HTTPS with openssl on linux in C/C++

2019-09-11 11:27发布

站内问答 / C++
948 1 4

I have a project where I need to create a secure http server in C/C++ on Linux and I've chosen to use openssl, however, when I try to include the applinker.c from their github I see a lot of errors, mostly because the file seems to be written for Windows.I would like to know if there is an alternative for Linux or how should I deal with this.

Here is the applinker.c code:

/*
* Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#define APPLINK_STDIN   1
#define APPLINK_STDOUT  2
#define APPLINK_STDERR  3
#define APPLINK_FPRINTF 4
#define APPLINK_FGETS   5
#define APPLINK_FREAD   6
#define APPLINK_FWRITE  7
#define APPLINK_FSETMOD 8
#define APPLINK_FEOF    9
#define APPLINK_FCLOSE  10      /* should not be used */

#define APPLINK_FOPEN   11      /* solely for completeness */
#define APPLINK_FSEEK   12
#define APPLINK_FTELL   13
#define APPLINK_FFLUSH  14
#define APPLINK_FERROR  15
#define APPLINK_CLEARERR 16
#define APPLINK_FILENO  17      /* to be used with below */

#define APPLINK_OPEN    18      /* formally can't be used, as flags can vary */
#define APPLINK_READ    19
#define APPLINK_WRITE   20
#define APPLINK_LSEEK   21
#define APPLINK_CLOSE   22
#define APPLINK_MAX     22      /* always same as last macro */

#ifndef APPMACROS_ONLY
# include <stdio.h>
# include <io.h>
# include <fcntl.h>

static void *app_stdin(void)
{
    return stdin;
}

static void *app_stdout(void)
{
    return stdout;
}

static void *app_stderr(void)
{
    return stderr;
}

static int app_feof(FILE *fp)
{
    return feof(fp);
}

static int app_ferror(FILE *fp)
{
    return ferror(fp);
}

static void app_clearerr(FILE *fp)
{
    clearerr(fp);
}

static int app_fileno(FILE *fp)
{
    return _fileno(fp);
}

static int app_fsetmod(FILE *fp, char mod)
{
    return _setmode(_fileno(fp), mod == 'b' ? _O_BINARY : _O_TEXT);
}

#ifdef __cplusplus
extern "C" {
#endif

__declspec(dllexport)
void **
# if defined(__BORLANDC__)
/*
 * __stdcall appears to be the only way to get the name
 * decoration right with Borland C. Otherwise it works
 * purely incidentally, as we pass no parameters.
 */
__stdcall
# else
__cdecl
# endif
OPENSSL_Applink(void)
{
    static int once = 1;
    static void *OPENSSL_ApplinkTable[APPLINK_MAX + 1] =
        { (void *)APPLINK_MAX };

    if (once) {
        OPENSSL_ApplinkTable[APPLINK_STDIN] = app_stdin;
        OPENSSL_ApplinkTable[APPLINK_STDOUT] = app_stdout;
        OPENSSL_ApplinkTable[APPLINK_STDERR] = app_stderr;
        OPENSSL_ApplinkTable[APPLINK_FPRINTF] = fprintf;
        OPENSSL_ApplinkTable[APPLINK_FGETS] = fgets;
        OPENSSL_ApplinkTable[APPLINK_FREAD] = fread;
        OPENSSL_ApplinkTable[APPLINK_FWRITE] = fwrite;
        OPENSSL_ApplinkTable[APPLINK_FSETMOD] = app_fsetmod;
        OPENSSL_ApplinkTable[APPLINK_FEOF] = app_feof;
        OPENSSL_ApplinkTable[APPLINK_FCLOSE] = fclose;

        OPENSSL_ApplinkTable[APPLINK_FOPEN] = fopen;
        OPENSSL_ApplinkTable[APPLINK_FSEEK] = fseek;
        OPENSSL_ApplinkTable[APPLINK_FTELL] = ftell;
        OPENSSL_ApplinkTable[APPLINK_FFLUSH] = fflush;
        OPENSSL_ApplinkTable[APPLINK_FERROR] = app_ferror;
        OPENSSL_ApplinkTable[APPLINK_CLEARERR] = app_clearerr;
        OPENSSL_ApplinkTable[APPLINK_FILENO] = app_fileno;

        OPENSSL_ApplinkTable[APPLINK_OPEN] = _open;
        OPENSSL_ApplinkTable[APPLINK_READ] = _read;
        OPENSSL_ApplinkTable[APPLINK_WRITE] = _write;
        OPENSSL_ApplinkTable[APPLINK_LSEEK] = _lseek;
        OPENSSL_ApplinkTable[APPLINK_CLOSE] = _close;

        once = 0;
    }

    return OPENSSL_ApplinkTable;
}

#ifdef __cplusplus
}
#endif
#endif

And here is a little snippet I prepared for testing the connection:

#include <iostream>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <unistd.h>
#include <cstring>
#include <cstdlib>
#include <cerrno>
#include <arpa/inet.h>
#include <cstdio>
#include <sys/stat.h>
#include <unordered_map>
#include <string>
#include <algorithm>
#include <fstream>
#include <thread>
#include "openssl-master/ms/applink.c"
#include "openssl-master/include/openssl/bio.h"
#include "openssl-master/include/openssl/ssl.h"
#include "openssl-master/include/openssl/err.h"

#define PORT 2024

void InitializeSSL()
{
    SSL_load_error_strings();
    SSL_library_init();
    OpenSSL_add_all_algorithms();
}

void DestroySSL()
{
    ERR_free_strings();
    EVP_cleanup();
}

void ShutdownSSL(SSL *ssl)
{
    SSL_shutdown(ssl);
    SSL_free(ssl);
}

int main(int argc, const char * argv[]) {
    int sockfd, newsockfd;
    SSL_CTX *sslctx;
    SSL *cSSL;

    InitializeSSL();
    struct sockaddr_in server;
    struct sockaddr_in from;

    SSL_CTX_set_options(sslctx, SSL_OP_SINGLE_DH_USE);
    int use_cert = SSL_CTX_use_certificate_file(sslctx, "/serverCertificate.pem" , SSL_FILETYPE_PEM);

    int use_prv = SSL_CTX_use_PrivateKey_file(sslctx, "/serverCertificate.pem", SSL_FILETYPE_PEM);


    int sd;

    if ((sd = socket (AF_INET, SOCK_STREAM, 0)) == -1)
    {
        perror ("socket() error.\n");
        return errno;
    }

    bzero (&server, sizeof (server));
    bzero (&from, sizeof (from));

    server.sin_family = AF_INET;
    server.sin_addr.s_addr = htonl (INADDR_ANY);
    server.sin_port = htons (PORT);

    if (bind (sd, (struct sockaddr *) &server, sizeof (struct sockaddr)) == -1)
    {
        perror ("bind() error.\n");
        return errno;
    }

    if (listen (sd, 5) == -1)
    {
        perror ("listen() error.\n");
        return errno;
    }

    int client;
    socklen_t length = sizeof (from);

    printf ("Waiting on port %d...\n",PORT);
    fflush (stdout);

    client = accept (sd, (struct sockaddr *) &from, &length);
    if (client < 0)
    {
        perror ("accept() error.\n");
        return 0;
    }

    cSSL = SSL_new(sslctx);
    SSL_set_fd(cSSL, client);
    int ssl_err = SSL_accept(cSSL);
    if(ssl_err <= 0)
    {
        ShutdownSSL(cSSL);
    }
    return 0;
}

And I compile it like this: g++ withssl.cpp libssl.a libcrypto.a -lssl -lcrypto -o server.bin

1条回答
仙女界的扛把子
2楼-- · 2019-09-11 12:02

Code looks good, I used Suse Leap 4.2.2 and performed these commands:

openssl version
OpenSSL 1.0.2j-fips   26 Sep 2016
sudo zypper in openssl-devel
g++ -std=c++11 main.cpp -lssl -lcrypto -o server

Because I am using the distro provided openssl I changed your code to include the standard headers like this:

#include <openssl/ssl.h>
#include <openssl/err.h>
// DONT NEED
// suggest instead of including C code, link to the libraries
// for example, /usr/lib64/libssl.so contains referenced functions
// observe the provided functions using a command like this
// readelf -a /usr/lib64/libssl.so | grep FUNC
// #include "openssl-master/ms/applink.c"

// WRONG PATH?
// suggest you use a distro provided openssl instead of building your own
// #include "openssl-master/include/openssl/bio.h"
// #include "openssl-master/include/openssl/ssl.h"
// #include "openssl-master/include/openssl/err.h"
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)