Difference between revisions of "Simple TLS Server"
From OpenSSLWiki
Jump to navigationJump to searchLine 20: | Line 20: | ||
s = socket(AF_INET, SOCK_STREAM, 0); | s = socket(AF_INET, SOCK_STREAM, 0); | ||
+ | if (s < 0) { | ||
+ | perror("Unable to create socket"); | ||
+ | exit(EXIT_FAILURE); | ||
+ | } | ||
if (bind(s, (struct sockaddr*)&addr, sizeof(addr)) < 0) { | if (bind(s, (struct sockaddr*)&addr, sizeof(addr)) < 0) { |
Revision as of 12:04, 17 May 2015
The code below is a complete implementation of a minimal TLS server.
#include <stdio.h> #include <unistd.h> #include <sys/socket.h> #include <arpa/inet.h> #include <openssl/ssl.h> #include <openssl/err.h> int create_socket(int port) { int s; struct sockaddr_in addr; addr.sin_family = AF_INET; addr.sin_port = htons(port); addr.sin_addr.s_addr = htonl(INADDR_ANY); s = socket(AF_INET, SOCK_STREAM, 0); if (s < 0) { perror("Unable to create socket"); exit(EXIT_FAILURE); } if (bind(s, (struct sockaddr*)&addr, sizeof(addr)) < 0) { perror("Unable to bind"); exit(EXIT_FAILURE); } if (listen(s, 1) < 0) { perror("Unable to listen"); exit(EXIT_FAILURE); } return s; } void init_openssl() { SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); } void cleanup_openssl() { EVP_cleanup(); } SSL_CTX *create_context() { const SSL_METHOD *method; SSL_CTX *ctx; method = TLSv1_server_method(); ctx = SSL_CTX_new(method); if (!ctx) { perror("Unable to create SSL context"); ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); } return ctx; } int main(int argc, char **argv) { int sock; SSL_CTX *ctx; init_openssl(); ctx = create_context(); /* Set the key and cert */ if (SSL_CTX_use_certificate_file(ctx, "cert.pem", SSL_FILETYPE_PEM) < 0) { ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); } if (SSL_CTX_use_PrivateKey_file(ctx, "key.pem", SSL_FILETYPE_PEM) < 0 ) { ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); } sock = create_socket(4433); /* Handle connections */ while(1) { struct sockaddr_in addr; uint len = sizeof(addr); SSL *ssl; const char reply[] = "test\n"; uint client = accept(sock, (struct sockaddr*)&addr, &len); ssl = SSL_new(ctx); SSL_set_fd(ssl, client); if (SSL_accept(ssl) <= 0) { ERR_print_errors_fp(stderr); } else { SSL_write(ssl, reply, strlen(reply)); } SSL_free(ssl); close(client); } close(sock); SSL_CTX_free(ctx); cleanup_openssl(); }