把一个简单的socket到SSL套接字 [英] Turn a simple socket into an SSL socket
问题描述
我写了简单的C程序,这些程序使用套接字(客户和服务器)。
(UNIX / Linux的使用)
I wrote simple C programs, which are using sockets ('client' and 'server'). (UNIX/Linux usage)
在服务器端只是简单地创建一个socket:
The server side simply creates a socket:
sockfd = socket(AF_INET, SOCK_STREAM, 0);
和再结合它指向sockaddr:
And then binds it to sockaddr:
bind(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr));
和监听(并接受和阅读):
And listens (and accepts and reads):
listen(sockfd,5);
newsockfd = accept(sockfd, (struct sockaddr *) &cli_addr, &clilen);
read(newsockfd,buffer,255);
客户端创建插座,然后写入它。
The client creates the socket, and then writes to it.
现在,我想这个简单的连接到一个SSL连接转换,以最朴素,最秀丽,最巧妙,最快捷的方式。
Now, I want to convert this simple connection into an SSL connection, in the plainest, most idyllic, neatest and quickest way.
我试过 OpenSSL的添加到我的项目,但我不能找到一个简单的方法来实现我想要的东西。
I've tried to add OpenSSL to my project, but I can't find an easy way to implement what I want.
推荐答案
有使用OpenSSL时,几个步骤。你必须具有由它可以包含用私钥证书一定要指定证书的确切位置(这个例子有它的根)的SSL证书。有很多很好的教程在那里。
There are several steps when using OpenSSL. You must have an SSL certificate made which can contain the certificate with the private key be sure to specify the exact location of the certificate (this example has it in the root). There are a lot of good tutorials out there.
- And one from HP
一些包括:
#include <openssl/applink.c>
#include <openssl/bio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
您将需要初始化OpenSSL的:
You will need to initialize OpenSSL:
void InitializeSSL()
{
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
}
void DestroySSL()
{
ERR_free_strings();
EVP_cleanup();
}
void ShutdownSSL()
{
SSL_shutdown(ssl);
SSL_free(ssl);
}
现在的大部分的功能。您可能要加上连接的while循环。
Now for the bulk of the functionality. You may want to add a while loop on connections.
int sockfd, newsockfd;
SSL_CTX *sslctx;
SSL *cSSL;
InitializeSSL();
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd< 0)
{
//Log and Error
return;
}
struct sockaddr_in saiServerAddress;
bzero((char *) &saiServerAddress, sizeof(saiServerAddress));
saiServerAddress.sin_family = AF_INET;
saiServerAddress.sin_addr.s_addr = serv_addr;
saiServerAddress.sin_port = htons(aPortNumber);
bind(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr));
listen(sockfd,5);
newsockfd = accept(sockfd, (struct sockaddr *) &cli_addr, &clilen);
sslctx = SSL_CTX_new( SSLv23_server_method());
SSL_CTX_set_options(sslctx, SSL_OP_SINGLE_DH_USE);
int use_cert = SSL_CTX_use_certificate_file(sslctx, "/serverCertificate.pem" , SSL_FILETYPE_PEM);
int use_prv = SSL_CTX_use_PrivateKey_file(sslctx, "/serverCertificate.pem", SSL_FILETYPE_PEM);
cSSL = SSL_new(sslctx);
SSL_set_fd(cSSL, newsockfd );
//Here is the SSL Accept portion. Now all reads and writes must use SSL
ssl_err = SSL_accept(cSSL);
if(ssl_err <= 0)
{
//Error occurred, log and close down ssl
ShutdownSSL();
}
您就能够读取或写入使用:
You are then able read or write using:
SSL_read(cSSL, (char *)charBuffer, nBytesToRead);
SSL_write(cSSL, "Hi :3\n", 6);
这篇关于把一个简单的socket到SSL套接字的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
