{"id":798,"date":"2009-12-08T11:52:02","date_gmt":"2009-12-08T11:52:02","guid":{"rendered":"http:\/\/pchero21.com\/?p=798"},"modified":"2009-12-08T11:52:02","modified_gmt":"2009-12-08T11:52:02","slug":"openlssl-ssl-%ed%86%b5%ec%8b%a0-%ec%84%9c%eb%b2%84","status":"publish","type":"post","link":"http:\/\/pchero21.com\/?p=798","title":{"rendered":"OpenlSSL – SSL \ud1b5\uc2e0 \uc11c\ubc84"},"content":{"rendered":"

\/\/      SSL_Server.c
\/\/      
\/\/      Copyright 2009 Kim Sung-tae <pchero21@gmail.com>
\/\/      
\/\/      This program is free software; you can redistribute it and\/or modify
\/\/      it under the terms of the GNU General Public License as published by
\/\/      the Free Software Foundation; either version 2 of the License, or
\/\/      (at your option) any later version.
\/\/      
\/\/      This program is distributed in the hope that it will be useful,
\/\/      but WITHOUT ANY WARRANTY; without even the implied warranty of
\/\/      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
\/\/      GNU General Public License for more details.
\/\/      
\/\/      You should have received a copy of the GNU General Public License
\/\/      along with this program; if not, write to the Free Software
\/\/      Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
\/\/      MA 02110-1301, USA.<\/p>\n

#include <stdio.h>
#include <stdlib.h>
#include <string.h><\/p>\n

#include <openssl\/bio.h>
#include <openssl\/err.h>
#include <openssl\/rand.h>
#include <openssl\/evp.h>
#include <openssl\/crypto.h>
#include <openssl\/ssl.h><\/p>\n

#include <sys\/socket.h>
#include <arpa\/inet.h>
#include <sys\/types.h><\/p>\n

\/\/ \uc11c\ubc84 \ud3ec\ud2b8\uc640 IP \uc8fc\uc18c \uc815\uc758
#define PORT 7921
#define SERVER_ADDRESS “127.0.0.1”<\/p>\n

\/\/ \uc11c\ubc84 \uc778\uc99d\uc11c\uc640 \uac1c\uc778\ud0a4 \ud30c\uc77c \uc815\uc758
#define CERT_FILE    “rootcert.pem”
#define PRIVKEY_FILE    “rootkey.pem”<\/p>\n

\/\/ SSL \ud578\ub4dc\uc250\uc774\ud06c \uba54\uc2dc\uc9c0 \uad50\ud658 \uacfc\uc815\uc744 \uc54c\ub824\uc8fc\ub294 \ucf5c\ubc31\ud568\uc218
void ssl_info_callback(const SSL *s, int where, int ret);<\/p>\n

\/\/ \ud654\uba74\uc5d0 \ud45c\uc2dc\ud558\uae30 \uc704\ud55c \ud30c\uc77c BIO \uc0dd\uc131
BIO *errBIO;<\/p>\n

int main(int argc, char** argv)
{
    unsigned short port = PORT;
    char *serverAddress = SERVER_ADDRESS;
    
    \/\/ \uc11c\ubc84\uc758 \uc18c\ucf13 \ud0c0\uc785\uc740 TCP \uac19\uc740 \uc5f0\uacb0\ud615\uc774\ub2e4.
    int socket_type = SOCK_STREAM;
    struct sockaddr_in server_add, client_add;
    int server_socket, client_socket;
    
    socket_type = SOCK_STREAM;
    
    \/\/ SSL \uad6c\uc870\uccb4 \uc0dd\uc131
    SSL_METHOD *meth;
    SSL_CTX *ctx;
    SSL* ssl;
    
    int retval, client_addlen;
    const char *currentCipher;
    char inbuffer[1000];
    char message[100] = “\uc774\uac83\uc740 \uc11c\ubc84\ub85c\ubd80\ud130\uc758 \uc751\ub2f5 \uba54\uc2dc\uc9c0\uc785\ub2c8\ub2e4.”;
    
    \/\/ \ud654\uba74 \ucd9c\ub825 BIO \uc0dd\uc131
    if((errBIO = BIO_new(BIO_s_file())) != NULL)
        BIO_set_fp(errBIO, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
        
    \/\/ \ubaa8\ub4e0 \uc5d0\ub7ec \uc2a4\ud2b8\ub9c1 \ub85c\ub4dc
    SSL_load_error_strings();
    
