1. 首頁
  2. 問答
  3. SSL連接讀取中的垃圾值

SSL連接讀取中的垃圾值

2014-12-04 244 views
2

我使用SSL編寫了我的第一個服務器客戶端程序。我試圖在局域網內的兩臺臺式機之間發送和接收一些數據。但我在我的終端中收到垃圾價值。請幫幫我。如果SSL_write()和SSL_read()在出錯時返回負值,我的情況就是這樣,我明顯不知道原因。在wireshark中,我可以看到TCP用於我們的通信應該是SSL/TSLv1。以下是代碼。SSL連接讀取中的垃圾值

Client.c

#include <stdio.h> 
#include <errno.h> 
#include <unistd.h> 
#include <malloc.h> 
#include <string.h> 
#include <sys/socket.h> 
#include <resolv.h> 
#include <netdb.h> 
#include <openssl/ssl.h> 
#include <openssl/err.h> 

#define FAIL -1 

int OpenConnection(const char *hostname, int port) 
{ int sd; 
    struct hostent *host; 
    struct sockaddr_in addr; 

    if ((host = gethostbyname(hostname)) == NULL) 
    { 
     perror(hostname); 
     abort(); 
    } 
    sd = socket(PF_INET, SOCK_STREAM, 0); 
    bzero(&addr, sizeof(addr)); 
    addr.sin_family = AF_INET; 
    addr.sin_port = htons(port); 
    addr.sin_addr.s_addr = *(long*)(host->h_addr); 
    if (connect(sd, (struct sockaddr*)&addr, sizeof(addr)) != 0) 
    { 
     close(sd); 
     perror(hostname); 
     abort(); 
    } 
    else 
     puts("connection successful\n"); 
    return sd; 
} 

SSL_CTX* InitCTX(void) 
{ SSL_METHOD *method; 
    SSL_CTX *ctx; 

    OpenSSL_add_all_algorithms(); 
    SSL_load_error_strings(); 
    method = SSLv3_client_method(); 
    ctx = SSL_CTX_new(method); 
    if (ctx == NULL) 
    { 
     ERR_print_errors_fp(stderr); 
     abort(); 
    } 
    return ctx; 
} 



int main(int count, char *strings[]) 
{ SSL_CTX *ctx; 
    int server; 
    SSL *ssl; 
    char rcvbuf[1024]; 
    int byteswritten, bytesread; 
    char *hostname, *portnum; 
    char msgtobesent[100]; 
    if (count != 3) 
    { 
     printf("usage: %s <hostname> <portnum>\n", strings[0]); 
     exit(0); 
    } 
    printf ("Message to be sent to the SSL server: "); 
    fgets (msgtobesent, 100, stdin); 
    SSL_library_init(); 
    hostname=strings[1]; 
    portnum=strings[2]; 
    ctx = InitCTX(); 
    server = OpenConnection(hostname, atoi(portnum)); 
    ssl = SSL_new(ctx);  
    SSL_set_fd(ssl, server);  
    if (SSL_connect(ssl) == FAIL) 
     ERR_print_errors_fp(stderr); 
    else 
    { 
     printf("Connected with %s encryption\n", SSL_get_cipher(ssl)); 
     byteswritten = SSL_write(ssl, msgtobesent, strlen(msgtobesent)); 
     printf ("Written %d chars\n",byteswritten); 
     bytesread = SSL_read(ssl, rcvbuf, sizeof(rcvbuf)-1); 
     rcvbuf[bytesread] = '\0'; 
     printf ("Received %d chars: %s\n", bytesread, rcvbuf); 
    } 
SSL_free(ssl); 
close(server);   /* close socket */ 
SSL_CTX_free(ctx);  /* release context */ 
return 0; 
}

Server.c

#include <errno.h> 
#include <unistd.h> 
#include <malloc.h> 
#include <string.h> 
#include <arpa/inet.h> 
#include <sys/socket.h> 
#include <sys/types.h> 
#include <netinet/in.h> 
#include <resolv.h> 
#include "openssl/ssl.h" 
#include "openssl/err.h" 

