diff options
Diffstat (limited to 'openssl/demos/ssl/inetdsrv.cpp')
| -rw-r--r-- | openssl/demos/ssl/inetdsrv.cpp | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/openssl/demos/ssl/inetdsrv.cpp b/openssl/demos/ssl/inetdsrv.cpp new file mode 100644 index 000000000..efd70d277 --- /dev/null +++ b/openssl/demos/ssl/inetdsrv.cpp @@ -0,0 +1,98 @@ +/* inetdserv.cpp - Minimal ssleay server for Unix inetd.conf + * 30.9.1996, Sampo Kellomaki <sampo@iki.fi> + * From /etc/inetd.conf: + * 1111 stream tcp nowait sampo /usr/users/sampo/demo/inetdserv inetdserv + */ + +#include <stdio.h> +#include <errno.h> + +#include "rsa.h" /* SSLeay stuff */ +#include <openssl/crypto.h> +#include <openssl/x509.h> +#include <openssl/pem.h> +#include <openssl/ssl.h> +#include <openssl/err.h> + +#define HOME "/usr/users/sampo/demo/" +#define CERTF HOME "plain-cert.pem" +#define KEYF HOME "plain-key.pem" + +#define CHK_NULL(x) if ((x)==NULL) exit (1) +#define CHK_ERR(err,s) if ((err)==-1) \ + { fprintf(log, "%s %d\n", (s), errno); exit(1); } +#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(log); exit(2); } + +void main () +{ + int err; + SSL_CTX* ctx; + SSL* ssl; + X509* client_cert; + char* str; + char buf [4096]; + FILE* log; + + log = fopen ("/dev/console", "a"); CHK_NULL(log); + fprintf (log, "inetdserv %ld\n", (long)getpid()); + + SSL_load_error_strings(); + ctx = SSL_CTX_new (); CHK_NULL(ctx); + + err = SSL_CTX_use_RSAPrivateKey_file (ctx, KEYF, SSL_FILETYPE_PEM); + CHK_SSL (err); + + err = SSL_CTX_use_certificate_file (ctx, CERTF, SSL_FILETYPE_PEM); + CHK_SSL (err); + + /* inetd has already opened the TCP connection, so we can get right + down to business. */ + + ssl = SSL_new (ctx); CHK_NULL(ssl); + SSL_set_fd (ssl, fileno(stdin)); + err = SSL_accept (ssl); CHK_SSL(err); + + /* Get the cipher - opt */ + + fprintf (log, "SSL connection using %s\n", SSL_get_cipher (ssl)); + + /* Get client's certificate (note: beware of dynamic allocation) - opt */ + + client_cert = SSL_get_peer_certificate (ssl); + if (client_cert != NULL) { + fprintf (log, "Client certificate:\n"); + + str = X509_NAME_oneline (X509_get_subject_name (client_cert)); + CHK_NULL(str); + fprintf (log, "\t subject: %s\n", str); + OPENSSL_free (str); + + str = X509_NAME_oneline (X509_get_issuer_name (client_cert)); + CHK_NULL(str); + fprintf (log, "\t issuer: %s\n", str); + OPENSSL_free (str); + + /* We could do all sorts of certificate verification stuff here before + deallocating the certificate. */ + + X509_free (client_cert); + } else + fprintf (log, "Client doe not have certificate.\n"); + + /* ------------------------------------------------- */ + /* DATA EXCHANGE: Receive message and send reply */ + + err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err); + buf[err] = '\0'; + fprintf (log, "Got %d chars:'%s'\n", err, buf); + + err = SSL_write (ssl, "Loud and clear.", strlen("Loud and clear.")); + CHK_SSL(err); + + /* Clean up. */ + + fclose (log); + SSL_free (ssl); + SSL_CTX_free (ctx); +} +/* EOF - inetdserv.cpp */ |