xref: /minix3/crypto/external/bsd/openssl/dist/demos/ssl/serv.cpp (revision ebfedea0ce5bbe81e252ddf32d732e40fb633fae) 
1  /* serv.cpp  -  Minimal ssleay server for Unix
2     30.9.1996, Sampo Kellomaki <sampo@iki.fi> */
3  
4  
5  /* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b
6     Simplified to be even more minimal
7     12/98 - 4/99 Wade Scholine <wades@mail.cybg.com> */
8  
9  #include <stdio.h>
10  #include <unistd.h>
11  #include <stdlib.h>
12  #include <memory.h>
13  #include <errno.h>
14  #include <sys/types.h>
15  #include <sys/socket.h>
16  #include <netinet/in.h>
17  #include <arpa/inet.h>
18  #include <netdb.h>
19  
20  #include <openssl/rsa.h>       /* SSLeay stuff */
21  #include <openssl/crypto.h>
22  #include <openssl/x509.h>
23  #include <openssl/pem.h>
24  #include <openssl/ssl.h>
25  #include <openssl/err.h>
26  
27  
28  /* define HOME to be dir for key and cert files... */
29  #define HOME "./"
30  /* Make these what you want for cert & key files */
31  #define CERTF  HOME "foo-cert.pem"
32  #define KEYF  HOME  "foo-cert.pem"
33  
34  
35  #define CHK_NULL(x) if ((x)==NULL) exit (1)
36  #define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
37  #define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
38  
main()39  void main ()
40  {
41    int err;
42    int listen_sd;
43    int sd;
44    struct sockaddr_in sa_serv;
45    struct sockaddr_in sa_cli;
46    size_t client_len;
47    SSL_CTX* ctx;
48    SSL*     ssl;
49    X509*    client_cert;
50    char*    str;
51    char     buf [4096];
52    SSL_METHOD *meth;
53  
54    /* SSL preliminaries. We keep the certificate and key with the context. */
55  
56    SSL_load_error_strings();
57    SSLeay_add_ssl_algorithms();
58    meth = SSLv23_server_method();
59    ctx = SSL_CTX_new (meth);
60    if (!ctx) {
61      ERR_print_errors_fp(stderr);
62      exit(2);
63    }
64  
65    if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) {
66      ERR_print_errors_fp(stderr);
67      exit(3);
68    }
69    if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) {
70      ERR_print_errors_fp(stderr);
71      exit(4);
72    }
73  
74    if (!SSL_CTX_check_private_key(ctx)) {
75      fprintf(stderr,"Private key does not match the certificate public key\n");
76      exit(5);
77    }
78  
79    /* ----------------------------------------------- */
80    /* Prepare TCP socket for receiving connections */
81  
82    listen_sd = socket (AF_INET, SOCK_STREAM, 0);   CHK_ERR(listen_sd, "socket");
83  
84    memset (&sa_serv, '\0', sizeof(sa_serv));
85    sa_serv.sin_family      = AF_INET;
86    sa_serv.sin_addr.s_addr = INADDR_ANY;
87    sa_serv.sin_port        = htons (1111);          /* Server Port number */
88  
89    err = bind(listen_sd, (struct sockaddr*) &sa_serv,
90  	     sizeof (sa_serv));                   CHK_ERR(err, "bind");
91  
92    /* Receive a TCP connection. */
93  
94    err = listen (listen_sd, 5);                    CHK_ERR(err, "listen");
95  
96    client_len = sizeof(sa_cli);
97    sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len);
98    CHK_ERR(sd, "accept");
99    close (listen_sd);
100  
101    printf ("Connection from %lx, port %x\n",
102  	  sa_cli.sin_addr.s_addr, sa_cli.sin_port);
103  
104    /* ----------------------------------------------- */
105    /* TCP connection is ready. Do server side SSL. */
106  
107    ssl = SSL_new (ctx);                           CHK_NULL(ssl);
108    SSL_set_fd (ssl, sd);
109    err = SSL_accept (ssl);                        CHK_SSL(err);
110  
111    /* Get the cipher - opt */
112  
113    printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
114  
115    /* Get client's certificate (note: beware of dynamic allocation) - opt */
116  
117    client_cert = SSL_get_peer_certificate (ssl);
118    if (client_cert != NULL) {
119      printf ("Client certificate:\n");
120  
121      str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
122      CHK_NULL(str);
123      printf ("\t subject: %s\n", str);
124      OPENSSL_free (str);
125  
126      str = X509_NAME_oneline (X509_get_issuer_name  (client_cert), 0, 0);
127      CHK_NULL(str);
128      printf ("\t issuer: %s\n", str);
129      OPENSSL_free (str);
130  
131      /* We could do all sorts of certificate verification stuff here before
132         deallocating the certificate. */
133  
134      X509_free (client_cert);
135    } else
136      printf ("Client does not have certificate.\n");
137  
138    /* DATA EXCHANGE - Receive message and send reply. */
139  
140    err = SSL_read (ssl, buf, sizeof(buf) - 1);                   CHK_SSL(err);
141    buf[err] = '\0';
142    printf ("Got %d chars:'%s'\n", err, buf);
143  
144    err = SSL_write (ssl, "I hear you.", strlen("I hear you."));  CHK_SSL(err);
145  
146    /* Clean up. */
147  
148    close (sd);
149    SSL_free (ssl);
150    SSL_CTX_free (ctx);
151  }
152  /* EOF - serv.cpp */
153