我必須在c中編寫這些代碼。我已經生成了一個由openssl生成的終止t1:t1.pem的證書。終端t1和t2之間的通信已經通過c中的套接字建立。用c中的套接字傳輸和驗證證書(openssl)
現在我想發送這個證書到另一個終止t2.and我想t2接收證書,驗證它並回答t1接受。當t1得到這個接受,它將其餘的東西..
但我不知道如何做這些事情。
例如,我將t1.pem作爲字符串傳輸?但在t2方面,我該如何確認?我知道openssl有這樣的功能,但我不太清楚。最後,通常情況下,接受應該如何?
@。@ ...很多問題在這裏..對不起...如果有人可以給我一些指導.. 非常感謝提前!
如果您嘗試使用openssl建立通信,請看這OpenSSL tutorial。
這裏有一些你的出發筆記...
server
{
SSL_CTX_new()
SSL_CTX_* set_cipher_list,set_mode,set_options
SSL_CTX_* set_default_passwd_cb,use_certificate_file,use_PrivateKey_file etc
SSL_new()
SSL_set_fd(,socket)
SSL_set_accept_state()
SSL_read()/SSL_write()
SSL_shutdown()
SSL_free()
SSL_CTX_free()
}
client
{
SSL_CTX_new()
SSL_CTX_* set_cipher_list,set_mode,options
SSL_CTX_* load_verify_locations,set_verify etc
SSL_new()
SSL_set_fd(,socket)
SSL_set_connect_state()
SSL_read()/SSL_write()
SSL_shutdown()
SSL_free()
SSL_CTX_free()
}
這裏是一個示例代碼,應該可以幫助您:
服務器
#include <sys/types.h>
#include <sys/socket.h>
#include <stdio.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <stdlib.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
int main()
{
int server_sockfd, client_sockfd;
int server_len, client_len;
struct sockaddr_in server_address;
struct sockaddr_in client_address;
int result = 0;
//ssl initiation
SSL_library_init();
SSL_load_error_strings();
SSL_METHOD *meth = SSLv3_server_method();
SSL_CTX *ctx = SSL_CTX_new(meth);
SSL_CTX_use_certificate_file(ctx, "server_crt.pem", SSL_FILETYPE_PEM);
SSL_CTX_use_PrivateKey_file(ctx, "server_key.pem", SSL_FILETYPE_PEM);
//unnamed socket
server_sockfd = socket(AF_INET, SOCK_STREAM, 0);
//naming
server_address.sin_family = AF_INET;
server_address.sin_addr.s_addr = htonl(INADDR_ANY);
server_address.sin_port = htons(9734);
server_len = sizeof(server_address);
result = bind(server_sockfd, (struct sockaddr *)&server_address, server_len);
if(result<0)
{
printf("\nBinding Error");
}
//connection
listen(server_sockfd, 5);
while(1)
{
char ch;
printf("server waiting\n");
//accept connection
client_len = sizeof(client_address);
client_sockfd = accept(server_sockfd, (struct sockaddr *)&client_address, &client_len);
printf("\nConnected\n");
SSL* ssl;
ssl = SSL_new(ctx);
SSL_set_fd(ssl, client_sockfd);
//handshake
SSL_accept(ssl);
printf("\nHandshake Done\n");
//exchage message
result = SSL_read(ssl, &ch, sizeof(ch));
if(result<0)
{
printf("\nreading Error");
}
++ch;
result = SSL_write(ssl, &ch, sizeof(ch));
if(result<0)
{
printf("\nwriting Error");
}
close(client_sockfd);
}
}
客戶
#include <sys/types.h>
#include <sys/socket.h>
#include <stdio.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <stdlib.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
void check_cert(SSL* ssl)
{
//ssl initiation
/*SSL_library_init();
SSL_load_error_strings();
const SSL_METHOD *meth;
meth = SSLv3_method();
SSL_CTX *ctx;
SSL *_ssl;
ctx = SSL_CTX_new(meth);*/
}
int main()
{
int sockfd;
int len;
struct sockaddr_in address;
int result=0;
char ch = 'A';
//ssl initiation
SSL_library_init();
SSL_load_error_strings();
SSL_METHOD *meth;
meth = SSLv3_client_method();
SSL_CTX *ctx;
SSL* ssl;
ctx = SSL_CTX_new(meth);
result = SSL_CTX_load_verify_locations(ctx, "cacert.pem", 0);
//result = SSL_CTX_load_verify_locations(ctx, NULL, "/home/cdac/Desktop/test/cert");
printf("\nCA load result = %d\n", result);
printf("\nSSL initialized");
//socket for client
sockfd = socket(AF_INET, SOCK_STREAM, 0);
//naming socket
address.sin_family = AF_INET;
address.sin_addr.s_addr = inet_addr("127.0.0.1");
address.sin_port = htons(9734);
len = sizeof(address);
printf("length====\n%d",len);
printf("Socket done\n");
//connecting server
result = connect(sockfd, (struct sockaddr *)&address, len);
if(result <0)
{
perror("oops: client\n");
exit(1);
}
else
{
printf("Socket Connected\n");
}
//ssl-ing the connection
ssl = SSL_new(ctx);
BIO *sbio;
sbio = BIO_new(BIO_s_socket());
BIO_set_fd(sbio, sockfd, BIO_NOCLOSE);
SSL_set_bio(ssl, sbio, sbio);
//SSL_CTX_set_verify_depth(ctx, 1);
//SSL_set_fd(ssl, sockfd);
result = SSL_connect(ssl);
printf("SSL_connect: %d\n", result);
if(SSL_get_peer_certificate(ssl)!=NULL)
{
//check cert
//check_cert(ssl);
//getting the CA certificate
//_ssl = SSL_new(ctx);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
int result_long = SSL_get_verify_result(ssl);
printf("\nCertificate Check Result: %d", result_long);
if (SSL_get_verify_result(ssl) != X509_V_OK)
{
printf("\nCertiticate Verification Failed\n");
return 0;
//exit(1);
}
else
{
printf("\nCertiticate Verification Succeeded");
}
}
//taking input
printf("\nSay Char: \n");
scanf("%c",&ch);
//exchanging data
SSL_write(ssl, &ch, 1);
SSL_read(ssl, &ch, 1);
printf("char from server = %c\n", ch);
SSL_shutdown(ssl);
close(sockfd);
exit(0);
}
該代碼簡單明瞭。