    \/\/ \ubaa8\ub4e0 \uc54c\uace0\ub9ac\uc998 \ub85c\ub4dc
    SSLeay_add_ssl_algorithms();
    
    \/\/ SSL \ubc84\uc8043 \ud504\ub85c\ud1a0\ucf5c \uc0ac\uc6a9
    meth = SSLv3_method();
    
    \/\/ SSL \ucee8\ud14d\uc2a4\ud2b8 \uc0dd\uc131
    ctx = SSL_CTX_new(meth);
    if(ctx == NULL) {
        BIO_printf(errBIO, “SSL_CTX \uc0dd\uc131 \uc5d0\ub7ec”);
        ERR_print_errors(errBIO);
        exit(1);
    }
    
    \/\/ SSL \ud578\ub4dc\uc250\uc774\ud06c \uba54\uc2dc\uc9c0\uad50\ud658 \uacfc\uc815\uc744 \uc54c\ub824\uc8fc\ub294 \ucf5c\ubc31\ud568\uc218\ub97c \uc14b\ud305
    SSL_CTX_set_info_callback(ctx, ssl_info_callback);
    
    \/\/ \uc790\uc2e0\uc758 \uc778\uc99d\uc11c\ub97c \ud30c\uc77c\uc5d0\uc11c \ub85c\ub529\ud55c\ub2e4.
    if(SSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM) <= 0) {
        ERR_print_errors(errBIO);
        exit(1);
    }
    
    \/\/ \uc790\uc2e0\uc758 \uac1c\uc778\ud0a4\ub97c \ud30c\uc77c\uc5d0\uc11c \ub85c\ub529\ud55c\ub2e4.
    if(SSL_CTX_use_PrivateKey_file(ctx, PRIVKEY_FILE, SSL_FILETYPE_PEM) <= 0) {
        ERR_print_errors(errBIO);
        exit(1);
    }
    
    \/\/ \uc77d\uc740 \uc778\uc99d\uc11c\uc640 \uac1c\uc778\ud0a4\uac00 \ub9de\ub294\uc9c0 \ud655\uc778\ud55c\ub2e4.
    if(!SSL_CTX_check_private_key(ctx)) {
        BIO_printf(errBIO, “\uc778\uc99d\uc11c\uc640 \uac1c\uc778\ud0a4\uac00 \ub9de\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4.n”);
        ERR_print_errors(errBIO);
        exit(1);
    }
    
    \/\/ sockaddr_in \uad6c\uc870\uccb4\uc758 \uc8fc\uc18c\uccb4\uacc4\ub97c \uc778\ud130\ub137 \uc8fc\uc18c\uccb4\uacc4\ub85c \ud55c\ub2e4.
    server_add.sin_family = AF_INET;
    
    \/\/ \uc11c\ubc84\uc758 \uc8fc\uc18c\ub97c \uc778\ud130\ub137 32\ube44\ud2b8 \uc8fc\uc18c\ub85c \ubcc0\ud658\ud558\uc5ec sockaddr_in \uc5d0 \ub123\ub294\ub2e4.
    server_add.sin_addr.s_addr = inet_addr(serverAddress);
    
    \/\/ \ub124\ud2b8\uc6cc\ud06c \ud615\uc2dd\uc73c\ub85c \ud3ec\ud2b8\ubc88\ud638\ub97c \ubcc0\ud658\ud558\uc5ec sockaddr_in\uc5d0 \ub123\ub294\ub2e4.
    server_add.sin_port = htons(port);
    
    \/\/ \uc11c\ubc84\uc758 \uc18c\ucf13\uc744 \uc0dd\uc131\ud55c\ub2e4.
    server_socket = socket(AF_INET, socket_type, 0);    \/\/ TCP socket
    if(server_socket == -1) {
        fprintf(stderr, “\uc18c\ucf13 \uc0dd\uc131 \uc5d0\ub7ec n”);
        exit(1);
    }
    
    \/\/ bind\ub97c \uc2e4\ud589\ud558\uc5ec \uc11c\ubc84 \uc18c\ucf13\uacfc \uc11c\ubc84 \uc8fc\uc18c\ub97c \uc5f0\uacb0\ud55c\ub2e4.
    retval = bind(server_socket, (struct sockaddr*)&server_add, sizeof(server_add));
    if(retval == -1) {
        fprintf(stderr, “bind \uc5d0\ub7ec!n”);
        exit(1);
    }
    
