openssl3.2 - 官方dmeo学习 - server-arg.c
概述
TLS服务器, 等客户端来连接; 如果客户端断开了, 通过释放bio来释放客户端socket, 然后继续通过bio读来aceept.
笔记
对于开源工程, 不可能有作者那么熟悉, 变量命名需要改下有利于理解逻辑.
VS2019带的变量改名功能挺好的.
过了一遍的程序:
/*!
\file server-arg.c
\brief TLS服务器, 等客户端来连接; 如果客户端断开了, 通过释放bio来释放客户端socket, 然后继续通过bio读来aceept.
*/
/*
* Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* A minimal program to serve an SSL connection. It uses blocking. It use the
* SSL_CONF API with the command line. cc -I../../include server-arg.c
* -L../.. -lssl -lcrypto -ldl
*/
#include <stdio.h>
#include <string.h>
#include <signal.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include "my_openSSL_lib.h"
int main(int argc, char *argv[])
{
char *psz_port = "*:4433";
BIO *bio_ssl, *bio_tmp;
SSL_CTX *ctx_ssl;
SSL_CONF_CTX *ctx_ssl_cfg;
char buf[512];
BIO *bio_in = NULL;
int ret = EXIT_FAILURE, i;
char **args = argv + 1;
int nargs = argc - 1;
ctx_ssl = SSL_CTX_new(TLS_server_method());
ctx_ssl_cfg = SSL_CONF_CTX_new();
SSL_CONF_CTX_set_flags(ctx_ssl_cfg, SSL_CONF_FLAG_SERVER);
SSL_CONF_CTX_set_flags(ctx_ssl_cfg, SSL_CONF_FLAG_CERTIFICATE);
SSL_CONF_CTX_set_ssl_ctx(ctx_ssl_cfg, ctx_ssl);
while (*args && **args == '-') {
int rv;
/* Parse standard arguments */
rv = SSL_CONF_cmd_argv(ctx_ssl_cfg, &nargs, &args);
if (rv == -3) {
fprintf(stderr, "Missing argument for %s\n", *args);
goto err;
}
if (rv < 0) {
fprintf(stderr, "Error in command %s\n", *args);
ERR_print_errors_fp(stderr);
goto err;
}
/* If rv > 0 we processed something so proceed to next arg */
if (rv > 0)
continue;
/* Otherwise application specific argument processing */
if (strcmp(*args, "-port") == 0) {
psz_port = args[1];
if (psz_port == NULL) {
fprintf(stderr, "Missing -port argument\n");
goto err;
}
args += 2;
nargs -= 2;
continue;
} else {
fprintf(stderr, "Unknown argument %s\n", *args);
goto err;
}
}
if (!SSL_CONF_CTX_finish(ctx_ssl_cfg)) {
fprintf(stderr, "Finish error\n");
ERR_print_errors_fp(stderr);
goto err;
}
#ifdef ITERATE_CERTS
/*
* Demo of how to iterate over all certificates in an SSL_CTX structure.
*/
{
X509 *x;
int rv;
rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_FIRST);
while (rv) {
X509 *x = SSL_CTX_get0_certificate(ctx);
X509_NAME_print_ex_fp(stdout, X509_get_subject_name(x), 0,
XN_FLAG_ONELINE);
printf("\n");
rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_NEXT);
}
fflush(stdout);
}
#endif
/* Setup server side SSL bio */
bio_ssl = BIO_new_ssl(ctx_ssl, 0);
if ((bio_in = BIO_new_accept(psz_port)) == NULL)
goto err;
/*
* This means that when a new connection is accepted on 'in', The ssl_bio
* will be 'duplicated' and have the new socket BIO push into it.
* Basically it means the SSL BIO will be automatically setup
*/
BIO_set_accept_bios(bio_in, bio_ssl);
again:
/*
* The first call will setup the accept socket, and the second will get a
* socket. In this loop, the first actual accept will occur in the
* BIO_read() function.
*/
if (BIO_do_accept(bio_in) <= 0)
goto err;
for (;;) {
i = BIO_read(bio_in, buf, 512); /*! 阻塞的读客户端连上服务器发来的信息, 如果此时没有客户端连接, 阻塞在这里 */
if (i == 0) {
/*
* If we have finished, remove the underlying BIO stack so the
* next time we call any function for this BIO, it will attempt
* to do an accept
*/
printf("Done\n");
bio_tmp = BIO_pop(bio_in);
BIO_free_all(bio_tmp);
goto again;
}
if (i < 0)
goto err;
fwrite(buf, 1, i, stdout);
fflush(stdout);
}
ret = EXIT_SUCCESS;
err:
if (ret != EXIT_SUCCESS)
ERR_print_errors_fp(stderr);
BIO_free(bio_in);
return ret;
}
备注
如果只是为了将库用起来, 库实现, 我们不用去看.
在官方给的demo中, 哪个API不知道啥意思, 去本地帮助中去查, 或者去网上去查. 知道意思就行. 防止逻辑理解不正确.
