1 /* inetdserv.cpp - Minimal ssleay server for Unix inetd.conf
2 * 30.9.1996, Sampo Kellomaki <sampo@iki.fi>
3 * From /etc/inetd.conf:
4 * 1111 stream tcp nowait sampo /usr/users/sampo/demo/inetdserv inetdserv
10 #include "rsa.h" /* SSLeay stuff */
11 #include <openssl/crypto.h>
12 #include <openssl/x509.h>
13 #include <openssl/pem.h>
14 #include <openssl/ssl.h>
15 #include <openssl/err.h>
17 #define HOME "/usr/users/sampo/demo/"
18 #define CERTF HOME "plain-cert.pem"
19 #define KEYF HOME "plain-key.pem"
21 #define CHK_NULL(x) if ((x)==NULL) exit (1)
22 #define CHK_ERR(err,s) if ((err)==-1) \
23 { fprintf(log, "%s %d\n", (s), errno); exit(1); }
24 #define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(log); exit(2); }
36 log
= fopen ("/dev/console", "a"); CHK_NULL(log
);
37 fprintf (log
, "inetdserv %ld\n", (long)getpid());
39 SSL_load_error_strings();
40 ctx
= SSL_CTX_new (); CHK_NULL(ctx
);
42 err
= SSL_CTX_use_RSAPrivateKey_file (ctx
, KEYF
, SSL_FILETYPE_PEM
);
45 err
= SSL_CTX_use_certificate_file (ctx
, CERTF
, SSL_FILETYPE_PEM
);
48 /* inetd has already opened the TCP connection, so we can get right
51 ssl
= SSL_new (ctx
); CHK_NULL(ssl
);
52 SSL_set_fd (ssl
, fileno(stdin
));
53 err
= SSL_accept (ssl
); CHK_SSL(err
);
55 /* Get the cipher - opt */
57 fprintf (log
, "SSL connection using %s\n", SSL_get_cipher (ssl
));
59 /* Get client's certificate (note: beware of dynamic allocation) - opt */
61 client_cert
= SSL_get_peer_certificate (ssl
);
62 if (client_cert
!= NULL
) {
63 fprintf (log
, "Client certificate:\n");
65 str
= X509_NAME_oneline (X509_get_subject_name (client_cert
));
67 fprintf (log
, "\t subject: %s\n", str
);
70 str
= X509_NAME_oneline (X509_get_issuer_name (client_cert
));
72 fprintf (log
, "\t issuer: %s\n", str
);
75 /* We could do all sorts of certificate verification stuff here before
76 deallocating the certificate. */
78 X509_free (client_cert
);
80 fprintf (log
, "Client doe not have certificate.\n");
82 /* ------------------------------------------------- */
83 /* DATA EXCHANGE: Receive message and send reply */
85 err
= SSL_read (ssl
, buf
, sizeof(buf
) - 1); CHK_SSL(err
);
87 fprintf (log
, "Got %d chars:'%s'\n", err
, buf
);
89 err
= SSL_write (ssl
, "Loud and clear.", strlen("Loud and clear."));
98 /* EOF - inetdserv.cpp */