aboutsummaryrefslogtreecommitdiff
path: root/openssl/demos/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/demos/ssl')
-rw-r--r--openssl/demos/ssl/cli.cpp110
-rw-r--r--openssl/demos/ssl/inetdsrv.cpp98
-rw-r--r--openssl/demos/ssl/serv.cpp152
3 files changed, 360 insertions, 0 deletions
diff --git a/openssl/demos/ssl/cli.cpp b/openssl/demos/ssl/cli.cpp
new file mode 100644
index 000000000..49cba5da0
--- /dev/null
+++ b/openssl/demos/ssl/cli.cpp
@@ -0,0 +1,110 @@
+/* cli.cpp - Minimal ssleay client for Unix
+ 30.9.1996, Sampo Kellomaki <sampo@iki.fi> */
+
+/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b
+ Simplified to be even more minimal
+ 12/98 - 4/99 Wade Scholine <wades@mail.cybg.com> */
+
+#include <stdio.h>
+#include <memory.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+
+#define CHK_NULL(x) if ((x)==NULL) exit (1)
+#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
+#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
+
+void main ()
+{
+ int err;
+ int sd;
+ struct sockaddr_in sa;
+ SSL_CTX* ctx;
+ SSL* ssl;
+ X509* server_cert;
+ char* str;
+ char buf [4096];
+ SSL_METHOD *meth;
+
+ SSLeay_add_ssl_algorithms();
+ meth = SSLv2_client_method();
+ SSL_load_error_strings();
+ ctx = SSL_CTX_new (meth); CHK_NULL(ctx);
+
+ CHK_SSL(err);
+
+ /* ----------------------------------------------- */
+ /* Create a socket and connect to server using normal socket calls. */
+
+ sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(sd, "socket");
+
+ memset (&sa, '\0', sizeof(sa));
+ sa.sin_family = AF_INET;
+ sa.sin_addr.s_addr = inet_addr ("127.0.0.1"); /* Server IP */
+ sa.sin_port = htons (1111); /* Server Port number */
+
+ err = connect(sd, (struct sockaddr*) &sa,
+ sizeof(sa)); CHK_ERR(err, "connect");
+
+ /* ----------------------------------------------- */
+ /* Now we have TCP conncetion. Start SSL negotiation. */
+
+ ssl = SSL_new (ctx); CHK_NULL(ssl);
+ SSL_set_fd (ssl, sd);
+ err = SSL_connect (ssl); CHK_SSL(err);
+
+ /* Following two steps are optional and not required for
+ data exchange to be successful. */
+
+ /* Get the cipher - opt */
+
+ printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
+
+ /* Get server's certificate (note: beware of dynamic allocation) - opt */
+
+ server_cert = SSL_get_peer_certificate (ssl); CHK_NULL(server_cert);
+ printf ("Server certificate:\n");
+
+ str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0);
+ CHK_NULL(str);
+ printf ("\t subject: %s\n", str);
+ OPENSSL_free (str);
+
+ str = X509_NAME_oneline (X509_get_issuer_name (server_cert),0,0);
+ CHK_NULL(str);
+ printf ("\t issuer: %s\n", str);
+ OPENSSL_free (str);
+
+ /* We could do all sorts of certificate verification stuff here before
+ deallocating the certificate. */
+
+ X509_free (server_cert);
+
+ /* --------------------------------------------------- */
+ /* DATA EXCHANGE - Send a message and receive a reply. */
+
+ err = SSL_write (ssl, "Hello World!", strlen("Hello World!")); CHK_SSL(err);
+
+ err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);
+ buf[err] = '\0';
+ printf ("Got %d chars:'%s'\n", err, buf);
+ SSL_shutdown (ssl); /* send SSL/TLS close_notify */
+
+ /* Clean up. */
+
+ close (sd);
+ SSL_free (ssl);
+ SSL_CTX_free (ctx);
+}
+/* EOF - cli.cpp */
diff --git a/openssl/demos/ssl/inetdsrv.cpp b/openssl/demos/ssl/inetdsrv.cpp
new file mode 100644
index 000000000..efd70d277
--- /dev/null
+++ b/openssl/demos/ssl/inetdsrv.cpp
@@ -0,0 +1,98 @@
+/* inetdserv.cpp - Minimal ssleay server for Unix inetd.conf
+ * 30.9.1996, Sampo Kellomaki <sampo@iki.fi>
+ * From /etc/inetd.conf:
+ * 1111 stream tcp nowait sampo /usr/users/sampo/demo/inetdserv inetdserv
+ */
+
+#include <stdio.h>
+#include <errno.h>
+
+#include "rsa.h" /* SSLeay stuff */
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+#define HOME "/usr/users/sampo/demo/"
+#define CERTF HOME "plain-cert.pem"
+#define KEYF HOME "plain-key.pem"
+
+#define CHK_NULL(x) if ((x)==NULL) exit (1)
+#define CHK_ERR(err,s) if ((err)==-1) \
+ { fprintf(log, "%s %d\n", (s), errno); exit(1); }
+#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(log); exit(2); }
+
+void main ()
+{
+ int err;
+ SSL_CTX* ctx;
+ SSL* ssl;
+ X509* client_cert;
+ char* str;
+ char buf [4096];
+ FILE* log;
+
+ log = fopen ("/dev/console", "a"); CHK_NULL(log);
+ fprintf (log, "inetdserv %ld\n", (long)getpid());
+
+ SSL_load_error_strings();
+ ctx = SSL_CTX_new (); CHK_NULL(ctx);
+
+ err = SSL_CTX_use_RSAPrivateKey_file (ctx, KEYF, SSL_FILETYPE_PEM);
+ CHK_SSL (err);
+
+ err = SSL_CTX_use_certificate_file (ctx, CERTF, SSL_FILETYPE_PEM);
+ CHK_SSL (err);
+
+ /* inetd has already opened the TCP connection, so we can get right
+ down to business. */
+
+ ssl = SSL_new (ctx); CHK_NULL(ssl);
+ SSL_set_fd (ssl, fileno(stdin));
+ err = SSL_accept (ssl); CHK_SSL(err);
+
+ /* Get the cipher - opt */
+
+ fprintf (log, "SSL connection using %s\n", SSL_get_cipher (ssl));
+
+ /* Get client's certificate (note: beware of dynamic allocation) - opt */
+
+ client_cert = SSL_get_peer_certificate (ssl);
+ if (client_cert != NULL) {
+ fprintf (log, "Client certificate:\n");
+
+ str = X509_NAME_oneline (X509_get_subject_name (client_cert));
+ CHK_NULL(str);
+ fprintf (log, "\t subject: %s\n", str);
+ OPENSSL_free (str);
+
+ str = X509_NAME_oneline (X509_get_issuer_name (client_cert));
+ CHK_NULL(str);
+ fprintf (log, "\t issuer: %s\n", str);
+ OPENSSL_free (str);
+
+ /* We could do all sorts of certificate verification stuff here before
+ deallocating the certificate. */
+
+ X509_free (client_cert);
+ } else
+ fprintf (log, "Client doe not have certificate.\n");
+
+ /* ------------------------------------------------- */
+ /* DATA EXCHANGE: Receive message and send reply */
+
+ err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);
+ buf[err] = '\0';
+ fprintf (log, "Got %d chars:'%s'\n", err, buf);
+
+ err = SSL_write (ssl, "Loud and clear.", strlen("Loud and clear."));
+ CHK_SSL(err);
+
+ /* Clean up. */
+
+ fclose (log);
+ SSL_free (ssl);
+ SSL_CTX_free (ctx);
+}
+/* EOF - inetdserv.cpp */
diff --git a/openssl/demos/ssl/serv.cpp b/openssl/demos/ssl/serv.cpp
new file mode 100644
index 000000000..b142c758d
--- /dev/null
+++ b/openssl/demos/ssl/serv.cpp
@@ -0,0 +1,152 @@
+/* serv.cpp - Minimal ssleay server for Unix
+ 30.9.1996, Sampo Kellomaki <sampo@iki.fi> */
+
+
+/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b
+ Simplified to be even more minimal
+ 12/98 - 4/99 Wade Scholine <wades@mail.cybg.com> */
+
+#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <memory.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+
+#include <openssl/rsa.h> /* SSLeay stuff */
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+