#define FAIL -1 

int OpenListener(int port) 
{ 
    int sd; 
    struct sockaddr_in addr; 
    sd = socket(PF_INET, SOCK_STREAM, 0); 
    bzero(&addr, sizeof(addr)); 
    addr.sin_family = AF_INET; 
    addr.sin_port = htons(port); 
    addr.sin_addr.s_addr = INADDR_ANY; 
    if (bind(sd, (struct sockaddr*)&addr, sizeof(addr)) != 0) 
    { 
     perror("can't bind port"); 
     abort(); 
    } 
    else 
     puts("bind successful\n"); 
    if (listen(sd, 10) != 0) 
    { 
     perror("Can't configure listening port"); 
     abort(); 
    } 
    else 
     puts("listening successfully\n"); 
    return sd; 
} 

int isRoot() 
{ 
    if (getuid() != 0) 
    { 
     return 0; 
    } 
    else 
    { 
     return 1; 
    } 

} 

SSL_CTX* InitServerCTX(void) 
{ 
    const SSL_METHOD *method; 
    SSL_CTX *ctx; 
    OpenSSL_add_all_algorithms(); 
    SSL_load_error_strings(); /
    method = SSLv3_server_method(); 
    ctx = SSL_CTX_new(method); 
    if (ctx == NULL) 
    { 
     ERR_print_errors_fp(stderr); 
     abort(); 
    } 
    return ctx; 
} 

int main(int count, char *strings[]) 
{ 
    SSL_CTX *ctx; 
    int server, byteswritten, bytesread; 
    char *portnum; 
    char rcvbuf[1024]; 
    SSL *ssl; 
    char *msgtobesent; 
    if(!isRoot()) 
    { 
     printf("This program must be run as root/sudo user!!"); 
     exit(0); 
    } 
    if (count != 2) 
    { 
     printf("Usage: %s <portnum>\n", strings[0]); 
     exit(0); 
    } 
    SSL_library_init(); 
    portnum = strings[1]; 
    ctx = InitServerCTX();   
    server = OpenListener(atoi(portnum));  
    while (1) 
    { struct sockaddr_in addr; 
     socklen_t len = sizeof(addr); 
     int client = accept(server, (struct sockaddr*)&addr, &len); 
     printf("Connection: %s:%d\n",inet_ntoa(addr.sin_addr), ntohs(addr.sin_port)); 
     ssl = SSL_new(ctx);    
     SSL_set_fd(ssl, client);  
     bytesread= SSL_read(ssl, (void *)rcvbuf, sizeof(rcvbuf)-1); 
     rcvbuf[bytesread]='\0'; 
     printf ("Received %d chars: %s\n", bytesread, (char *)rcvbuf); 
     byteswritten = SSL_write(ssl, "this is from server", strlen("this is from server")); 
     printf ("Written %d chars\n",byteswritten); 

    } 
SSL_free(ssl); 
close(server);   
SSL_CTX_free(ctx);   
}

從終端輸出:

enter image description here

來源

2014-12-04 jeevan

+0

你好,有人在這裏? – jeevan 2014-12-05 05:04:20

回答

0

好的朋友,經過一些痛苦的瀏覽時間現在我知道如何使用SSL。下面的程序爲我工作。

客戶:

#include <stdio.h> 
#include <errno.h> 
#include <unistd.h> 
#include <malloc.h> 
#include <string.h> 
#include <sys/socket.h> 
#include <resolv.h> 
#include <netdb.h> 
#include <openssl/ssl.h> 
#include <openssl/err.h> 

#define FAIL -1 

int OpenConnection(const char *hostname, int port) 
{ int sd; 
    struct hostent *host; 
    struct sockaddr_in addr; 

    if ((host = gethostbyname(hostname)) == NULL) 
    { 
     perror(hostname); 
     abort(); 
    } 
    sd = socket(PF_INET, SOCK_STREAM, 0); 
    bzero(&addr, sizeof(addr)); 
    addr.sin_family = AF_INET; 
    addr.sin_port = htons(port); 
    addr.sin_addr.s_addr = *(long*)(host->h_addr); 
    if (connect(sd, (struct sockaddr*)&addr, sizeof(addr)) != 0) 
    { 
     close(sd); 
     perror(hostname); 
     abort(); 
    } 
    return sd; 
} 

SSL_CTX* InitCTX(void) 
{ SSL_METHOD *method; 
    SSL_CTX *ctx; 

