diff options
author | marha <marha@users.sourceforge.net> | 2009-06-28 22:07:26 +0000 |
---|---|---|
committer | marha <marha@users.sourceforge.net> | 2009-06-28 22:07:26 +0000 |
commit | 3562e78743202e43aec8727005182a2558117eca (patch) | |
tree | 8f9113a77d12470c5c851a2a8e4cb02e89df7d43 /openssl/demos/ssl | |
download | vcxsrv-3562e78743202e43aec8727005182a2558117eca.tar.gz vcxsrv-3562e78743202e43aec8727005182a2558117eca.tar.bz2 vcxsrv-3562e78743202e43aec8727005182a2558117eca.zip |
Checked in the following released items:
xkeyboard-config-1.4.tar.gz
ttf-bitstream-vera-1.10.tar.gz
font-alias-1.0.1.tar.gz
font-sun-misc-1.0.0.tar.gz
font-sun-misc-1.0.0.tar.gz
font-sony-misc-1.0.0.tar.gz
font-schumacher-misc-1.0.0.tar.gz
font-mutt-misc-1.0.0.tar.gz
font-misc-misc-1.0.0.tar.gz
font-misc-meltho-1.0.0.tar.gz
font-micro-misc-1.0.0.tar.gz
font-jis-misc-1.0.0.tar.gz
font-isas-misc-1.0.0.tar.gz
font-dec-misc-1.0.0.tar.gz
font-daewoo-misc-1.0.0.tar.gz
font-cursor-misc-1.0.0.tar.gz
font-arabic-misc-1.0.0.tar.gz
font-winitzki-cyrillic-1.0.0.tar.gz
font-misc-cyrillic-1.0.0.tar.gz
font-cronyx-cyrillic-1.0.0.tar.gz
font-screen-cyrillic-1.0.1.tar.gz
font-xfree86-type1-1.0.1.tar.gz
font-adobe-utopia-type1-1.0.1.tar.gz
font-ibm-type1-1.0.0.tar.gz
font-bitstream-type1-1.0.0.tar.gz
font-bitstream-speedo-1.0.0.tar.gz
font-bh-ttf-1.0.0.tar.gz
font-bh-type1-1.0.0.tar.gz
font-bitstream-100dpi-1.0.0.tar.gz
font-bh-lucidatypewriter-100dpi-1.0.0.tar.gz
font-bh-100dpi-1.0.0.tar.gz
font-adobe-utopia-100dpi-1.0.1.tar.gz
font-adobe-100dpi-1.0.0.tar.gz
font-util-1.0.1.tar.gz
font-bitstream-75dpi-1.0.0.tar.gz
font-bh-lucidatypewriter-75dpi-1.0.0.tar.gz
font-adobe-utopia-75dpi-1.0.1.tar.gz
font-bh-75dpi-1.0.0.tar.gz
bdftopcf-1.0.1.tar.gz
font-adobe-75dpi-1.0.0.tar.gz
mkfontscale-1.0.6.tar.gz
openssl-0.9.8k.tar.gz
bigreqsproto-1.0.2.tar.gz
xtrans-1.2.2.tar.gz
resourceproto-1.0.2.tar.gz
inputproto-1.4.4.tar.gz
compositeproto-0.4.tar.gz
damageproto-1.1.0.tar.gz
zlib-1.2.3.tar.gz
xkbcomp-1.0.5.tar.gz
freetype-2.3.9.tar.gz
pthreads-w32-2-8-0-release.tar.gz
pixman-0.12.0.tar.gz
kbproto-1.0.3.tar.gz
evieext-1.0.2.tar.gz
fixesproto-4.0.tar.gz
recordproto-1.13.2.tar.gz
randrproto-1.2.2.tar.gz
scrnsaverproto-1.1.0.tar.gz
renderproto-0.9.3.tar.gz
xcmiscproto-1.1.2.tar.gz
fontsproto-2.0.2.tar.gz
xextproto-7.0.3.tar.gz
xproto-7.0.14.tar.gz
libXdmcp-1.0.2.tar.gz
libxkbfile-1.0.5.tar.gz
libfontenc-1.0.4.tar.gz
libXfont-1.3.4.tar.gz
libX11-1.1.5.tar.gz
libXau-1.0.4.tar.gz
libxcb-1.1.tar.gz
xorg-server-1.5.3.tar.gz
Diffstat (limited to 'openssl/demos/ssl')
-rw-r--r-- | openssl/demos/ssl/cli.cpp | 110 | ||||
-rw-r--r-- | openssl/demos/ssl/inetdsrv.cpp | 98 | ||||
-rw-r--r-- | openssl/demos/ssl/serv.cpp | 152 |
3 files changed, 360 insertions, 0 deletions