    \/\/ listen \ud568\uc218\ub97c \uc2e4\ud589\ud558\uc5ec \ud074\ub77c\uc774\uc5b8\ud2b8\uac00 \uc811\uc18d\ud560 \uc218 \uc788\ub294 \ucd5c\ub300 \ubc84\ud37c\uc218\ub97c 5\ub85c \uc815\ud55c\ub2e4
    retval = listen(server_socket, 5);
    if(retval == -1) {
        fprintf(stderr, “listen \uc5d0\ub7ec!n”);
        exit(1);
    }
    
    printf(“\uc8fc\uc18c %s, \ud3ec\ud2b8 %d \uc5d0\uc11c \ud074\ub77c\uc774\uc5b8\ud2b8\uc758 \uc5f0\uacb0 \uae30\ub2e4\ub9bc…n”, serverAddress, port);
    
    
    client_addlen = sizeof(client_add);
    
    \/\/ accept \ud568\uc218\ub97c \uc2e4\ud589 \ud558\uc5ec \ud074\ub77c\uc774\uc5b8\ud2b8\ub85c\ubd80\ud130\uc758 \uc811\uc18d\uc744 \uae30\ub2e4\ub9b0\ub2e4.
    client_socket = accept(server_socket, (struct sockaddr*)&client_add, &client_addlen);
    if(client_socket == -1) {
        fprintf(stderr, “accept \uc5d0\ub7ec!n”);
        exit(1);
    }
    
    \/\/ \ud074\ub77c\uc774\uc5b8\ud2b8\ub85c\ubd80\ud130\uc758 \uc811\uc18d, \uc5f0\uacb0
    printf(“\ud074\ub77c\uc774\uc5b8\ud2b8 \uc5f0\uacb0, \uc8fc\uc18c: %s, \ud3ec\ud2b8 %dn”, inet_ntoa(client_add.sin_addr), htons(client_add.sin_port));
    
    \/\/ SSL \uad6c\uc870\uccb4 \uc0dd\uc131
    ssl = SSL_new(ctx);
    if(ssl == NULL) {
        BIO_printf(errBIO, “SSL \uc0dd\uc131 \uc5d0\ub7ec”);
        ERR_print_errors(errBIO);
        exit(1);
    }
    
    \/\/ \uc5f0\uacb0\ub41c \uc18c\ucf13\uacfc SSL\uacfc\uc758 \uc5f0\uacb0
    SSL_set_fd(ssl, client_socket);
    
    \/\/ \uac00\uc7a5 \uc911\uc694\ud55c \ud568\uc218, \ud074\ub77c\uc774\uc5b8\ud2b8\uc640\uc758 \ucd08\uae30 \ud611\uc0c1\uacfc\uc815, \uc989 \ud578\ub4dc\uc250\uc774\ud06c \uacfc\uc815\uc744 \uc218\ud589
    retval = SSL_accept(ssl);
    if(retval == -1) {
        BIO_printf(errBIO, “SSL accept \uc5d0\ub7ec”);
        ERR_print_errors(errBIO);
        exit(1);
    }
    
    \/\/ \ud604\uc7ac \ud074\ub77c\uc774\uc5b8\ud2b8\uc640 \uc815\uc758\ub41c \uc554\ud638\ud654 \ud30c\ub77c\uba54\ud130\uc815\ubcf4\ub97c \uc5bb\uc74c
    currentCipher = SSL_CIPHER_get_name(SSL_get_current_cipher(ssl));
    printf(“SSL \uc5f0\uacb0, \uc0ac\uc6a9 \uc54c\uace0\ub9ac\uc998 \ud30c\ub77c\uba54\ud130 : [%s]n”, currentCipher);<\/p>\n

 
    \/\/ \ud074\ub77c\uc774\uc5b8\ud2b8\ub85c\ubd80\ud130 SSL \ud1b5\uc2e0\uc744 \ud1b5\ud574 \uba54\uc2dc\uc9c0 \ubc1b\uc74c
    retval = SSL_read(ssl, inbuffer, sizeof(inbuffer) – 1);
    if(retval == -1) {
        BIO_printf(errBIO, “SSL read \uc5d0\ub7ec”);
        ERR_print_errors(errBIO);
        exit(1);
    }
    
    \/\/ \ubc1b\uc740 \ub370\uc774\ud130\ub97c \ud654\uba74\uc5d0 \ud45c\uc2dc
    inbuffer[retval] = ‘\u0000’;
    printf(“\ud074\ub77c\uc774\uc5b8\ud2b8\ub85c\ubd80\ud130 \ub370\uc774\ud130 \uc804\uc1a1: [%s], \uae38\uc774:[%d]n”, inbuffer, retval);<\/p>\n