+/* define HOME to be dir for key and cert files... */
+#define HOME "./"
+/* Make these what you want for cert & key files */
+#define CERTF HOME "foo-cert.pem"
+#define KEYF HOME "foo-cert.pem"
+
+
+#define CHK_NULL(x) if ((x)==NULL) exit (1)
+#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
+#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
+
+void main ()
+{
+ int err;
+ int listen_sd;
+ int sd;
+ struct sockaddr_in sa_serv;
+ struct sockaddr_in sa_cli;
+ size_t client_len;
+ SSL_CTX* ctx;
+ SSL* ssl;
+ X509* client_cert;
+ char* str;
+ char buf [4096];
+ SSL_METHOD *meth;
+
+ /* SSL preliminaries. We keep the certificate and key with the context. */
+
+ SSL_load_error_strings();
+ SSLeay_add_ssl_algorithms();
+ meth = SSLv23_server_method();
+ ctx = SSL_CTX_new (meth);
+ if (!ctx) {
+ ERR_print_errors_fp(stderr);
+ exit(2);
+ }
+
+ if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) {
+ ERR_print_errors_fp(stderr);
+ exit(3);
+ }
+ if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) {
+ ERR_print_errors_fp(stderr);
+ exit(4);
+ }
+
+ if (!SSL_CTX_check_private_key(ctx)) {
+ fprintf(stderr,"Private key does not match the certificate public key\n");
+ exit(5);
+ }
+
+ /* ----------------------------------------------- */
+ /* Prepare TCP socket for receiving connections */
+
+ listen_sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(listen_sd, "socket");
+
+ memset (&sa_serv, '\0', sizeof(sa_serv));
+ sa_serv.sin_family = AF_INET;
+ sa_serv.sin_addr.s_addr = INADDR_ANY;
+ sa_serv.sin_port = htons (1111); /* Server Port number */
+
+ err = bind(listen_sd, (struct sockaddr*) &sa_serv,
+ sizeof (sa_serv)); CHK_ERR(err, "bind");
+
+ /* Receive a TCP connection. */
+
+ err = listen (listen_sd, 5); CHK_ERR(err, "listen");
+
+ client_len = sizeof(sa_cli);
+ sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len);
+ CHK_ERR(sd, "accept");
+ close (listen_sd);
+
+ printf ("Connection from %lx, port %x\n",
+ sa_cli.sin_addr.s_addr, sa_cli.sin_port);
+
+ /* ----------------------------------------------- */
+ /* TCP connection is ready. Do server side SSL. */
+
+ ssl = SSL_new (ctx); CHK_NULL(ssl);
+ SSL_set_fd (ssl, sd);
+ err = SSL_accept (ssl); CHK_SSL(err);
+
+ /* Get the cipher - opt */
+
+ printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
+
+ /* Get client's certificate (note: beware of dynamic allocation) - opt */
+
+ client_cert = SSL_get_peer_certificate (ssl);
+ if (client_cert != NULL) {
+ printf ("Client certificate:\n");
+
+ str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
+ CHK_NULL(str);
+ printf ("\t subject: %s\n", str);
+ OPENSSL_free (str);
+
+ str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0);
+ CHK_NULL(str);
+ printf ("\t issuer: %s\n", str);
+ OPENSSL_free (str);
+
+ /* We could do all sorts of certificate verification stuff here before
+ deallocating the certificate. */
+
+ X509_free (client_cert);
+ } else
+ printf ("Client does not have certificate.\n");
+
+ /* DATA EXCHANGE - Receive message and send reply. */
+
+ err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);
+ buf[err] = '\0';
+ printf ("Got %d chars:'%s'\n", err, buf);
+
+ err = SSL_write (ssl, "I hear you.", strlen("I hear you.")); CHK_SSL(err);
+
+ /* Clean up. */
+
+ close (sd);
+ SSL_free (ssl);
+ SSL_CTX_free (ctx);
+}
+/* EOF - serv.cpp */