概述

本文主要讲到了openssl的基本使用方法，开发环境为windows，开发工具为VS2019.本文主要是说明openssl如何使用，不介绍任何理论知识，如果有不懂的，请自行百度。个人建议下一个everything查询工具，真的很好用，比window自带的查询快了很多，可以查询自己想要的文件

OPENSSL安装

安装过程网上有很多，OPENSSL安装，注意你安装的OPENSSL的版本以及位数（32位或者64位），假如我安装的是64位的openssl，安装目录为D:\Program Files\OpenSSL-Win64，你可以自行选择你的安装目录，安装完成后，查看安装的openssl版本，使用控制台输入openssl version即可

秘钥key和公钥的生成

在控制命令行中输入以下命令：

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365

网上有很多生成秘钥和公钥的文章，不过都没成功，最后在stackoverflow找到了可以用的方法，原文地址为：openssl秘钥和公钥的生成，以下是截图 Enter PEM pass phrase：提示输入pem文件的密码，注意，后面要用到这个密码，可以使用自己常用的密码，输入后会再次确认密码，然后就是一些基本信息，可以默认为空。截图如下，基本上这时候就得到了秘钥key.pem和公钥cert.pem，后面要用到这2个文件。，生成的位置为当前目录，比如我的就是在C:\Users\86138,即控制台的显示目录。

项目设置

使用VS创建一个控制台项目，创建一个客户端和服务器项目，由于我下载的是64位，openssl3.0版本。因此我项目也是64位的。 项目的配置，服务器端和客户端都是相同配置，这里我就只说一个即可，主要是设置openssl的lib和头文件的路径，这和使用任外部库都是一样的。截图如下，注意我的openssl安装位置为D:\Program Files\OpenSSL-Win64，请选择你安装位置即可。 预处理器里添加2个定义：CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS; 附加依赖项：libssl.lib;openssl.lib;libcrypto.lib;liblegacy.lib; 最后将前面生成的cert.pem和key.pem放到exe目录下，为什么放到这个目录，是因为下面的代码用到的这2个文件是当前目录，不管怎么样，只要能找到这2个文件即可。 配置很简单，就上面几步，基本上就可以了。

代码部分

客户端代码

#include

#include

#include

#include

# include

#include

#include

#include

#define FAIL -1

#pragma comment(lib, "Ws2_32.lib")

//Added the LoadCertificates how in the server-side makes.

int OpenConnection(const char* hostname, int port)

{

SOCKET sd;

struct hostent* host;

struct sockaddr_in addr;

WORD wVersionRequested;

WSADATA wsaData;

int err;

/* Use the MAKEWORD(lowbyte, highbyte) macro declared in Windef.h */

wVersionRequested = MAKEWORD(2, 2);

err = WSAStartup(wVersionRequested, &wsaData);

if (err != 0)

{

/* Tell the user that we could not find a usable */

/* Winsock DLL. */

printf("WSAStartup failed with error: %d\n", err);

return 1;

}

sd = socket(PF_INET, SOCK_STREAM, 0);

/////////////bzero(&addr, sizeof(addr));

addr.sin_family = AF_INET;

addr.sin_port = htons(port);

addr.sin_addr.s_addr = inet_addr(hostname);

int ret = connect(sd, (struct sockaddr*)&addr, sizeof(addr));

if ( ret != 0)

{

//close(sd);

perror(hostname);

abort();

}

return sd;

}

SSL_CTX* InitCTX(void)

{

//SSL_METHOD* method;

SSL_CTX* ctx;

//OpenSSL_add_all_algorithms(); /* Load cryptos, et.al. */

SSL_load_error_strings(); /* Bring in and register error messages */

SSL_METHOD const* meth = SSLv23_client_method(); /* Create new client-method instance */

//method = TLSv1_method();

ctx = SSL_CTX_new(meth); /* Create new context */

if (ctx == NULL)

{

ERR_print_errors_fp(stderr);

printf("Eroor: %s\n", stderr);

abort();

}

return ctx;

}

void ShowCerts(SSL* ssl)

{

X509* cert;

char* line1, * line2;

cert = SSL_get_peer_certificate(ssl); /* get the server's certificate */

if (cert != NULL)

{

printf("Server certificates:\n");

line1 = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);

printf("Subject: %s\n", line1);

//free(line); /* free the malloc'ed string */

line2 = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);

printf("Issuer: %s\n", line2);

//free(line); /* free the malloc'ed string */

//X509_free(cert); /* free the malloc'ed certificate copy */

}

else

printf("No certificates.\n");

}

int main(int count, char* strings[])

{

SSL_CTX* ctx;

SOCKET server;

SSL* ssl;

char buf[1024];

int bytes;

char const *hostname, *portnum;

SSL_library_init();

hostname = "127.0.0.1";

portnum = "1030";

ctx = InitCTX();

server = OpenConnection(hostname, atoi(portnum));

ssl = SSL_new(ctx); /* create new SSL connection state */

//SSL_set_fd(ssl, server); /* attach the socket descriptor */

BIO* bio = BIO_new_socket(server, BIO_NOCLOSE);

SSL_set_bio(ssl, bio, bio);

SSL_set_connect_state(ssl);

if (SSL_connect(ssl) == FAIL) /* perform the connection */

{

printf("Eroor: %s\n", stderr);

ERR_print_errors_fp(stderr);

}

else

{

printf("Connected with %s encryption\n", SSL_get_cipher(ssl));

ShowCerts(ssl); /* get any certs */

while (1)

{

char p[100];

printf("please input sned msg: ");

gets(p);

printf("strlen:%d，%s\n", strlen(p), p);

SSL_write(ssl, p, strlen(p)); /* encrypt & send message */

bytes = SSL_read(ssl, buf, sizeof(buf)); /* get reply & decrypt */

if (bytes >= 0)

{

buf[bytes] = '\0';

printf("Received: \"%s\"\n", buf);

}

else

{

SSL_ERROR_WANT_READ;

int error = SSL_get_error(ssl, bytes);

printf("error:%d\n", error);

break;

}

}

SSL_shutdown(ssl);

SSL_free(ssl); /* release connection state */

}

SSL_CTX_free(ctx); /* release context */

getchar();

return 0;

}

服务器端代码

#include

#include

#include

# include

# include

#include "openssl/ssl.h"

#include "openssl/err.h"

#ifdef __cplusplus

extern "C" {

#endif

#include "openssl/applink.c"

#ifdef __cplusplus

}

#endif

#define FAIL -1

#pragma comment(lib, "Ws2_32.lib")

int OpenListener(WORD port)

{

SOCKET m_socket;

WORD wVersionRequested;

WSADATA wsaData;

int err;

/* Use the MAKEWORD(lowbyte, highbyte) macro declared in Windef.h */

wVersionRequested = MAKEWORD(2, 2);

err = WSAStartup(wVersionRequested, &wsaData);

if (err != 0) {

/* Tell the user that we could not find a usable */

/* Winsock DLL. */

printf("WSAStartup failed with error: %d\n", err);

return 1;

}

m_socket = socket(AF_INET, SOCK_STREAM, 0);

if (m_socket == INVALID_SOCKET)

{

printf("Error at socket(): %ld\n", WSAGetLastError());

WSACleanup();

return 0;

}

struct sockaddr_in sain;

//bzero(&addr, sizeof(addr));

sain.sin_family = AF_INET;

sain.sin_port = htons(port);

sain.sin_addr.s_addr = inet_addr("127.0.0.1");

if (bind(m_socket, (struct sockaddr*)&sain, sizeof(struct sockaddr_in)) == SOCKET_ERROR)

{

perror("can't bind port");

//abort();

}

if (listen(m_socket, 10) != 0)

{

perror("Can't configure listening port");

//abort();

}

return m_socket;

}

SSL_CTX* InitServerCTX(void)

{

SSL_CTX* ctx = NULL;

#if OPENSSL_VERSION_NUMBER >= 0x10000000L

const SSL_METHOD* method;

#else

SSL_METHOD* method;

#endif

SSL_library_init();

//OpenSSL_add_all_algorithms(); /* load & register all cryptos, etc. */

SSL_load_error_strings(); /* load all error messages */

//method = SSLv23_method(); /* create new server-method instance */

method = SSLv23_server_method();

ctx = SSL_CTX_new(method); /* create new context from method */

if (ctx == NULL)

{

ERR_print_errors_fp(stderr);

abort();

}

return ctx;

}

void LoadCertificates(SSL_CTX* ctx, char* CertFile, char* KeyFile)

{

//New lines

int ret = SSL_CTX_load_verify_locations(ctx, CertFile, KeyFile);

if (ret != 1)

ERR_print_errors_fp(stderr);

if (SSL_CTX_set_default_verify_paths(ctx) != 1)

ERR_print_errors_fp(stderr);

//End new lines

/* set the local certificate from CertFile */

if (SSL_CTX_use_certificate_file(ctx, CertFile, SSL_FILETYPE_PEM) <= 0)

{

ERR_print_errors_fp(stderr);

//abort();

}

/* set the private key from KeyFile (may be the same as CertFile) */

if (SSL_CTX_use_PrivateKey_file(ctx, KeyFile, SSL_FILETYPE_PEM) <= 0)

{

ERR_print_errors_fp(stderr);

abort();

}

/* verify private key */

if (!SSL_CTX_check_private_key(ctx))

{

fprintf(stderr, "Private key does not match the public certificate\n");

abort();

}

printf("LoadCertificates success\n");

}

void ShowCerts(SSL* ssl)

{

X509* cert;

char* line;

cert = SSL_get_peer_certificate(ssl); /* Get certificates (if available) */

if (cert != NULL)

{

printf("Server certificates:\n");

line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);

printf("Subject: %s\n", line);

free(line);

line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);

printf("Issuer: %s\n", line);

free(line);

X509_free(cert);

}

else

printf("No certificates.\n");

}

void Servlet(SSL* ssl, SOCKET client) /* Serve the connection -- threadable */

{

char buf[1024];

char reply[1024];

int sd, bytes;

const char* HTMLecho = "hello client";

ShowCerts(ssl); /* get any certificates */

int ret = SSL_accept(ssl);

while (1)

{

//bytes = recv(client, buf, sizeof(buf), 0);

bytes = SSL_read(ssl, buf, sizeof(buf));

if (bytes > 0)

{

buf[bytes] = '\0';

printf("Client msg: %s\n", buf);

sprintf(reply, HTMLecho, buf); /* construct reply */

SSL_write(ssl, reply, strlen(reply)); /* send reply */

}

else //其他情况

{

//printf("read byte < 0\n");

}

}

SSL_shutdown(ssl);

SSL_free(ssl);

}

int main(int count, char* strings[])

{

SSL_CTX* ctx;

SOCKET server;

char* portnum;

server = OpenListener(1030); /* create server socket */

SSL_library_init();

portnum = strings[1];

ctx = InitServerCTX(); /* initialize SSL */

LoadCertificates(ctx, (char *)"cert.pem", (char *)"key.pem"); /* load certs */

while (1)

{

struct sockaddr_in addr;

socklen_t len = sizeof(addr);

SSL* ssl;

SOCKET client = accept(server, (struct sockaddr*)&addr, &len); /* accept connection as usual */

socklen_t len1;

struct sockaddr_storage addr1;

//add1.sin_family = AF_INET;

char ipstr[INET6_ADDRSTRLEN];

int port;

len1 = sizeof addr;

int r;

r = getpeername(client, (struct sockaddr*)&addr1, &len1);

// deal with both IPv4 and IPv6:

if (addr1.ss_family == AF_INET)

{

struct sockaddr_in* s = (struct sockaddr_in*)&addr1;

port = ntohs(s->sin_port);

inet_ntop(AF_INET, &s->sin_addr, ipstr, sizeof ipstr);

}

else

{ // AF_INET6

struct sockaddr_in6* s = (struct sockaddr_in6*)&addr1;

port = ntohs(s->sin6_port);

inet_ntop(AF_INET6, &s->sin6_addr, ipstr, sizeof ipstr);

}

printf("Peer IP address: %s,port:%d\n", ipstr,port);

ssl = SSL_new(ctx); /* get new SSL state with context */

//SSL_set_fd(ssl, client); /* set connection socket to SSL state */

BIO* bio = BIO_new_socket(client, BIO_NOCLOSE);

SSL_set_bio(ssl, bio, bio);

Servlet(ssl, client); /* service connection */

}

SSL_CTX_free(ctx); /* release context */

}

总结

可能遇到的问题 1.要确保代码中applink.c文件的存在,否则服务器端代码会提示Unlink的错误 2.服务器端代码要求输入密码，请使用生成秘钥时的密码