openssl3.2 - 官方demo学习 - server-arg.c
文章目录
- openssl3.2 - 官方demo学习 - server-arg.c
- 概述
- 笔记
- 备注
- END
openssl3.2 - 官方demo学习 - server-arg.c
概述
TLS服务器, 等客户端来连接; 如果客户端断开了, 通过释放bio来释放客户端socket, 然后继续通过bio读来aceept.
笔记
对于开源工程, 不可能有作者那么熟悉, 变量命名需要改下有利于理解逻辑.
VS2019带的变量改名功能挺好的.
过了一遍的程序:
/*!
\file server-arg.c
\brief TLS服务器, 等客户端来连接; 如果客户端断开了, 通过释放bio来释放客户端socket, 然后继续通过bio读来aceept.
*//** Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.** Licensed under the Apache License 2.0 (the "License"). You may not use* this file except in compliance with the License. You can obtain a copy* in the file LICENSE in the source distribution or at* https://www.openssl.org/source/license.html*//** A minimal program to serve an SSL connection. It uses blocking. It use the* SSL_CONF API with the command line. cc -I../../include server-arg.c* -L../.. -lssl -lcrypto -ldl*/#include <stdio.h>
#include <string.h>
#include <signal.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/ssl.h>#include "my_openSSL_lib.h"int main(int argc, char *argv[])
{char *psz_port = "*:4433";BIO *bio_ssl, *bio_tmp;SSL_CTX *ctx_ssl;SSL_CONF_CTX *ctx_ssl_cfg;char buf[512];BIO *bio_in = NULL;int ret = EXIT_FAILURE, i;char **args = argv + 1;int nargs = argc - 1;ctx_ssl = SSL_CTX_new(TLS_server_method());ctx_ssl_cfg = SSL_CONF_CTX_new();SSL_CONF_CTX_set_flags(ctx_ssl_cfg, SSL_CONF_FLAG_SERVER);SSL_CONF_CTX_set_flags(ctx_ssl_cfg, SSL_CONF_FLAG_CERTIFICATE);SSL_CONF_CTX_set_ssl_ctx(ctx_ssl_cfg, ctx_ssl);while (*args && **args == '-') {int rv;/* Parse standard arguments */rv = SSL_CONF_cmd_argv(ctx_ssl_cfg, &nargs, &args);if (rv == -3) {fprintf(stderr, "Missing argument for %s\n", *args);goto err;}if (rv < 0) {fprintf(stderr, "Error in command %s\n", *args);ERR_print_errors_fp(stderr);goto err;}/* If rv > 0 we processed something so proceed to next arg */if (rv > 0)continue;/* Otherwise application specific argument processing */if (strcmp(*args, "-port") == 0) {psz_port = args[1];if (psz_port == NULL) {fprintf(stderr, "Missing -port argument\n");goto err;}args += 2;nargs -= 2;continue;} else {fprintf(stderr, "Unknown argument %s\n", *args);goto err;}}if (!SSL_CONF_CTX_finish(ctx_ssl_cfg)) {fprintf(stderr, "Finish error\n");ERR_print_errors_fp(stderr);goto err;}
#ifdef ITERATE_CERTS/** Demo of how to iterate over all certificates in an SSL_CTX structure.*/{X509 *x;int rv;rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_FIRST);while (rv) {X509 *x = SSL_CTX_get0_certificate(ctx);X509_NAME_print_ex_fp(stdout, X509_get_subject_name(x), 0,XN_FLAG_ONELINE);printf("\n");rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_NEXT);}fflush(stdout);}
#endif/* Setup server side SSL bio */bio_ssl = BIO_new_ssl(ctx_ssl, 0);if ((bio_in = BIO_new_accept(psz_port)) == NULL)goto err;/** This means that when a new connection is accepted on 'in', The ssl_bio* will be 'duplicated' and have the new socket BIO push into it.* Basically it means the SSL BIO will be automatically setup*/BIO_set_accept_bios(bio_in, bio_ssl);again:/** The first call will setup the accept socket, and the second will get a* socket. In this loop, the first actual accept will occur in the* BIO_read() function.*/if (BIO_do_accept(bio_in) <= 0)goto err;for (;;) {i = BIO_read(bio_in, buf, 512); /*! 阻塞的读客户端连上服务器发来的信息, 如果此时没有客户端连接, 阻塞在这里 */if (i == 0) {/** If we have finished, remove the underlying BIO stack so the* next time we call any function for this BIO, it will attempt* to do an accept*/printf("Done\n");bio_tmp = BIO_pop(bio_in);BIO_free_all(bio_tmp);goto again;}if (i < 0)goto err;fwrite(buf, 1, i, stdout);fflush(stdout);}ret = EXIT_SUCCESS;err:if (ret != EXIT_SUCCESS)ERR_print_errors_fp(stderr);BIO_free(bio_in);return ret;
}备注
如果只是为了将库用起来, 库实现, 我们不用去看.
在官方给的demo中, 哪个API不知道啥意思, 去本地帮助中去查, 或者去网上去查. 知道意思就行. 防止逻辑理解不正确.