diff --git a/openssl/demos/ssl/cli.cpp b/openssl/demos/ssl/cli.cpp new file mode 100644 index 000000000..49cba5da0 --- /dev/null +++ b/openssl/demos/ssl/cli.cpp @@ -0,0 +1,110 @@ +/* cli.cpp - Minimal ssleay client for Unix + 30.9.1996, Sampo Kellomaki <sampo@iki.fi> */ + +/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b + Simplified to be even more minimal + 12/98 - 4/99 Wade Scholine <wades@mail.cybg.com> */ + +#include <stdio.h> +#include <memory.h> +#include <errno.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> +#include <netdb.h> + +#include <openssl/crypto.h> +#include <openssl/x509.h> +#include <openssl/pem.h> +#include <openssl/ssl.h> +#include <openssl/err.h> + + +#define CHK_NULL(x) if ((x)==NULL) exit (1) +#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); } +#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); } + +void main () +{ + int err; + int sd; + struct sockaddr_in sa; + SSL_CTX* ctx; + SSL* ssl; + X509* server_cert; + char* str; + char buf [4096]; + SSL_METHOD *meth; + + SSLeay_add_ssl_algorithms(); + meth = SSLv2_client_method(); + SSL_load_error_strings(); + ctx = SSL_CTX_new (meth); CHK_NULL(ctx); + + CHK_SSL(err); + + /* ----------------------------------------------- */ + /* Create a socket and connect to server using normal socket calls. */ + + sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(sd, "socket"); + + memset (&sa, '\0', sizeof(sa)); + sa.sin_family = AF_INET; + sa.sin_addr.s_addr = inet_addr ("127.0.0.1"); /* Server IP */ + sa.sin_port = htons (1111); /* Server Port number */ + + err = connect(sd, (struct sockaddr*) &sa, + sizeof(sa)); CHK_ERR(err, "connect"); + + /* ----------------------------------------------- */ + /* Now we have TCP conncetion. Start SSL negotiation. */ + + ssl = SSL_new (ctx); CHK_NULL(ssl); + SSL_set_fd (ssl, sd); + err = SSL_connect (ssl); CHK_SSL(err); + + /* Following two steps are optional and not required for + data exchange to be successful. */ + + /* Get the cipher - opt */ + + printf ("SSL connection using %s\n", SSL_get_cipher (ssl)); + + /* Get server's certificate (note: beware of dynamic allocation) - opt */ + + server_cert = SSL_get_peer_certificate (ssl); CHK_NULL(server_cert); + printf ("Server certificate:\n"); + + str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0); + CHK_NULL(str); + printf ("\t subject: %s\n", str); + OPENSSL_free (str); + + str = X509_NAME_oneline (X509_get_issuer_name (server_cert),0,0); + CHK_NULL(str); + printf ("\t issuer: %s\n", str); + OPENSSL_free (str); + + /* We could do all sorts of certificate verification stuff here before + deallocating the certificate. */ + + X509_free (server_cert); + + /* --------------------------------------------------- */ + /* DATA EXCHANGE - Send a message and receive a reply. */ + + err = SSL_write (ssl, "Hello World!", strlen("Hello World!")); CHK_SSL(err); + + err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err); + buf[err] = '\0'; + printf ("Got %d chars:'%s'\n", err, buf); + SSL_shutdown (ssl); /* send SSL/TLS close_notify */ + + /* Clean up. */ + + close (sd); + SSL_free (ssl); + SSL_CTX_free (ctx); +} +/* EOF - cli.cpp */ diff --git a/openssl/demos/ssl/inetdsrv.cpp b/openssl/demos/ssl/inetdsrv.cpp new file mode 100644 index 000000000..efd70d277 --- /dev/null +++ b/openssl/demos/ssl/inetdsrv.cpp @@ -0,0 +1,98 @@ +/* inetdserv.cpp - Minimal ssleay server for Unix inetd.conf + * 30.9.1996, Sampo Kellomaki <sampo@iki.fi> + * From /etc/inetd.conf: + * 1111 stream tcp nowait sampo /usr/users/sampo/demo/inetdserv inetdserv + */ + +#include <stdio.h> +#include <errno.h> + +#include "rsa.h" /* SSLeay stuff */ +#include <openssl/crypto.h> +#include <openssl/x509.h> +#include <openssl/pem.h> +#include <openssl/ssl.h> +#include <openssl/err.h> + +#define HOME "/usr/users/sampo/demo/" +#define CERTF HOME "plain-cert.pem" +#define KEYF HOME "plain-key.pem" + +#define CHK_NULL(x) if ((x)==NULL) exit (1) +#define CHK_ERR(err,s) if ((err)==-1) \ + { fprintf(log, "%s %d\n", (s), errno); exit(1); } +#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(log); exit(2); } + +void main () +{ + int err; + SSL_CTX* ctx; + SSL* ssl; + X509* client_cert; + char* str; + char buf [4096]; + FILE* log; + + log = fopen ("/dev/console", "a"); CHK_NULL(log); + fprintf (log, "inetdserv %ld\n", (long)getpid()); + + SSL_load_error_strings(); + ctx = SSL_CTX_new (); CHK_NULL(ctx); + + err = SSL_CTX_use_RSAPrivateKey_file (ctx, KEYF, SSL_FILETYPE_PEM); + CHK_SSL (err); + + err = SSL_CTX_use_certificate_file (ctx, CERTF, SSL_FILETYPE_PEM); + CHK_SSL (err); + + /* inetd has already opened the TCP connection, so we can get right + down to business. */ + + ssl = SSL_new (ctx); CHK_NULL(ssl); + SSL_set_fd (ssl, fileno(stdin)); + err = SSL_accept (ssl); CHK_SSL(err); + + /* Get the cipher - opt */ + + fprintf (log, "SSL connection using %s\n", SSL_get_cipher (ssl)); + + /* Get client's certificate (note: beware of dynamic allocation) - opt */ + + client_cert = SSL_get_peer_certificate (ssl); + if (client_cert != NULL) { + fprintf (log, "Client certificate:\n"); + + str = X509_NAME_oneline (X509_get_subject_name (client_cert)); + CHK_NULL(str); + fprintf (log, "\t subject: %s\n", str); + OPENSSL_free (str); + + str = X509_NAME_oneline (X509_get_issuer_name (client_cert)); + CHK_NULL(str); + fprintf (log, "\t issuer: %s\n", str); + OPENSSL_free (str); + + /* We could do all sorts of certificate verification stuff here before + deallocating the certificate. */ + + X509_free (client_cert); + } else + fprintf (log, "Client doe not have certificate.\n"); + + /* ------------------------------------------------- */ + /* DATA EXCHANGE: Receive message and send reply */ + + err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err); + buf[err] = '\0'; + fprintf (log, "Got %d chars:'%s'\n", err, buf); + + err = SSL_write (ssl, "Loud and clear.", strlen("Loud and clear.")); + CHK_SSL(err); + + /* Clean up. */ + + fclose (log); + SSL_free (ssl); + SSL_CTX_free (ctx); +} +/* EOF - inetdserv.cpp */ diff --git a/openssl/demos/ssl/serv.cpp b/openssl/demos/ssl/serv.cpp new file mode 100644 index 000000000..b142c758d --- /dev/null +++ b/openssl/demos/ssl/serv.cpp @@ -0,0 +1,152 @@ +/* serv.cpp - Minimal ssleay server for Unix + 30.9.1996, Sampo Kellomaki <sampo@iki.fi> */ + + +/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b + Simplified to be even more minimal + 12/98 - 4/99 Wade Scholine <wades@mail.cybg.com> */ + +#include <stdio.h> +#include <unistd.h> +#include <stdlib.h> +#include <memory.h> +#include <errno.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> +#include <netdb.h> + +#include <openssl/rsa.h> /* SSLeay stuff */ +#include <openssl/crypto.h> +#include <openssl/x509.h> +#include <openssl/pem.h> +#include <openssl/ssl.h> +#include <openssl/err.h> + + +/* define HOME to be dir for key and cert files... */ +#define HOME "./" +/* Make these what you want for cert & key files */ +#define CERTF HOME "foo-cert.pem" +#define KEYF HOME "foo-cert.pem" + + +#define CHK_NULL(x) if ((x)==NULL) exit (1) +#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); } +#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); } + +void main () +{ + int err; + int listen_sd; + int sd; + struct sockaddr_in sa_serv; + struct sockaddr_in sa_cli; + size_t client_len; + SSL_CTX* ctx; + SSL* ssl; + X509* client_cert; + char* str; + char buf [4096]; + SSL_METHOD *meth; + + /* SSL preliminaries. We keep the certificate and key with the context. */ + + SSL_load_error_strings(); + SSLeay_add_ssl_algorithms(); + meth = SSLv23_server_method(); + ctx = SSL_CTX_new (meth); + if (!ctx) { + ERR_print_errors_fp(stderr); + exit(2); + } + + if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(3); + } + if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(4); + } + + if (!SSL_CTX_check_private_key(ctx)) { + fprintf(stderr,"Private key does not match the certificate public key\n"); + exit(5); + } + + /* ----------------------------------------------- */ + /* Prepare TCP socket for receiving connections */ + + listen_sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(listen_sd, "socket"); + + memset (&sa_serv, '\0', sizeof(sa_serv)); + sa_serv.sin_family = AF_INET; + sa_serv.sin_addr.s_addr = INADDR_ANY; + sa_serv.sin_port = htons (1111); /* Server Port number */ + + err = bind(listen_sd, (struct sockaddr*) &sa_serv, + sizeof (sa_serv)); CHK_ERR(err, "bind"); + + /* Receive a TCP connection. */ + + err = listen (listen_sd, 5); CHK_ERR(err, "listen"); + + client_len = sizeof(sa_cli); + sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len); + CHK_ERR(sd, "accept"); + close (listen_sd); + + printf ("Connection from %lx, port %x\n", + sa_cli.sin_addr.s_addr, sa_cli.sin_port); + + /* ----------------------------------------------- */ + /* TCP connection is ready. Do server side SSL. */ + + ssl = SSL_new (ctx); CHK_NULL(ssl); + SSL_set_fd (ssl, sd); + err = SSL_accept (ssl); CHK_SSL(err); + + /* Get the cipher - opt */ + + printf ("SSL connection using %s\n", SSL_get_cipher (ssl)); + + /* Get client's certificate (note: beware of dynamic allocation) - opt */ + + client_cert = SSL_get_peer_certificate (ssl); + if (client_cert != NULL) { + printf ("Client certificate:\n"); + + str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0); + CHK_NULL(str); + printf ("\t subject: %s\n", str); + OPENSSL_free (str); + + str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0); + CHK_NULL(str); + printf ("\t issuer: %s\n", str); + OPENSSL_free (str); + + /* We could do all sorts of certificate verification stuff here before + deallocating the certificate. */ + + X509_free (client_cert); + } else + printf ("Client does not have certificate.\n"); + + /* DATA EXCHANGE - Receive message and send reply. */ + + err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err); + buf[err] = '\0'; + printf ("Got %d chars:'%s'\n", err, buf); + + err = SSL_write (ssl, "I hear you.", strlen("I hear you.")); CHK_SSL(err); + + /* Clean up. */ + + close (sd); + SSL_free (ssl); + SSL_CTX_free (ctx); +} +/* EOF - serv.cpp */ |