A simple ssl server

文件: ssl.tar.gz 大小: 4KB 下载: 下载

  /* A simple ssl server */
#include "common.h"
#include "server.h"

#include <sys/time.h>
#include <sys/resource.h>
#include <time.h>
#include <sys/times.h>

static int ssl_serve(ssl,s)
  SSL *ssl;
  int s;
  {
    char buf[BUFSIZZ+2];
    int r,len = 0;
    BIO *io,*ssl_bio;

    io=BIO_new(BIO_f_buffer());
    ssl_bio=BIO_new(BIO_f_ssl());
    BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE);
    BIO_push(io,ssl_bio);

    while(1){
      r=SSL_read(ssl,buf,BUFSIZZ);
      switch(SSL_get_error(ssl,r)){
        case SSL_ERROR_NONE:
                /* read 50k data */
              len += r;
                  if( len == (SIZE + 2) )
                          goto write;
                  //buf[r] = 0;
              //printf("recv = %s",buf);
                  break;
        case SSL_ERROR_ZERO_RETURN:
          goto write;
        case SSL_ERROR_SYSCALL:
          fprintf(stderr,
            "SSL Error: Premature close\n");
          goto done;
        default:
          berr_exit("SSL read problem");
      }
    }

write:
    if((r=BIO_puts
      (io,"OK\n"))<=0)
      err_exit("Write error");

    if((r=BIO_flush(io))<0)
      err_exit("Error flushing BIO");

/*    r=SSL_shutdown(ssl);
    if(!r){
      shutdown(s,1);
      r=SSL_shutdown(ssl);
    }

    switch(r){
      case 1:
        break;
      case 0:
      case -1:
      default:
        berr_exit("Shutdown failed");
    }
*/
done:
    SSL_free(ssl);
    close(s);

    return(0);
  }

int main(argc,argv)
  int argc;
  char **argv;
  {
    int sock,s;
    BIO *sbio;
    SSL_CTX *ctx;
    SSL *ssl;
    int r;
    pid_t pid;

        //long clk_tck = sysconf(_SC_CLK_TCK);

        struct rlimit rl = { 8192,8192};
        setrlimit(RLIMIT_NOFILE,&rl);

    /* Build our SSL context*/
    ctx=initialize_ctx(KEYFILE,PASSWORD);
    load_dh_params(ctx,DHFILE);

    sock=tcp_listen();

    while(1){
      if((s=accept(sock,0,0))<0)
        err_exit("Problem accepting");

          if((pid=fork())){
        close(s);
      }
      else {

                /*struct tms tm1,tm2;
                clock_t t;
                (void)times(&tm1);
                */
        sbio=BIO_new_socket(s,BIO_NOCLOSE);
        ssl=SSL_new(ctx);
        SSL_set_bio(ssl,sbio,sbio);

        if((r=SSL_accept(ssl)<=0))
          berr_exit("SSL accept error");

        ssl_serve(ssl,s);
                /*
                (void)times(&tm2);
                t = (tm2.tms_utime + tm2.tms_stime) - (tm1.tms_utime + tm1.tms_stime);
                printf("t = %ld\n",t);
                */
        exit(0);
      }
    }
    destroy_ctx(ctx);
    exit(0);
  }