堆栈内存溢出
  简体   繁体   English

使用openssl的服务器程序在尝试连接Linux中的标准客户端时显示错误

[英]server program using openssl shows error while trying to connect with a standard client in Linux

 原文  2012-06-08 09:37:00       c/ linux/ sockets/ ssl/ openssl

问题描述

Below is the c code for server program 下面是服务器程序的c代码 

#define RSA_SERVER_CERT "certificate.pem"
#define RSA_SERVER_KEY "private.pem"     
#define RSA_SERVER_CA_CERT "certificate.pem"
#define RSA_SERVER_CA_PATH "sys$common:[syshlp.examples.ssl]"     
#define ON 1
#define OFF 0     
#define RETURN_NULL(x) if ((x)==NULL) exit(1)
#define RETURN_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
#define RETURN_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(1); }
int main()
{    
    int err;
    int verify_client = OFF;
    int sock, connected, bytes_recieved , true = 1, pid;
    char send_data [1024] , recv_data[1024];
    struct sockaddr_in server_addr,client_addr;
    int sin_size;
    size_t client_len;
    char *str;
    char buf[4096];
    SSL_CTX *ctx;
    SSL *ssl;
    SSL_METHOD *meth;
    X509 *client_cert = NULL;
    short int s_port = 443;
    SSL_library_init();
    SSL_load_error_strings();
    meth = SSLv3_method();
    ctx = SSL_CTX_new(meth);     
    if (!ctx) 
    {    
        ERR_print_errors_fp(stderr);
        exit(1);     
    }    
    if (SSL_CTX_use_certificate_file(ctx, RSA_SERVER_CERT, SSL_FILETYPE_PEM) <= 0)
    {    
        ERR_print_errors_fp(stderr);
        exit(1);    
    }    
    if (SSL_CTX_use_PrivateKey_file(ctx, RSA_SERVER_KEY, SSL_FILETYPE_PEM) <= 0) 
    {    
            ERR_print_errors_fp(stderr);
            exit(1);    
    }    
    if (!SSL_CTX_check_private_key(ctx))
    {    
            fprintf(stderr,"Private key does not match the certificate public key\n");
            exit(1);    
    }    
    if(verify_client == ON)
    {    
        if (!SSL_CTX_load_verify_locations(ctx, RSA_SERVER_CA_CERT, NULL)) 
        {    
            ERR_print_errors_fp(stderr);
            exit(1);    
        }    
        SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL);
        SSL_CTX_set_verify_depth(ctx,1);    
    }    
    sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
    RETURN_ERR(sock, "socket");
    memset (&server_addr, '\0', sizeof(server_addr));
    server_addr.sin_family = AF_INET;
    server_addr.sin_port = htons(s_port);
    server_addr.sin_addr.s_addr = INADDR_ANY;
    bzero(&(server_addr.sin_zero),8);
    err = bind(sock, (struct sockaddr *)&server_addr, sizeof(struct sockaddr));
    RETURN_ERR(err, "bind");
    err = listen(sock, 5);
    RETURN_ERR(err, "listen");
    client_len = sizeof(client_addr);
    printf("\nSSL Server Waiting for client on port 443");
    fflush(stdout);     
    sin_size = sizeof(struct sockaddr_in);
    connected = accept(sock, (struct sockaddr *)&client_addr,&sin_size);
    RETURN_ERR(connected, "accept");
    close(sock);
    printf("\n I got a connection from (%s , %d)", inet_ntoa(client_addr.sin_addr), ntohs(client_addr.sin_port));
    ssl = SSL_new(ctx);
    RETURN_NULL(ssl);
    SSL_set_fd(ssl, connected);
    err = SSL_accept(ssl);
    RETURN_SSL(err);
    printf("SSL connection using %s\n", SSL_get_cipher (ssl));    
    if (verify_client == ON)
    {    
    client_cert = SSL_get_peer_certificate(ssl);    
    }  
    //necessary code for sending and recieving irrelevant to the issue
    err = SSL_shutdown(ssl);
    RETURN_SSL(err);
    err = close(sock);
    RETURN_ERR(err, "close");
    SSL_free(ssl);
    SSL_CTX_free(ctx);
    close(sock);
    return 0;    
}

code for client program is: 客户端程序的代码是: 

