:

内　　容: