使用pthread库实现openssl多线程ssl服务端和客户端_C 语言

服务端代码如下:

复制代码 代码如下:

#include <stdio.h>
#include <stdlib.h>
#include <memory.h>
#include <errno.h>
#ifndef    _WIN32
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <unistd.h>
#else
#include <winsock2.h>
#include <windows.h>
#endif
#include "pthread.h"
#include <openssl/rsa.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#define CERTF "certs/sslservercert.pem"
#define KEYF  "certs/sslserverkey.pem"
#define    CAFILE  "certs/cacert.pem"
pthread_mutex_t    mlock=PTHREAD_MUTEX_INITIALIZER;
static pthread_mutex_t *lock_cs;
static long *lock_count;
#define CHK_NULL(x) if ((x)==NULL) { printf("null\n"); }
#define CHK_ERR(err,s) if ((err)==-1) { printf(" -1 \n"); }
#define CHK_SSL(err) if ((err)==-1) {  printf(" -1 \n");}
#define    CAFILE  "certs/cacert.pem"

int  verify_callback_server(int ok, X509_STORE_CTX *ctx)
{
              printf("verify_callback_server \n");
        return ok;
}

int    SSL_CTX_use_PrivateKey_file_pass(SSL_CTX *ctx,char *filename,char *pass)
{
       EVP_PKEY     *pkey=NULL;
       BIO               *key=NULL;

       key=BIO_new(BIO_s_file());
       BIO_read_filename(key,filename);
       pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,pass);
       if(pkey==NULL)
       {
              printf("PEM_read_bio_PrivateKey err");
              return -1;
       }
       if (SSL_CTX_use_PrivateKey(ctx,pkey) <= 0)
       {
              printf("SSL_CTX_use_PrivateKey err\n");
              return -1;
       }
       BIO_free(key);
       return 1;
}

static int s_server_verify=SSL_VERIFY_NONE;
void * thread_main(void *arg)

       SOCKET s,AcceptSocket;
       WORD wVersionRequested;
       WSADATA wsaData;
       struct sockaddr_in  service;
       int    err;
      size_t             client_len;                                                                                           SSL_CTX             *ctx;
      SSL        *ssl;
      X509             *client_cert;
      char        *str;
      char    buf[1024];
      SSL_METHOD     *meth;

       ssl=(SSL *)arg;
       s=SSL_get_fd(ssl);
       err = SSL_accept (ssl);
      if(err<0)
       {
              printf("ssl accerr\n");
              return ;
       }
      printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
      client_cert = SSL_get_peer_certificate (ssl);
      if (client_cert != NULL)
      {
                   printf ("Client certificate:\n");
                     str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
                   CHK_NULL(str);
                   printf ("\t subject: %s\n", str);
                   OPENSSL_free (str);
                     str = X509_NAME_oneline (X509_get_issuer_name  (client_cert), 0, 0);
                   CHK_NULL(str);
                   printf ("\t issuer: %s\n", str);
                   OPENSSL_free (str);
                     X509_free (client_cert);
      }
      else
                  printf ("Client does not have certificate.\n");
       memset(buf,0,1024);
       err = SSL_read (ssl, buf, sizeof(buf) - 1);
       if(err<0)
       {
              printf("ssl read err\n");
              closesocket(s);
              return;
       }
       printf("get : %s\n",buf);
#if 0
      buf[err] = '\0';
      err = SSL_write (ssl, "I hear you.", strlen("I hear you."));  CHK_SSL(err);
#endif
      SSL_free (ssl);
       closesocket(s);
}

pthread_t pthreads_thread_id(void)
{
       pthread_t ret;

       ret=pthread_self();
       return(ret);
}

void pthreads_locking_callback(int mode, int type, char *file,
            int line)
{
       if (mode & CRYPTO_LOCK)
              {
              pthread_mutex_lock(&(lock_cs[type]));
              lock_count[type]++;
              }
       else
              {
              pthread_mutex_unlock(&(lock_cs[type]));
              }
}

int main ()
{
       int                  err;                
       int                  i;
       SOCKET        s,AcceptSocket;
       WORD           wVersionRequested;
       WSADATA            wsaData;
       struct sockaddr_in  service;
       pthread_tpid;
      size_t             client_len;
      SSL_CTX             *ctx;
      SSL               *ssl;
      X509             *client_cert;
       char        *str;
      char    buf[1024];
      SSL_METHOD     *meth;

      SSL_load_error_strings();
      SSLeay_add_ssl_algorithms();
      meth = SSLv3_server_method();
      ctx = SSL_CTX_new (meth);
      if (!ctx)
      {
                  ERR_print_errors_fp(stderr);
                  exit(2);
      }
       if ((!SSL_CTX_load_verify_locations(ctx,CAFILE,NULL)) ||
                (!SSL_CTX_set_default_verify_paths(ctx)))
    {
              printf("err\n");
              exit(1);
    }
      if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0)
      {
           ERR_print_errors_fp(stderr);
           exit(3);
      }
      if (SSL_CTX_use_PrivateKey_file_pass(ctx, KEYF, "123456") <= 0)
      {
                  ERR_print_errors_fp(stderr);
                  exit(4);
      }
       if (!SSL_CTX_check_private_key(ctx))
       {
                  fprintf(stderr,"Private key does not match the certificate public key\n");
                  exit(5);
      }
       s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|
                                SSL_VERIFY_CLIENT_ONCE;
       SSL_CTX_set_verify(ctx,s_server_verify,verify_callback_server);
       SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAFILE));
       wVersionRequested = MAKEWORD( 2, 2 );
       err = WSAStartup( wVersionRequested, &wsaData );
       if ( err != 0 )
       {
              printf("err\n");     
              return -1;
       }
       s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
       if(s<0) return -1;
       service.sin_family = AF_INET;
       service.sin_addr.s_addr = inet_addr("127.0.0.1");
       service.sin_port = htons(1111);
       if (bind( s, (SOCKADDR*) &service, sizeof(service)) == SOCKET_ERROR)
       {
              printf("bind() failed.\n");
              closesocket(s);
              return -1;
       }
    if (listen( s, 1 ) == SOCKET_ERROR)
              printf("Error listening on socket.\n");

       printf("recv .....\n");
       lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
       lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
       for (i=0; i<CRYPTO_num_locks(); i++)
       {
              lock_count[i]=0;
              pthread_mutex_init(&(lock_cs[i]),NULL);
       }
       CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
       CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
       while(1)
       {
              struct timeval tv;
              fd_set fdset;
              tv.tv_sec = 1;
              tv.tv_usec = 0;
              FD_ZERO(&fdset);
              FD_SET(s, &fdset);
           select(s+1, &fdset, NULL, NULL, (struct timeval *)&tv);
           if(FD_ISSET(s, &fdset))
              {
                     AcceptSocket=accept(s, NULL,NULL);
                     ssl = SSL_new (ctx);     
                    CHK_NULL(ssl);
                     err=SSL_set_fd (ssl, AcceptSocket);
                     if(err>0)
                     {
                            err=pthread_create(&pid,NULL,&thread_main,(void *)ssl);
                            pthread_detach(pid);
                     }
                     else
                            continue;
              }
       }
      SSL_CTX_free (ctx);
      return 0;
}

客户端代码如下:

复制代码 代码如下:

#include <stdio.h>
#include <memory.h>
#include <errno.h>
#ifndef    _WIN32
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <unistd.h>
#else
#include <windows.h>
#endif
#include "pthread.h"
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#define    MAX_T 1000
#define    CLIENTCERT       "certs/sslclientcert.pem"
#define    CLIENTKEY  "certs/sslclientkey.pem"
#define    CAFILE         "certs/cacert.pem"
static pthread_mutex_t *lock_cs;
static long *lock_count;

pthread_t pthreads_thread_id(void)
{
       pthread_t ret;

       ret=pthread_self();
       return(ret);
}

void pthreads_locking_callback(int mode, int type, char *file,
            int line)
{
       if (mode & CRYPTO_LOCK)
              {
              pthread_mutex_lock(&(lock_cs[type]));
              lock_count[type]++;
              }
       else
              {
              pthread_mutex_unlock(&(lock_cs[type]));
              }
}

int    verify_callback(int ok, X509_STORE_CTX *ctx)
{
       printf("verify_callback\n");
       return ok;
}

int    SSL_CTX_use_PrivateKey_file_pass(SSL_CTX *ctx,char *filename,char *pass)
{
       EVP_PKEY     *pkey=NULL;
       BIO               *key=NULL;

       key=BIO_new(BIO_s_file());
       BIO_read_filename(key,filename);
       pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,pass);
       if(pkey==NULL)
       {
              printf("PEM_read_bio_PrivateKey err");
              return -1;
       }
       if (SSL_CTX_use_PrivateKey(ctx,pkey) <= 0)
       {
              printf("SSL_CTX_use_PrivateKey err\n");
              return -1;
       }
       BIO_free(key);
       return 1;
}

