1/* inetdserv.cpp - Minimal ssleay server for Unix inetd.conf 2 * 30.9.1996, Sampo Kellomaki <sampo@iki.fi> 3 * From /etc/inetd.conf: 4 * 1111 stream tcp nowait sampo /usr/users/sampo/demo/inetdserv inetdserv 5 */ 6 7#include <stdio.h> 8#include <errno.h> 9 10#include "rsa.h" /* SSLeay stuff */ 11#include <openssl/crypto.h> 12#include <openssl/x509.h> 13#include <openssl/pem.h> 14#include <openssl/ssl.h> 15#include <openssl/err.h> 16 17#define HOME "/usr/users/sampo/demo/" 18#define CERTF HOME "plain-cert.pem" 19#define KEYF HOME "plain-key.pem" 20 21#define CHK_NULL(x) if ((x)==NULL) exit (1) 22#define CHK_ERR(err,s) if ((err)==-1) \ 23 { fprintf(log, "%s %d\n", (s), errno); exit(1); } 24#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(log); exit(2); } 25 26void main () 27{ 28 int err; 29 SSL_CTX* ctx; 30 SSL* ssl; 31 X509* client_cert; 32 char* str; 33 char buf [4096]; 34 FILE* log; 35 36 log = fopen ("/dev/console", "a"); CHK_NULL(log); 37 fprintf (log, "inetdserv %ld\n", (long)getpid()); 38 39 SSL_load_error_strings(); 40 ctx = SSL_CTX_new (); CHK_NULL(ctx); 41 42 err = SSL_CTX_use_RSAPrivateKey_file (ctx, KEYF, SSL_FILETYPE_PEM); 43 CHK_SSL (err); 44 45 err = SSL_CTX_use_certificate_file (ctx, CERTF, SSL_FILETYPE_PEM); 46 CHK_SSL (err); 47 48 /* inetd has already opened the TCP connection, so we can get right 49 down to business. */ 50 51 ssl = SSL_new (ctx); CHK_NULL(ssl); 52 SSL_set_fd (ssl, fileno(stdin)); 53 err = SSL_accept (ssl); CHK_SSL(err); 54 55 /* Get the cipher - opt */ 56 57 fprintf (log, "SSL connection using %s\n", SSL_get_cipher (ssl)); 58 59 /* Get client's certificate (note: beware of dynamic allocation) - opt */ 60 61 client_cert = SSL_get_peer_certificate (ssl); 62 if (client_cert != NULL) { 63 fprintf (log, "Client certificate:\n"); 64 65 str = X509_NAME_oneline (X509_get_subject_name (client_cert)); 66 CHK_NULL(str); 67 fprintf (log, "\t subject: %s\n", str); 68 OPENSSL_free (str); 69 70 str = X509_NAME_oneline (X509_get_issuer_name (client_cert)); 71 CHK_NULL(str); 72 fprintf (log, "\t issuer: %s\n", str); 73 OPENSSL_free (str); 74 75 /* We could do all sorts of certificate verification stuff here before 76 deallocating the certificate. */ 77 78 X509_free (client_cert); 79 } else 80 fprintf (log, "Client doe not have certificate.\n"); 81 82 /* ------------------------------------------------- */ 83 /* DATA EXCHANGE: Receive message and send reply */ 84 85 err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err); 86 buf[err] = '\0'; 87 fprintf (log, "Got %d chars:'%s'\n", err, buf); 88 89 err = SSL_write (ssl, "Loud and clear.", strlen("Loud and clear.")); 90 CHK_SSL(err); 91 92 /* Clean up. */ 93 94 fclose (log); 95 SSL_free (ssl); 96 SSL_CTX_free (ctx); 97} 98/* EOF - inetdserv.cpp */ 99