- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
- #include <unistd.h> // Include functions related to POSIX operating system API
- #include <arpa/inet.h> // Include functions and structures for internet operations
- #include <netinet/in.h> // Include internet address family structures
- #include <openssl/ssl.h> // Include OpenSSL SSL/TLS library
- #include <openssl/err.h> // Include OpenSSL error handling functions
- // Define the file path for the server certificate
- #define SERVER_CERT "./server.crt"
- // Define the file path for the server's private key
- #define SERVER_KEY "./server.key"
- // Define the file path for the Certificate Authority (CA) certificate
- #define CA_CERT "./ca.crt"
- // Functions Prototypes
- void init_openssl(); // Initializes the OpenSSL library
- SSL_CTX* create_context(); // Creates an SSL context for the server
- void configure_context(SSL_CTX *ctx); // Configures SSL context for the server
- void handle_client(SSL *ssl); // Handle SSL connection with a client
- int main() {
- // Declares SSL context
- SSL_CTX *ctx;
- // Declares server socket file descriptor
- int server_fd;
- // Declares server address structure
- struct sockaddr_in addr;
- // Declares client socket file descriptor
- int client_fd;
- // Declares length of client address structure
- socklen_t len;
- // Declares SSL structure representing SSL connection
- SSL *ssl;
- // Initialize OpenSSL library
- init_openssl();
- // Create SSL context
- ctx = create_context();
- // Configure SSL context
- configure_context(ctx);
- // Create a TCP socket for the server
- server_fd = socket(AF_INET, SOCK_STREAM, 0);
- // Check if server socket creation was successful
- if (server_fd < 0) {
- // Print error message to stderr if socket creation fails
- perror("Unable to create socket");
- // Exit the program with failure status
- exit(EXIT_FAILURE);
- }
- // Initialize the server address structure with zeros
- memset(&addr, 0, sizeof(addr));
- // Set the address family to AF_INET (IPv4)
- addr.sin_family = AF_INET;
- // Set the IP address to INADDR_ANY, allowing connections from any interface
- addr.sin_addr.s_addr = htonl(INADDR_ANY);
- // Set the port number to 4433, converted to network byte order
- addr.sin_port = htons(4433);
- // Bind the server socket to the specified address
- if (bind(server_fd, (struct sockaddr*)&addr, sizeof(addr)) < 0) {
- // Print error message to stderr if binding fails
- perror("Unable to bind");
- exit(EXIT_FAILURE);
- }
- // Starts listening for incoming connections on the server socket
- if (listen(server_fd, 1) < 0) {
- // Prints error message to stderr if listening fails
- perror("Unable to listen");
- exit(EXIT_FAILURE);
- }
- // Print a message indicating that the server is listening on port 4433
- printf("Server listening on port 4433\n");
- // Infinite loop to continuously accept and handle client connections
- while (1) {
- // Accepts incoming connection and obtain client socket file descriptor
- client_fd = accept(server_fd, NULL, NULL);
- // Checks if accepting connection was successful
- if (client_fd < 0) {
- // Print error message to stderr if accepting connection fails
- perror("Unable to accept");
- exit(EXIT_FAILURE);
- }
- // Creates new SSL structure for the connection
- ssl = SSL_new(ctx);
- // Associates SSL structure with client socket file descriptor
- SSL_set_fd(ssl, client_fd);
- // Perform SSL handshake
- if (SSL_accept(ssl) <= 0) {
- // Print SSL handshake errors to stderr
- ERR_print_errors_fp(stderr);
- } else {
- handle_client(ssl); // Handle SSL connection with client
- }
- // Shutdown SSL connection
- SSL_shutdown(ssl);
- // Free SSL structure
- SSL_free(ssl);
- // Close client socket
- close(client_fd);
- }
- // Close the server socket
- close(server_fd);
- // Free the SSL context
- SSL_CTX_free(ctx);
- return 0;
- } // end of main()
- // Functions Definitions.
- // Func initializes the OpenSSL library
- // Input: None
- // Output: None
- void init_openssl() {
- // Load error strings for SSL functions
- SSL_load_error_strings();
- // Initialize the SSL library
- SSL_library_init();
- } // end of func
- /*
- Func creates an SSL context for the server
- Input: None
- Output: SSL_CTX* - Pointer to the created SSL context
- */
- SSL_CTX* create_context() {
- // declares a pointer method of type const SSL_METHOD
- const SSL_METHOD *method;
- // declares a pointer ctx of type SSL_CTX
- SSL_CTX *ctx;
- // Use TLS server method
- method = TLS_server_method();
- // Create new SSL context
- ctx = SSL_CTX_new(method);
- // Check if the SSL context creation was successful
- if (!ctx) {
- // Print error message to stderr if context creation fails
- perror("Unable to create SSL context");
- // Print OpenSSL error messages to stderr
- ERR_print_errors_fp(stderr);
- // Exit the program with failure status
- exit(EXIT_FAILURE);
- }
- // Load CA certificate file into the SSL context
- if (SSL_CTX_load_verify_locations(ctx, CA_CERT, NULL) != 1) {
- // Print error message to stderr if loading CA certificate fails
- perror("Unable to load CA certificate");
- // Print OpenSSL error messages to stderr
- ERR_print_errors_fp(stderr);
- exit(EXIT_FAILURE);
- }
- // returns the SSL context (ctx) from the function
- return ctx;
- } // end of func
- /*
- Func configures SSL context for the server
- Input: ctx: SSL_CTX* - Pointer to the SSL context to be configured
- Output: None
- */
- void configure_context(SSL_CTX *ctx) {
- // Enable automatic selection of elliptic curves
- SSL_CTX_set_ecdh_auto(ctx, 1);
- // Use server certificate file
- if (SSL_CTX_use_certificate_file(ctx, SERVER_CERT, SSL_FILETYPE_PEM) <= 0) {
- ERR_print_errors_fp(stderr); // Print error message if loading server certificate fails
- exit(EXIT_FAILURE); // Exit the program with failure status
- }
- // Use server private key file
- if (SSL_CTX_use_PrivateKey_file(ctx, SERVER_KEY, SSL_FILETYPE_PEM) <= 0) {
- ERR_print_errors_fp(stderr); // Print error message if loading server private key fails
- exit(EXIT_FAILURE);
- }
- // Require client certificate verification (optional)
- SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
- } // end of func
- /*
- Func handles SSL connection with a client
- Input: SSL *ssl - Pointer to the SSL structure representing the SSL connection
- Output: None
- */
- void handle_client(SSL *ssl) {
- // Prepare response message
- const char *response = "HTTP/1.1 200 OK\r\nContent-Length: 13\r\n\r\nHello, World!";
- // Send response to client
- SSL_write(ssl, response, strlen(response));
- } // end of func
[text] server.c
Viewer
*** This page was generated with the meta tag "noindex, nofollow". This happened because you selected this option before saving or the system detected it as spam. This means that this page will never get into the search engines and the search bot will not crawl it. There is nothing to worry about, you can still share it with anyone.
Editor
You can edit this paste and save as new: