我用openssl做了一个应用程序,加密一个文件后通过网络传输:服务器端代码如下:
#include <afx.h>
#include <stdio.h>
#include <stdlib.h>
#include <memory.h>
#include <errno.h>
#include <sys/types.h>
#include <winsock.h>
//#include <windows.h>//#include <afxwin.h>#include <openssl/rsa.h> /* SSLeay stuff */
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/bio.h>
#pragma comment ( lib, "ssleay32.lib" )
#pragma comment ( lib, "libeay32.lib" )
#pragma comment ( lib, "RSAglue.lib" )
#pragma comment ( lib, "WSOCK32.lib" )#define CERTF "..\\chcert.pem"
#define KEYF "..\\chkey.pem"#define CHK_NULL(x) if ((x)==NULL) exit (1)
#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }void main ()
{
int err;
int listen_sd;
int sd;
size_t client_len; /*size_t的长度和int型的在一般情况下是一样的*/
SSL_CTX* ctx; /* ssl类型的BIO */
SSL* ssl;
X509* client_cert;
char* str;
char buf [4096];
SSL_METHOD *meth;
WSADATA wsaData;
struct sockaddr_in sa_serv;
struct sockaddr_in sa_cli;
if(::WSAStartup(0x202,&wsaData)!=0)
{
WSACleanup(); //*也需要一个对WSACleanup()的调用来释放为任务分配的所有资源。 exit(0);
}; SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
meth = SSLv23_server_method();//*创建本次会话连接所使用的协议,如果是客户端可以使用 ctx = SSL_CTX_new (meth);
if (!ctx) {
printf("创建SSL_CTX失败!\n");
exit(2);
}
if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) {
printf("加载证书失败!\n");
exit(3);
}
if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) {
printf("加载私钥失败!\n");
exit(4);
} if (!SSL_CTX_check_private_key(ctx)) {
printf("密钥证书不匹配!\n");
exit(5);
} /* Prepare TCP socket for receiving connections */ listen_sd = socket (AF_INET, SOCK_STREAM, 0);
CHK_ERR(listen_sd, "socket");
memset (&sa_serv, '\0', sizeof(sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
sa_serv.sin_port = htons (1111); /* Server Port number */
err = bind(listen_sd, (struct sockaddr*) &sa_serv, sizeof (sa_serv));
CHK_ERR(err, "bind");
/* Receive a TCP connection. */
err = listen (listen_sd, 5);
CHK_ERR(err, "listen");
client_len = sizeof(sa_cli);
sd = accept (listen_sd, (struct sockaddr*) &sa_cli, (int*)&client_len);
CHK_ERR(sd, "accept");
closesocket (listen_sd); printf ("Connection from %lx, port %x\n",
sa_cli.sin_addr.s_addr, sa_cli.sin_port);
/* ----------------------------------------------- */
/* TCP connection is ready. Do server side SSL. */ ssl = SSL_new (ctx); CHK_NULL(ssl);
SSL_set_fd (ssl, sd);
err = SSL_accept (ssl); CHK_SSL(err);
/* Get the cipher - opt */
printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
/* Get client's certificate (note: beware of dynamic allocation) - opt */ client_cert = SSL_get_peer_certificate (ssl);
if (client_cert != NULL) {
printf ("Client certificate:\n");
str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
CHK_NULL(str);
printf ("\t subject: %s\n", str);
OPENSSL_free (str);
str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0);
CHK_NULL(str);
printf ("\t issuer: %s\n", str);
OPENSSL_free (str);
/* We could do all sorts of certificate verification stuff here before
deallocating the certificate. */
X509_free (client_cert);
} else
printf ("Client does not have certificate.\n"); /* DATA EXCHANGE - Receive message and send reply. */ err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);
buf[err] = '\0';
printf ("Got %d chars:'%s'\n", err, buf);
err = SSL_write (ssl, "I hear you.", strlen("I hear you.")); CHK_SSL(err);
char* data = new char[100];
int i;
CFile Myfile;
Myfile.Open("c:\\1.txt", CFile::modeRead | CFile::typeBinary);
Myfile.Seek(0,CFile::begin);
for(;;)
{
i=Myfile.Read(data,100);
if(i=0)
break;
SSL_write (ssl, data, i);
}
printf("KEVIN GARNETT");
/* Clean up. */ closesocket (sd);
SSL_free (ssl);
SSL_CTX_free (ctx);
}
/* EOF - serv.cpp */
程序可以运行,但是文件传输好像有点问题,是不是加密后传输的过程很慢啊???
