client&server.zip_client/server_openssl tcp server_tcp_服务端开发

#include <WinSock2.h> #include <stdio.h> #include <iostream> using namespace std; #include "openssl/ssl.h" #include "openssl/rand.h" int InitWinsock() { WORD wVersionRequested; WSADATA wsaData; int err; wVersionRequested = MAKEWORD(1,1); err = WSAStartup(wVersionRequested,&wsaData); if (err != 0) { return 0; } if (LOBYTE(wsaData.wVersion) != 1|| HIBYTE(wsaData.wVersion) != 1) { WSACleanup(); return 0; } } SOCKET CreateSocket() { SOCKET hsock = INVALID_SOCKET; hsock = socket(AF_INET,SOCK_STREAM,0); if (hsock == INVALID_SOCKET) { int last_error = WSAGetLastError(); printf("创建套接字失败，错误代码是：%s\n",last_error); } return hsock; } int ConnectServer(SOCKET hSocket) { SOCKADDR_IN addrSrv; addrSrv.sin_addr.S_un.S_addr = inet_addr("127.0.0.1"); addrSrv.sin_family = AF_INET; addrSrv.sin_port = htons(6000); //连接到服务器 int nRet = connect(hSocket,(SOCKADDR*)&addrSrv,sizeof(SOCKADDR)); if (nRet == SOCKET_ERROR) { int last_err = WSAGetLastError(); printf("连接失败，错误代码是：%s\n",last_err); return 0; } return 1; } int InitOpenSSL() { if (!SSL_library_init()) return 0; SSL_load_error_strings(); return 1; } //回调函数中要实现的功能就是把密码到buf这个字符缓冲区中（可使用strcpy等类似函数）， //并注意，密码的长度不要超过size。 int PasswordCB(char *buf,int size,int flag,void* userdata) { printf("input pass!\n"); scanf("%s",buf); const char* pass = "1993426"; if (size < strlen(pass)+1 || strcmp(buf,pass)) { printf("wrong!\n"); return 0; } strcpy(buf,pass); return strlen(buf); } int VerifyCB(int ok,X509_STORE_CTX *store) { if (!ok) { int err = X509_STORE_CTX_get_error(store); printf("%s:%s\n",err,X509_verify_cert_error_string(err)); } return ok; } SSL_CTX* InitSSLContext() { const SSL_METHOD *meth = NULL; SSL_CTX* ctx = NULL; meth = SSLv23_method(); ctx = SSL_CTX_new(meth); //加载客户端程序证书链 if (!SSL_CTX_use_certificate_chain_file(ctx,"ClientAppChain.pem")) { printf("加载客户端程序证书链失败！\n"); return NULL; } //回调函数中要实现的功能就是把密码到buf这个字符缓冲区中（可使用strcpy等类似函数）， //并注意，密码的长度不要超过size。 SSL_CTX_set_default_passwd_cb(ctx,PasswordCB); //加载客户端程序私钥文件 if (!SSL_CTX_use_PrivateKey_file(ctx,"ClientApp_PrivateKey.pem", SSL_FILETYPE_PEM)) { printf("加载客户端程序私钥文件失败！\n"); return NULL; } //加载客户端程序所信任的CA if (!SSL_CTX_load_verify_locations(ctx,"MyTestCA_Certificate.pem", NULL)) { printf("加载客户端程序所信任的CA失败！\n"); return NULL; } //加载OpenSSL默认信任的CA if (!SSL_CTX_set_default_verify_paths(ctx)) { printf("加载OpenSSL默认信任的CA失败！\n"); return NULL; } //验证深度为1 SSL_CTX_set_verify_depth(ctx,1); //前者要求服务器提供证书，后者用于输出Openssl //握手过程中验证服务器证书链失败时的错误信息 SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,VerifyCB); SSL_CTX_set_mode(ctx,SSL_MODE_AUTO_RETRY); return ctx; } //简单的校验，仅检查Common Name int CheckCertificate(SSL* ssl) { X509* cert = SSL_get_peer_certificate(ssl); if (cert == NULL) return 0; X509_NAME* subjectName = X509_get_subject_name(cert); if (subjectName == NULL) { printf("证书无效！\n"); return 0; } char buf[256]; char * str; if (X509_NAME_get_text_by_NID(subjectName, NID_commonName,buf,256)>0) { if (strcmp(buf,"ServerAPP") == 0) /*得到服务器端的证书并打印信息*/ str = X509_NAME_oneline(subjectName,0,0); printf("服务器端证书：%s\n",str); str = X509_NAME_oneline(X509_get_issuer_name(cert),0,0); printf("证书签署者：%s\n",str); return 1; } printf("证书无效！\n"); return 0; } int* CreateRand() { int seed[100]; srand((unsigned)time(NULL)); for(int i=0;i<100;i++) seed[i] = rand(); //RAND_seed(seed,sizeof(seed)); return seed; } void Test(SSL* ssl) { char buf[256]; while (1) { //从文件结构体指针stream中读取数据，每次读取一行。 //读取的数据保存在buf指向的字符数组中，每次最多读取bufsize-1个字符（第bufsize个字符赋'\0'）， //如果文件中的该行，不足bufsize个字符，则读完该行就结束。 if (!fgets(buf,sizeof(buf)/sizeof(buf[0]),stdin)) { SSL_shutdown(ssl); break; } int len = strlen(buf); int nSend = 0; while (nSend < len) { //将buf+nSend中，len-nSend数目的字节写入ssl //返回值nRet为成功写入的字节数 int nRet = SSL_write(ssl,buf+nSend,len-nSend); if (nRet <= 0) { printf("SSL_write发生错误！\n"); SSL_clear(ssl); break; } nSend += nRet; } } } void main() { if (!InitWinsock()) return; printf("InitWinsock!\n"); //SOCKET sockClient = INVALID_SOCKET; SSL_CTX* ctx = NULL; SSL* ssl = NULL; BIO *sbio = NULL; int nRet = 0; if (!InitOpenSSL()) return; ctx = InitSSLContext(); if (ctx == NULL) return; ssl = SSL_new(ctx); SOCKET sockClient = CreateSocket(); if (INVALID_SOCKET == sockClient) return; if (!ConnectServer(sockClient)) return; sbio = BIO_new_socket(sockClient,BIO_NOCLOSE); SSL_set_bio(ssl,sbio,sbio); //增加随机数的不确定性 RAND_seed(CreateRand(),sizeof(CreateRand())); /*TCP已建立！开始握手过程*/ printf("SSL开始握手过程！\n"); if (SSL_connect(ssl) <= 0) { printf("SSL握手错误！\n"); return ; } /*打印所有加密算法的信息*/ printf("SSL连接所用加密算法有：%s\n",SSL_get_cipher(ssl)); //printf("c"); if (!CheckCertificate(ssl)) return ; //printf("g"); Test(ssl); //SSL_write(ssl,"Hello world",strlen("Hello World!")); if (ssl) SSL_free(ssl); if (ctx) SSL_CTX_free(ctx); if (sockClient != INVALID_SOCKET) closesocket(sockClient); WSACleanup(); /*char recvBuf[100]; recv(sockClient,recvBuf,100,0); printf("%s\n",recvBuf); send(sockClient,"hello,I am Client",strlen("hello,I am Client")+1,0); closesocket(sockClient); WSACleanup();*/ }