    OpenSSL_add_all_algorithms(); /* Load cryptos, et.al. */ 
    SSL_load_error_strings(); /* Bring in and register error messages */ 
    method = SSLv3_client_method(); /* Create new client-method instance */ 
    ctx = SSL_CTX_new(method); /* Create new context */ 
    if (ctx == NULL) 
    { 
     ERR_print_errors_fp(stderr); 
     abort(); 
    } 
    return ctx; 
} 

void ShowCerts(SSL* ssl) 
{ X509 *cert; 
    char *line; 

    cert = SSL_get_peer_certificate(ssl); /* get the server's certificate */ 
    if (cert != NULL) 
    { 
     printf("Server certificates:\n"); 
     line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0); 
     printf("Subject: %s\n", line); 
     free(line);  /* free the malloc'ed string */ 
     line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0); 
     printf("Issuer: %s\n", line); 
     free(line);  /* free the malloc'ed string */ 
     X509_free(cert);  /* free the malloc'ed certificate copy */ 
    } 
    else 
     printf("No certificates.\n"); 
} 

int main(int count, char *strings[]) 
{ SSL_CTX *ctx; 
    int server; 
    SSL *ssl; 
    char buf[1024]; 
    int bytes; 
    char *hostname, *portnum; 

    if (count != 3) 
    { 
     printf("usage: %s <hostname> <portnum>\n", strings[0]); 
     exit(0); 
    } 
    SSL_library_init(); 
    hostname=strings[1]; 
    portnum=strings[2]; 

    ctx = InitCTX(); 
    server = OpenConnection(hostname, atoi(portnum)); 
    ssl = SSL_new(ctx);  /* create new SSL connection state */ 
    SSL_set_fd(ssl, server); /* attach the socket descriptor */ 
    if (SSL_connect(ssl) == FAIL) /* perform the connection */ 
     ERR_print_errors_fp(stderr); 
    else 
    { char *msg = "Hello???"; 

     printf("Connected with %s encryption\n", SSL_get_cipher(ssl)); 
     ShowCerts(ssl);  /* get any certs */ 
     SSL_write(ssl, msg, strlen(msg)); /* encrypt & send message */ 
     bytes = SSL_read(ssl, buf, sizeof(buf)); /* get reply & decrypt */ 
     buf[bytes] = 0; 
     printf("Received: \"%s\"\n", buf); 
     SSL_free(ssl);  /* release connection state */ 
    } 
    close(server);   /* close socket */ 
    SSL_CTX_free(ctx);  /* release context */ 
    return 0; 
}

服務器:

#include <errno.h> 
#include <unistd.h> 
#include <malloc.h> 
#include <string.h> 
#include <arpa/inet.h> 
#include <sys/socket.h> 
#include <sys/types.h> 
#include <netinet/in.h> 
#include <resolv.h> 
#include "openssl/ssl.h" 
#include "openssl/err.h" 

#define FAIL -1 

int OpenListener(int port) 
{ int sd; 
    struct sockaddr_in addr; 

    sd = socket(PF_INET, SOCK_STREAM, 0); 
    bzero(&addr, sizeof(addr)); 
    addr.sin_family = AF_INET; 
    addr.sin_port = htons(port); 
    addr.sin_addr.s_addr = INADDR_ANY; 
    if (bind(sd, (struct sockaddr*)&addr, sizeof(addr)) != 0) 
    { 
     perror("can't bind port"); 
     abort(); 
    } 
    if (listen(sd, 10) != 0) 
    { 
     perror("Can't configure listening port"); 
     abort(); 
    } 
    return sd; 
} 

int isRoot() 
{ 
    if (getuid() != 0) 
    { 
     return 0; 
    } 
    else 
    { 
     return 1; 
    } 

} 
SSL_CTX* InitServerCTX(void) 
{ SSL_METHOD *method; 
    SSL_CTX *ctx; 