    \/\/ \ud074\ub77c\uc774\uc5b8\ud2b8\uc5d0\uac8c SSL \ud1b5\uc2e0\uc744 \ud1b5\ud574 \uba54\uc2dc\uc9c0 \ubcf4\ub0c4
    retval = SSL_write(ssl, message, strlen(message));
    if(retval == -1) {
        BIO_printf(errBIO, “SSL write \uc5d0\ub7ec!n”);
        ERR_print_errors(errBIO);
        exit(1);
    }
    
    \/\/ \uc5f0\uacb0 \ud574\uc81c \ubc0f \uac1d\uccb4 \uc81c\uac70
    printf(“\uc5f0\uacb0 \ud574\uc81cn”);
    close(client_socket);
    SSL_free(ssl);
    SSL_CTX_free(ctx);
    
    sleep(20000);<\/p>\n

    
    return 0;
}<\/p>\n

\/\/ SSL \ud578\ub4dc\uc250\uc774\ud06c \uba54\uc2dc\uc9c0 \uad50\ud658 \uacfc\uc815\uc744 \uc54c\ub824\uc8fc\ub294 \ucf5c\ubc31\ud568\uc218
void ssl_info_callback(const SSL *s, int where, int ret)
{
    char *writeString;
    int w;
    
    \/\/ \ud604\uc7ac \uc5b4\ub5a4 \uba54\uc2dc\uc9c0 \uad50\ud658 \uacfc\uc815\uc778\uc9c0\ub97c \ub098\ud0c0\ub0c4
    w = where & ~SSL_ST_MASK;
    
    \/\/ \ud074\ub77c\uc774\uc5b8\ud2b8\uac00 \uc5f0\uacb0 \ud588\uc744 \ub54c
    if(w & SSL_ST_CONNECT)
        writeString = “SSL_connect”;
    \/\/ \uc11c\ubc84\uac00 \uc5f0\uacb0\uc744 \ubc1b\uc558\uc744 \ub54c
    else if (w & SSL_ST_ACCEPT)
        writeString = “SSL_accept”;
    \/\/ \uc54c \uc218 \uc5c6\ub294 \uacbd\uc6b0
    else
        writeString = “undefined”;
    
    \/\/ \uc77c\ubc18\uc801\uc778 \ud578\ub4dc\uc250\uc774\ud06c \ud504\ub85c\ud1a0\ucf5c \uba54\uc2dc\uc9c0\uc77c \uacbd\uc6b0
    if(where & SSL_CB_LOOP) {
        \/\/ SSL_state_string_long(s) \ud568\uc218\ub85c\ubd80\ud130 \ud604\uc7ac \uc9c4\ud589\ub418\ub294 \uba54\uc2dc\uc9c0\uac00 \ubb34\uc5c7\uc778\uc9c0 \ud45c\uc2dc
        BIO_printf(errBIO, “%s:%sn”, writeString, SSL_state_string_long(s));
    }
    \/\/ alert \ud504\ub85c\ud1a0\ucf5c\uc77c \uacbd\uc6b0
    else if(where & SSL_CB_ALERT) {
        writeString = (where & SSL_CB_READ)? “read”:”write”;
        BIO_printf(errBIO, “SSL3 alert %s:%s:%sn”, writeString, SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret));
    }
    else if(where & SSL_CB_EXIT) {
        \/\/ \uc885\ub8cc \uacfc\uc815\uc77c \uacbd\uc6b0
        if(ret == 0)
            BIO_printf(errBIO, “%s:failed in %sn”, writeString, SSL_state_string_long(s));
        else if(ret < 0)
            BIO_printf(errBIO, “%s:error in %sn”, writeString, SSL_state_string_long(s));
    }
}<\/p>\n

XUI3H1XICP.pem<\/a>XQCYwl3nVb.pem<\/a>XGXvAcHioM.c<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

\/\/      SSL_Server.c\/\/      \/\/      Copyright 2009 Kim Sung-tae <pchero21@gmail.com>\/\/      \/\/      This program is free software; you can redistribute it and\/or modify\/\/      it under the terms of the GNU General … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[53],"tags":[297,364],"_links":{"self":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/posts\/798"}],"collection":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=798"}],"version-history":[{"count":0,"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/posts\/798\/revisions"}],"wp:attachment":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=798"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=798"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=798"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}