高手帮忙一下,程序中的不足之处。俺在这谢谢先。
#include <afx.h>
#include <stdio.h>
#include <stdlib.h>
#include <memory.h>
#include <errno.h>
#include <sys/types.h>
#include <winsock.h>
//#include <windows.h>//#include <afxwin.h>#include <openssl/rsa.h> /* SSLeay stuff */
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/bio.h>
#pragma comment ( lib, "ssleay32.lib" )
#pragma comment ( lib, "libeay32.lib" )
#pragma comment ( lib, "RSAglue.lib" )
#pragma comment ( lib, "WSOCK32.lib" )#define CERTF "..\\chcert.pem"
#define KEYF "..\\chkey.pem"#define CHK_NULL(x) if ((x)==NULL) exit (1)
#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }void main ()
{
int err;
int listen_sd;
int sd;
size_t client_len; /*size_t的长度和int型的在一般情况下是一样的*/
SSL_CTX* ctx; /* ssl类型的BIO */
SSL* ssl;
X509* client_cert;
char* str;
char buf [4096];
SSL_METHOD *meth;
WSADATA wsaData;
struct sockaddr_in sa_serv;
struct sockaddr_in sa_cli;
if(::WSAStartup(0x202,&wsaData)!=0)
{
WSACleanup(); //*也需要一个对WSACleanup()的调用来释放为任务分配的所有资源。 exit(0);
}; SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
meth = SSLv23_server_method();//*创建本次会话连接所使用的协议,如果是客户端可以使用 ctx = SSL_CTX_new (meth);
if (!ctx) {
printf("创建SSL_CTX失败!\n");
exit(2);
}
if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) {
printf("加载证书失败!\n");
exit(3);
}
if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) {
printf("加载私钥失败!\n");
exit(4);
} if (!SSL_CTX_check_private_key(ctx)) {
printf("密钥证书不匹配!\n");
exit(5);
} /* Prepare TCP socket for receiving connections */ listen_sd = socket (AF_INET, SOCK_STREAM, 0);
CHK_ERR(listen_sd, "socket");
memset (&sa_serv, '\0', sizeof(sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
sa_serv.sin_port = htons (1111); /* Server Port number */
err = bind(listen_sd, (struct sockaddr*) &sa_serv, sizeof (sa_serv));
CHK_ERR(err, "bind");
/* Receive a TCP connection. */
err = listen (listen_sd, 5);
CHK_ERR(err, "listen");
client_len = sizeof(sa_cli);
sd = accept (listen_sd, (struct sockaddr*) &sa_cli, (int*)&client_len);
CHK_ERR(sd, "accept");
closesocket (listen_sd); printf ("Connection from %lx, port %x\n",
sa_cli.sin_addr.s_addr, sa_cli.sin_port);
/* ----------------------------------------------- */
/* TCP connection is ready. Do server side SSL. */ ssl = SSL_new (ctx); CHK_NULL(ssl);
SSL_set_fd (ssl, sd);
err = SSL_accept (ssl); CHK_SSL(err);
/* Get the cipher - opt */
printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
/* Get client's certificate (note: beware of dynamic allocation) - opt */ client_cert = SSL_get_peer_certificate (ssl);
if (client_cert != NULL) {
printf ("Client certificate:\n");
str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
CHK_NULL(str);
printf ("\t subject: %s\n", str);
OPENSSL_free (str);
str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0);
CHK_NULL(str);
printf ("\t issuer: %s\n", str);
OPENSSL_free (str);
/* We could do all sorts of certificate verification stuff here before
deallocating the certificate. */
X509_free (client_cert);
} else
printf ("Client does not have certificate.\n"); /* DATA EXCHANGE - Receive message and send reply. */ err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);
buf[err] = '\0';
printf ("Got %d chars:'%s'\n", err, buf);
err = SSL_write (ssl, "I hear you.", strlen("I hear you.")); CHK_SSL(err);
char* data = new char[100];
int i;
CFile Myfile;
Myfile.Open("c:\\1.txt", CFile::modeRead | CFile::typeBinary);
Myfile.Seek(0,CFile::begin);
for(;;)
{
i=Myfile.Read(data,100);
if(i=0)
break;
SSL_write (ssl, data, i);
}
printf("KEVIN GARNETT");
/* Clean up. */ closesocket (sd);
SSL_free (ssl);
SSL_CTX_free (ctx);
}
/* EOF - serv.cpp */
程序可以运行,但是文件传输好像有点问题,是不是加密后传输的过程很慢啊???
高手帮忙一下,程序中的不足之处。俺在这谢谢先。
#include <stdio.h>
#include <memory.h>
#include <errno.h>
#include <sys/types.h>
#include <winsock.h>#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/bio.h>
#pragma comment ( lib, "ssleay32.lib" )
#pragma comment ( lib, "libeay32.lib" )
#pragma comment ( lib, "WSOCK32.lib" )
#define CHK_NULL(x) if ((x)==NULL) exit (1)
#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }void main ()
{
int err;
int sd;
SSL_CTX* ctx;
SSL* ssl;
X509* server_cert;
char* str;
char buf [4096];
SSL_METHOD *meth; WSADATA wsaData;
struct sockaddr_in sa;
if(::WSAStartup(0x202,&wsaData)!=0)
{
WSACleanup();
exit(0);
}; SSLeay_add_ssl_algorithms();
meth = SSLv2_client_method();
SSL_load_error_strings();
ctx = SSL_CTX_new (meth);
CHK_NULL(ctx); CHK_SSL(err);
/* Create a socket and connect to server using normal socket calls. */
sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(sd, "socket");
memset (&sa, '\0', sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = inet_addr ("127.0.0.1"); /* Server IP */
sa.sin_port = htons (1111); /* Server Port number */
err = connect(sd, (struct sockaddr*) &sa,
sizeof(sa)); CHK_ERR(err, "connect"); /* Now we have TCP conncetion. Start SSL negotiation. */
ssl = SSL_new (ctx); CHK_NULL(ssl);
SSL_set_fd (ssl, sd);
err = SSL_connect (ssl); CHK_SSL(err);
/* Following two steps are optional and not required for
data exchange to be successful. */
/* Get the cipher - opt */ printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
/* Get server's certificate (note: beware of dynamic allocation) - opt */ server_cert = SSL_get_peer_certificate (ssl); CHK_NULL(server_cert);
printf ("Server certificate:\n");
str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0);
CHK_NULL(str);
printf ("\t subject: %s\n", str);
OPENSSL_free (str); str = X509_NAME_oneline (X509_get_issuer_name (server_cert),0,0);
CHK_NULL(str);
printf ("\t issuer: %s\n", str);
OPENSSL_free (str); /* We could do all sorts of certificate verification stuff here before
deallocating the certificate. */ X509_free (server_cert);
/* DATA EXCHANGE - Send a message and receive a reply. */ err = SSL_write (ssl, "Hello World!", strlen("Hello World!")); CHK_SSL(err);
err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);
buf[err] = '\0';
printf ("Got %d chars:'%s'\n", err, buf);
CFile Myfile("C:\\23.txt",CFile::modeCreate|CFile::modeWrite);
char* data = new char[100];
int i;
for(;;)
{
i=SSL_read (ssl, data, 100);
if(i==0)
break;
Myfile.Write(data,i);
}
printf("KEVIN GARNETT"); SSL_shutdown (ssl); /* send SSL/TLS close_notify */ /* Clean up. */ closesocket(sd);
SSL_free (ssl);
SSL_CTX_free (ctx);
}
/* EOF - cli.cpp */