demos/ssl/inetdsrv.cpp

*ebfedea0SLionel Sambuc/* inetdserv.cpp  -  Minimal ssleay server for Unix inetd.conf
*ebfedea0SLionel Sambuc * 30.9.1996, Sampo Kellomaki <sampo@iki.fi>
*ebfedea0SLionel Sambuc * From /etc/inetd.conf:
*ebfedea0SLionel Sambuc *     1111 stream tcp nowait sampo /usr/users/sampo/demo/inetdserv inetdserv
*ebfedea0SLionel Sambuc */
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambuc#include <stdio.h>
*ebfedea0SLionel Sambuc#include <errno.h>
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambuc#include "rsa.h"       /* SSLeay stuff */
*ebfedea0SLionel Sambuc#include <openssl/crypto.h>
*ebfedea0SLionel Sambuc#include <openssl/x509.h>
*ebfedea0SLionel Sambuc#include <openssl/pem.h>
*ebfedea0SLionel Sambuc#include <openssl/ssl.h>
*ebfedea0SLionel Sambuc#include <openssl/err.h>
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambuc#define HOME "/usr/users/sampo/demo/"
*ebfedea0SLionel Sambuc#define CERTF HOME "plain-cert.pem"
*ebfedea0SLionel Sambuc#define KEYF  HOME "plain-key.pem"
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambuc#define CHK_NULL(x) if ((x)==NULL) exit (1)
*ebfedea0SLionel Sambuc#define CHK_ERR(err,s) if ((err)==-1) \
*ebfedea0SLionel Sambuc                         { fprintf(log, "%s %d\n", (s), errno); exit(1); }
*ebfedea0SLionel Sambuc#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(log); exit(2); }
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambucvoid main ()
*ebfedea0SLionel Sambuc{
*ebfedea0SLionel Sambuc  int err;
*ebfedea0SLionel Sambuc  SSL_CTX* ctx;
*ebfedea0SLionel Sambuc  SSL*     ssl;
*ebfedea0SLionel Sambuc  X509*    client_cert;
*ebfedea0SLionel Sambuc  char*    str;
*ebfedea0SLionel Sambuc  char     buf [4096];
*ebfedea0SLionel Sambuc  FILE* log;
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambuc  log = fopen ("/dev/console", "a");                     CHK_NULL(log);
*ebfedea0SLionel Sambuc  fprintf (log, "inetdserv %ld\n", (long)getpid());
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambuc  SSL_load_error_strings();
*ebfedea0SLionel Sambuc  ctx = SSL_CTX_new (); CHK_NULL(ctx);
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambuc  err = SSL_CTX_use_RSAPrivateKey_file (ctx, KEYF,  SSL_FILETYPE_PEM);
*ebfedea0SLionel Sambuc  CHK_SSL (err);
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambuc  err = SSL_CTX_use_certificate_file   (ctx, CERTF, SSL_FILETYPE_PEM);
*ebfedea0SLionel Sambuc  CHK_SSL (err);
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambuc  /* inetd has already opened the TCP connection, so we can get right
*ebfedea0SLionel Sambuc     down to business. */
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambuc  ssl = SSL_new (ctx);  CHK_NULL(ssl);
*ebfedea0SLionel Sambuc  SSL_set_fd (ssl,  fileno(stdin));
*ebfedea0SLionel Sambuc  err = SSL_accept (ssl);                                CHK_SSL(err);
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambuc  /* Get the cipher - opt */
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambuc  fprintf (log, "SSL connection using %s\n", SSL_get_cipher (ssl));
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambuc  /* Get client's certificate (note: beware of dynamic allocation) - opt */
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambuc  client_cert = SSL_get_peer_certificate (ssl);
*ebfedea0SLionel Sambuc  if (client_cert != NULL) {
*ebfedea0SLionel Sambuc    fprintf (log, "Client certificate:\n");
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambuc    str = X509_NAME_oneline (X509_get_subject_name (client_cert));
*ebfedea0SLionel Sambuc    CHK_NULL(str);
*ebfedea0SLionel Sambuc    fprintf (log, "\t subject: %s\n", str);
*ebfedea0SLionel Sambuc    OPENSSL_free (str);
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambuc    str = X509_NAME_oneline (X509_get_issuer_name  (client_cert));
*ebfedea0SLionel Sambuc    CHK_NULL(str);
*ebfedea0SLionel Sambuc    fprintf (log, "\t issuer: %s\n", str);
*ebfedea0SLionel Sambuc    OPENSSL_free (str);
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambuc    /* We could do all sorts of certificate verification stuff here before
*ebfedea0SLionel Sambuc       deallocating the certificate. */
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambuc    X509_free (client_cert);
*ebfedea0SLionel Sambuc  } else
*ebfedea0SLionel Sambuc    fprintf (log, "Client doe not have certificate.\n");
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambuc  /* ------------------------------------------------- */
*ebfedea0SLionel Sambuc  /* DATA EXCHANGE: Receive message and send reply  */
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambuc  err = SSL_read (ssl, buf, sizeof(buf) - 1);  CHK_SSL(err);
*ebfedea0SLionel Sambuc  buf[err] = '\0';
*ebfedea0SLionel Sambuc  fprintf (log, "Got %d chars:'%s'\n", err, buf);
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambuc  err = SSL_write (ssl, "Loud and clear.", strlen("Loud and clear."));
*ebfedea0SLionel Sambuc  CHK_SSL(err);
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambuc  /* Clean up. */
*ebfedea0SLionel Sambuc
*ebfedea0SLionel Sambuc  fclose (log);
*ebfedea0SLionel Sambuc  SSL_free (ssl);
*ebfedea0SLionel Sambuc  SSL_CTX_free (ctx);
*ebfedea0SLionel Sambuc}
*ebfedea0SLionel Sambuc/* EOF - inetdserv.cpp */