openssl3.2 - 官方demo学习 - saccept.c
文章目录
- openssl3.2 - 官方demo学习 - saccept.c
- END
openssl3.2 - 官方demo学习 - saccept.c
建立TLSServer(使用了证书, 和证书中的私钥), 接收客户端的连接, 并将客户端发来的信息打印到屏幕
笔记
/*! \file saccept.c */
/*! \brief 建立TLSServer(使用了证书, 和证书中的私钥)接收客户端的连接, 并将客户端发来的信息打印到屏幕 *//** Copyright 1998-2017 The OpenSSL Project Authors. All Rights Reserved.** Licensed under the Apache License 2.0 (the "License"). You may not use* this file except in compliance with the License. You can obtain a copy* in the file LICENSE in the source distribution or at* https://www.openssl.org/source/license.html*//*-* A minimal program to serve an SSL connection.* It uses blocking.* saccept host:port* host is the interface IP to use. If any interface, use *:port* The default it *:4433** cc -I../../include saccept.c -L../.. -lssl -lcrypto -ldl*/#include <stdio.h>
#include <signal.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/ssl.h>#pragma comment(lib, "libcrypto.lib")
#pragma comment(lib, "libssl.lib")#include <openssl/applink.c> /*! for OPENSSL_Uplink(00007FF8B7EF0FE8,08): no OPENSSL_Applink */#define CERT_FILE "server.pem"static volatile int done = 0;void interrupt(int sig)
{done = 1;
}// linux才有的信号处理, VS2019中没有
#ifdef __unix__
void sigsetup(void)
{struct sigaction sa;/** Catch at most once, and don't restart the accept system call.*/sa.sa_flags = SA_RESETHAND;sa.sa_handler = interrupt;sigemptyset(&sa.sa_mask);sigaction(SIGINT, &sa, NULL);
}
#else
void sigsetup(void) {}
#endif // #ifdef __unix__int main(int argc, char *argv[])
{char *port = NULL;BIO *in = NULL;BIO *ssl_bio, *tmp;SSL_CTX *ctx;char buf[512];int ret = EXIT_FAILURE, i;if (argc <= 1)port = "*:4433";elseport = argv[1];ctx = SSL_CTX_new(TLS_server_method());if (!SSL_CTX_use_certificate_chain_file(ctx, CERT_FILE))goto err;if (!SSL_CTX_use_PrivateKey_file(ctx, CERT_FILE, SSL_FILETYPE_PEM))goto err;if (!SSL_CTX_check_private_key(ctx))goto err;/* Setup server side SSL bio */ssl_bio = BIO_new_ssl(ctx, 0);if ((in = BIO_new_accept(port)) == NULL)goto err;/** This means that when a new connection is accepted on 'in', The ssl_bio* will be 'duplicated' and have the new socket BIO push into it.* Basically it means the SSL BIO will be automatically setup*/BIO_set_accept_bios(in, ssl_bio);/* Arrange to leave server loop on interrupt */sigsetup();again:/** The first call will setup the accept socket, and the second will get a* socket. In this loop, the first actual accept will occur in the* BIO_read() function.*/if (BIO_do_accept(in) <= 0)goto err;while (!done) {// 阻塞的读i = BIO_read(in, buf, 512);if (i == 0) {/** If we have finished, remove the underlying BIO stack so the* next time we call any function for this BIO, it will attempt* to do an accept*/printf("Done\n");tmp = BIO_pop(in);BIO_free_all(tmp);goto again;}if (i < 0)goto err;fwrite(buf, 1, i, stdout);fflush(stdout);}ret = EXIT_SUCCESS;err:if (ret != EXIT_SUCCESS)ERR_print_errors_fp(stderr);BIO_free(in);return ret;
}