void*thread_main(void *arg)
{
       int          err,buflen,read;
      int          sd;
       SSL_CTX             *ctx=(SSL_CTX *)arg;
       struct            sockaddr_in dest_sin;
       SOCKET        sock;
       PHOSTENT   phe;
       WORD           wVersionRequested;
       WSADATA            wsaData;
      SSL               *ssl;
      X509             *server_cert;
      char     *str;
      char        buf [1024];
      SSL_METHOD     *meth;
       FILE              *fp;

       wVersionRequested = MAKEWORD( 2, 2 );
       err = WSAStartup( wVersionRequested, &wsaData );
       if ( err != 0 )
       {
              printf("WSAStartup err\n");     
              return -1;
       }
       sock = socket(AF_INET, SOCK_STREAM, 0);
       dest_sin.sin_family = AF_INET;
       dest_sin.sin_addr.s_addr = inet_addr( "127.0.0.1" );
       dest_sin.sin_port = htons( 1111 );

again:
       err=connect( sock,(PSOCKADDR) &dest_sin, sizeof( dest_sin));
       if(err<0)
       {
              Sleep(1);
              goto again;
       }
    ssl = SSL_new (ctx);                       
       if(ssl==NULL)
       {
              printf("ss new err\n");
              return ;
       }
       SSL_set_fd(ssl,sock);
      err = SSL_connect (ssl);                   
      if(err<0)
       {
              printf("SSL_connect err\n");
              return;
       }
      printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
      server_cert = SSL_get_peer_certificate (ssl);     
      printf ("Server certificate:\n");
      str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0);
      printf ("\t subject: %s\n", str);
      OPENSSL_free (str);
      str = X509_NAME_oneline (X509_get_issuer_name  (server_cert),0,0);
      printf ("\t issuer: %s\n", str);
      OPENSSL_free (str); 
      X509_free (server_cert);
       err = SSL_write (ssl, "Hello World!", strlen("Hello World!"));
       if(err<0)
       {
              printf("ssl write err\n");
              return ;
       }
#if 0
       memset(buf,0,ONE_BUF_SIZE);
      err = SSL_read (ssl, buf, sizeof(buf) - 1);                 
       if(err<0)
       {
              printf("ssl read err\n");
              return ;
       }
      buf[err] = '\0';
      printf ("Got %d chars:'%s'\n", err, buf);
#endif
      SSL_shutdown (ssl);  /* send SSL/TLS close_notify */
      SSL_free (ssl);
       closesocket(sock);
}

int    main ()
{
       int          err,buflen,read;
      int          sd;

       struct            sockaddr_in dest_sin;
       SOCKETsock;
       PHOSTENT phe;
       WORD wVersionRequested;
       WSADATA wsaData;
      SSL_CTX             *ctx;
      SSL        *ssl;
      X509             *server_cert;
      char     *str;
      char        buf [1024];
      SSL_METHOD     *meth;
       int           i;
       pthread_tpid[MAX_T];

      SSLeay_add_ssl_algorithms();
      meth = SSLv3_client_method();
      SSL_load_error_strings();
      ctx = SSL_CTX_new (meth);                     
       if(ctx==NULL)
       {
              printf("ssl ctx new eer\n");
              return -1;
       }

       if (SSL_CTX_use_certificate_file(ctx, CLIENTCERT, SSL_FILETYPE_PEM) <= 0)
    {
        ERR_print_errors_fp(stderr);
        exit(3);
    }
    if (SSL_CTX_use_PrivateKey_file_pass(ctx, CLIENTKEY, "123456") <= 0)
    {
         ERR_print_errors_fp(stderr);
         exit(4);
     }
       lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
       lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
       for (i=0; i<CRYPTO_num_locks(); i++)
       {
              lock_count[i]=0;
              pthread_mutex_init(&(lock_cs[i]),NULL);
       }
       CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
       CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
       for(i=0;i<MAX_T;i++)
       {          
              err=pthread_create(&(pid[i]),NULL,&thread_main,(void *)ctx);
              if(err!=0)
              {
                     printf("pthread_create err\n");
                     continue;
              }
       }
       for (i=0; i<MAX_T; i++)
       {
              pthread_join(pid[i],NULL);
       }
      SSL_CTX_free (ctx);
      printf("test ok\n");
       return 0;
}

上述程序在windows下运行成功,采用了windows下的开源pthread库。
需要注意的是,如果多线程用openssl,需要设置两个回调函数

复制代码 代码如下:

CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);