    OpenSSL_add_all_algorithms(); /* load & register all cryptos, etc. */ 
    SSL_load_error_strings(); /* load all error messages */ 
    method = SSLv3_server_method(); /* create new server-method instance */ 
    ctx = SSL_CTX_new(method); /* create new context from method */ 
    if (ctx == NULL) 
    { 
     ERR_print_errors_fp(stderr); 
     abort(); 
    } 
    return ctx; 
} 

void LoadCertificates(SSL_CTX* ctx, char* CertFile, char* KeyFile) 
{ 
    /* set the local certificate from CertFile */ 
    if (SSL_CTX_use_certificate_file(ctx, CertFile, SSL_FILETYPE_PEM) <= 0) 
    { 
     ERR_print_errors_fp(stderr); 
     abort(); 
    } 
    /* set the private key from KeyFile (may be the same as CertFile) */ 
    if (SSL_CTX_use_PrivateKey_file(ctx, KeyFile, SSL_FILETYPE_PEM) <= 0) 
    { 
     ERR_print_errors_fp(stderr); 
     abort(); 
    } 
    /* verify private key */ 
    if (!SSL_CTX_check_private_key(ctx)) 
    { 
     fprintf(stderr, "Private key does not match the public certificate\n"); 
     abort(); 
    } 
} 

void ShowCerts(SSL* ssl) 
{ X509 *cert; 
    char *line; 

    cert = SSL_get_peer_certificate(ssl); /* Get certificates (if available) */ 
    if (cert != NULL) 
    { 
     printf("Server certificates:\n"); 
     line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0); 
     printf("Subject: %s\n", line); 
     free(line); 
     line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0); 
     printf("Issuer: %s\n", line); 
     free(line); 
     X509_free(cert); 
    } 
    else 
     printf("No certificates.\n"); 
} 

void Servlet(SSL* ssl) /* Serve the connection -- threadable */ 
{ char buf[1024]; 
    char reply[1024]; 
    int sd, bytes; 
    const char* HTMLecho="<html><body><pre>%s</pre></body></html>\n\n"; 

    if (SSL_accept(ssl) == FAIL)  /* do SSL-protocol accept */ 
     ERR_print_errors_fp(stderr); 
    else 
    { 
     ShowCerts(ssl);  /* get any certificates */ 
     bytes = SSL_read(ssl, buf, sizeof(buf)); /* get request */ 
     if (bytes > 0) 
     { 
      buf[bytes] = 0; 
      printf("Client msg: \"%s\"\n", buf); 
      sprintf(reply, HTMLecho, buf); /* construct reply */ 
      SSL_write(ssl, reply, strlen(reply)); /* send reply */ 
     } 
     else 
      ERR_print_errors_fp(stderr); 
    } 
    sd = SSL_get_fd(ssl);  /* get socket connection */ 
    SSL_free(ssl);   /* release SSL state */ 
    close(sd);   /* close connection */ 
} 

int main(int count, char *strings[]) 
{ SSL_CTX *ctx; 
    int server; 
    char *portnum; 

    if(!isRoot()) 
    { 
     printf("This program must be run as root/sudo user!!"); 
     exit(0); 
    } 
    if (count != 2) 
    { 
     printf("Usage: %s <portnum>\n", strings[0]); 
     exit(0); 
    } 
    SSL_library_init(); 

    portnum = strings[1]; 
    ctx = InitServerCTX();  /* initialize SSL */ 
    LoadCertificates(ctx, "mycert.pem", "mycert.pem"); /* load certs */ 
    server = OpenListener(atoi(portnum)); /* create server socket */ 
    while (1) 
    { struct sockaddr_in addr; 
     socklen_t len = sizeof(addr); 
     SSL *ssl; 

     int client = accept(server, (struct sockaddr*)&addr, &len); /* accept connection as usual */ 
     printf("Connection: %s:%d\n",inet_ntoa(addr.sin_addr), ntohs(addr.sin_port)); 
     ssl = SSL_new(ctx);    /* get new SSL state with context */ 
     SSL_set_fd(ssl, client);  /* set connection socket to SSL state */ 
     Servlet(ssl);   /* service connection */ 
    } 
    close(server);   /* close server socket */ 
    SSL_CTX_free(ctx);   /* release context */ 
}

以下命令用來爲您的項目的.pem文件:

OpenSSL的REQ -x509 -nodes -days 365 -newkey RSA :1024 -keyout mycert.pem -out mycert.pem

來源

2014-12-08 05:13:46 jeevan

相關問題

 相關問題