#define RETURN_NULL(x) if ((x)==NULL) exit (1)
#define RETURN_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
#define RETURN_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(1); }
static int verify_callback(int ok, X509_STORE_CTX *ctx);
#define RSA_CLIENT_CERT "certificate.pem"
#define RSA_CLIENT_KEY "private.pem"
#define RSA_CLIENT_CA_CERT "certificate.pem"
#define RSA_CLIENT_CA_PATH "sys$common:[syshlp.examples.ssl]"
#define ON 1
#define OFF 0
int main()
{
    int sock, err, verify_client = OFF;  
    char recv_data[1024];
    char  *str;
    struct hostent *host;
    struct sockaddr_in server_addr;    
    SSL_CTX *ctx;
    SSL *ssl;
    SSL_METHOD *meth;
    X509 *server_cert;
    EVP_PKEY *pkey;   
    short int s_port = 443;
    const char *s_ipaddr = "127.0.0.1";    
    SSL_library_init();
    SSL_load_error_strings();
    meth = SSLv3_method();
    ctx = SSL_CTX_new(meth);
    RETURN_NULL(ctx);    
    if(verify_client == ON)
    {
        if (SSL_CTX_use_certificate_file(ctx, RSA_CLIENT_CERT, SSL_FILETYPE_PEM) <= 0)
        {
            ERR_print_errors_fp(stderr);
        exit(1);
        }
        if (SSL_CTX_use_PrivateKey_file(ctx, RSA_CLIENT_KEY, SSL_FILETYPE_PEM) <= 0)
        {
            ERR_print_errors_fp(stderr);
    exit(1);
        }
        if (!SSL_CTX_check_private_key(ctx))
        {
            fprintf(stderr,"Private key does not match the certificate public key\n");
            exit(1);
        }
    }    
    if (!SSL_CTX_load_verify_locations(ctx, RSA_CLIENT_CA_CERT, NULL))
    {
         ERR_print_errors_fp(stderr);
         exit(1);
     }
     SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL);
     SSL_CTX_set_verify_depth(ctx,1);
     sock = socket(AF_INET, SOCK_STREAM, 0);
     RETURN_ERR(sock, "socket");
     memset (&server_addr, '\0', sizeof(server_addr));        
     server_addr.sin_family = AF_INET;     
     server_addr.sin_port = htons(s_port);
     server_addr.sin_addr.s_addr = inet_addr(s_ipaddr);
     bzero(&(server_addr.sin_zero),8); 
     err = connect(sock, (struct sockaddr *)&server_addr, sizeof(struct sockaddr));
     RETURN_ERR(err, "connect");
     ssl = SSL_new (ctx);
     RETURN_NULL(ssl);
     SSL_set_fd(ssl, sock);
     err = SSL_connect(ssl);
     RETURN_SSL(err);
     printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
     server_cert = SSL_get_peer_certificate (ssl);        
     //necessary code irrelevant to the issue
     err = SSL_shutdown(ssl);
     RETURN_SSL(err);
     err = close(sock);
     RETURN_ERR(err, "close");
     SSL_free(ssl);
     SSL_CTX_free(ctx);
     fclose(log); 
     return 0;
}

when the above code run in two linux systems it worked, when i tried the above server program to connect with a standard client using terminal using the command openssl s_client -connect localhost:443 , it shows as below 当上面的代码在两个linux系统中运行时,当我尝试上面的服务器程序使用命令openssl s_client -connect localhost:443使用终端连接标准客户端时,它显示如下 

connect: Connection refused
connect:errno=111

Why is this happening? 为什么会这样? And is there any way I can resolve it? 有什么方法可以解决它吗? Thanks in advance. 提前致谢。

1 个解决方案

解决方案1
 3 已采纳  2012-06-10 15:20:23

I am not getting the connection refused error with this code. 我没有使用此代码获得连接拒绝错误。

The problem is that openssl s_client -connect localhost:443 by default uses TSL v1. 问题是openssl s_client -connect localhost:443默认使用TSL v1。 But you have SSLV3. 但你有SSLV3。

SO you have to use 所以你必须使用 

openssl s_client -connect localhost:443 -ssl3

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用OpenSSL的客户端/服务器程序的文档 - Documentation for a client/server program with OpenSSL 无法使用TCP ip连接-使用C编程的Linux中的服务器客户端程序 - Not able to connect with tcp ip - server client program in linux using C programming 使用OpenSSL在C中保护客户端/服务器程序 - secure client/server program in C with OpenSSL Linux套接字客户端/服务器程序 - linux socket client/server program TCP套接字使用c Linux的一个程序中的客户端和服务器 - TCP socket Client and server in one program using c Linux 使用openssl时出现链接器错误 - Linker Error while using openssl 使用openssl在客户端/服务器中进行DES加密/解密 - DES encryption/decryption in client/server using openssl 将 android 客户端与 linux 中的 c 服务器连接 - Connect android client with c server in linux FTP服务器返回码:如何使用我自己的TCP服务器和Linux内置客户端连接主机 - FTP server return code: How to connect with a host using my own TCP server and Linux built-in client 使用 OCSP 装订在客户端程序中进行 OpenSSL 证书吊销检查 - OpenSSL certificate revocation check in client program using OCSP stapling
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM