1: /* inetdserv.cpp  -  Minimal ssleay server for Unix inetd.conf
    2:  * 30.9.1996, Sampo Kellomaki <sampo@iki.fi>
    3:  * From /etc/inetd.conf:
    4:  *     1111 stream tcp nowait sampo /usr/users/sampo/demo/inetdserv inetdserv
    5:  */
    6: 
    7: #include <stdio.h>
    8: #include <errno.h>
    9: 
   10: #include "rsa.h"       /* SSLeay stuff */
   11: #include <openssl/crypto.h>
   12: #include <openssl/x509.h>
   13: #include <openssl/pem.h>
   14: #include <openssl/ssl.h>
   15: #include <openssl/err.h>
   16: 
   17: #define HOME "/usr/users/sampo/demo/"
   18: #define CERTF HOME "plain-cert.pem"
   19: #define KEYF  HOME "plain-key.pem"
   20: 
   21: #define CHK_NULL(x) if ((x)==NULL) exit (1)
   22: #define CHK_ERR(err,s) if ((err)==-1) \
   23:                          { fprintf(log, "%s %d\n", (s), errno); exit(1); }
   24: #define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(log); exit(2); }
   25: 
   26: void main ()
   27: {
   28:   int err;
   29:   SSL_CTX* ctx;
   30:   SSL*     ssl;
   31:   X509*    client_cert;
   32:   char*    str;
   33:   char     buf [4096];
   34:   FILE* log;
   35:   
   36:   log = fopen ("/dev/console", "a");                     CHK_NULL(log);
   37:   fprintf (log, "inetdserv %ld\n", (long)getpid());
   38:   
   39:   SSL_load_error_strings();
   40:   ctx = SSL_CTX_new (); CHK_NULL(ctx);
   41:   
   42:   err = SSL_CTX_use_RSAPrivateKey_file (ctx, KEYF,  SSL_FILETYPE_PEM);
   43:   CHK_SSL (err);
   44:   
   45:   err = SSL_CTX_use_certificate_file   (ctx, CERTF, SSL_FILETYPE_PEM);
   46:   CHK_SSL (err);
   47: 
   48:   /* inetd has already opened the TCP connection, so we can get right
   49:      down to business. */
   50:   
   51:   ssl = SSL_new (ctx);  CHK_NULL(ssl);
   52:   SSL_set_fd (ssl,  fileno(stdin));
   53:   err = SSL_accept (ssl);                                CHK_SSL(err);
   54:   
   55:   /* Get the cipher - opt */
   56:   
   57:   fprintf (log, "SSL connection using %s\n", SSL_get_cipher (ssl));
   58:   
   59:   /* Get client's certificate (note: beware of dynamic allocation) - opt */
   60: 
   61:   client_cert = SSL_get_peer_certificate (ssl);
   62:   if (client_cert != NULL) {
   63:     fprintf (log, "Client certificate:\n");
   64:     
   65:     str = X509_NAME_oneline (X509_get_subject_name (client_cert));
   66:     CHK_NULL(str);
   67:     fprintf (log, "\t subject: %s\n", str);
   68:     OPENSSL_free (str);
   69:     
   70:     str = X509_NAME_oneline (X509_get_issuer_name  (client_cert));
   71:     CHK_NULL(str);
   72:     fprintf (log, "\t issuer: %s\n", str);
   73:     OPENSSL_free (str);
   74:     
   75:     /* We could do all sorts of certificate verification stuff here before
   76:        deallocating the certificate. */
   77:     
   78:     X509_free (client_cert);
   79:   } else
   80:     fprintf (log, "Client doe not have certificate.\n");
   81: 
   82:   /* ------------------------------------------------- */
   83:   /* DATA EXCHANGE: Receive message and send reply  */
   84:   
   85:   err = SSL_read (ssl, buf, sizeof(buf) - 1);  CHK_SSL(err);
   86:   buf[err] = '\0';
   87:   fprintf (log, "Got %d chars:'%s'\n", err, buf);
   88:   
   89:   err = SSL_write (ssl, "Loud and clear.", strlen("Loud and clear."));
   90:   CHK_SSL(err);
   91: 
   92:   /* Clean up. */
   93: 
   94:   fclose (log);
   95:   SSL_free (ssl);
   96:   SSL_CTX_free (ctx);
   97: }
   98: /* EOF - inetdserv.cpp */