时间: 2024-11-05 18:47:29

使用pthread库实现openssl多线程ssl服务端和客户端_C 语言的相关文章

tcp socket客户端和服务端示例分享_C 语言

以下是tcp socket客户端和服务端源码,代码简单大家参考使用吧 Tcp Server 复制代码 代码如下: #include <WinSock2.h>#include <stdio.h>#pragma comment(lib, "ws2_32.lib")int main(){// initial socket libraryWORD wVerisonRequested;WSADATA wsaData;int err;wVerisonRequested =

基于OpenLDAP服务端和客户端的SSL/TLS的配置方法

OpenLDAP 是最常用的目录服务之一,它是一个由开源社区及志愿者开发和管理的一个开源项目,提供了目录服务的所有功能,包括目录搜索.身份认证.安全通道.过滤器等等.大多数的 Linux 发行版里面都带有 OpenLDAP 的安装包.OpenLDAP 服务默认使用非加密的 TCP/IP 协议来接收服务的请求,并将查询结果传回到客户端.由于大多数目录服务都是用于系统的安全认证部分比如:用户登录和身份验证,所以它也支持使用基于 SSL/TLS 的加密协议来保证数据传送的保密性和完整性.OpenLDA

ssl-Java Tomcat SSL 服务端/客户端双向认证

问题描述 Java Tomcat SSL 服务端/客户端双向认证 http://www.blogjava.net/icewee/archive/2012/06/04/379947.html 按照这个文章做的,但是遇到了错误,,改了几天也改不掉 解决方案 所以都到不了选择继续浏览那一步,,,,,, 解决方案二: 望大神指教,,,研究几天了,,,qq784700042 解决方案三: 1.你的截图里面用的HTTP协议,应该用HTTPS,还要注意端口是否填写正确. 2.检查HTTPS的配置是否正确,最好

Git服务端和客户端安装过程

Git是一个开源的分布式的版本控制系统,由于git分布式体系结构,用户完全可以脱离git服务端在本地查看,编写和提交代码,而且Git的速度也非常快,适合大型,分布式的项目管理.下面是Git服务端和客户端安装的详细步骤. 1.物理环境 Git-server    Centos 5.8   git-1.8.3.tar.gz Git-client    Windows 7    SourceTreesetup.exe 2.Git服务端安装 2.1在http://pan.baidu.com/share/

bad file descriptor-使用线程的TCP回射服务端和客户端运行时错误

问题描述 使用线程的TCP回射服务端和客户端运行时错误 服务端serv.c: #include "unp.h" #include <pthread.h> void str_echo(int sockfd) { char buf[MAXLINE]; int n; while(( n = read(sockfd,buf,sizeof(buf)))>=0) { if (n ==0) { printf("client EOF,its use shutdown soc

自己编的SQL服务端加客户端

自己编的SQL服务端加客户端,具有语法解析和简单的数据库操作功能(没有使用MFC的数据库API).界面使用了CJ60Lib类库,语法显示使用了CrystalEdit类 . 登陆帐户:Aministrator: admin admin,可以添加帐户和更改帐户类型. Super User: superuser superuser,可以执行所有的操作. User: user user,只能执行查询功能. 简单功能介绍: 一.资料定义DDL (Data Definition Language) 1.建表

netty-Netty服务端和客户端的连接保持只有一个

问题描述 Netty服务端和客户端的连接保持只有一个 在实现了服务端和客户端的连接后,客户端每次重启后都和服务端进行重连,导致了一堆的channle的出现.但是只有一个最后一次的channel是有用的,其他都在timeout的时候回收.但是本身建立这么多channel是很费资源的,我如何保证一个客户端只和服务端建立一个长连接,其他都无法建立起来呢.我现在实现的框架是netty,请高手指点 解决方案 http://www.open-open.com/lib/view/open14288901877

聊天室-关于java的聊天程序,分服务端和客户端,请java大神帮我调试一下,我检查没编写错误

问题描述 关于java的聊天程序,分服务端和客户端,请java大神帮我调试一下,我检查没编写错误 //服务端 package chatApp; import java.net.*; import java.io.*; import java.util.*; public class chatserverthree implements Runnable { public static final int PORT=1234; protected ServerSocket listen; stat

java-使用socket通信服务端如何处理客户端请求

问题描述 使用socket通信服务端如何处理客户端请求 场景如下: 一个服务端,一个客户端通过socket连接服务端,假如客户端要请求服务端做一件事(如调用服务端A类的a方法), 因为socket传输的是字符串,所以我现在的做法是让客户端传一个标识符a到服务端,然后服务端 通过判断传过来的是a则调用A类的a方法, 如果我要执行A类的b方法,则传b过去再判断 我想问的是有没有更好的解决方案,或现成的框架可用 解决方案 如果你这样的需求,我觉得更适合HTTP.也许玩C++的更习惯于socket.之前