📚
【C 言語】OpenSSL を使って TLS 対応の HTTP/1 サーバーをつくる
OpenSSL 公式 Wiki のコードをそのまま使わせてもらう。レスポンスのメッセージを HTTP/1 に書き換える
zig run server.c -lc -lssl -lcrypto
証明書と秘密鍵は mkcert で生成した
mkcert localhost
server.c
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <signal.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
// https://wiki.openssl.org/index.php/Simple_TLS_Server
// https://en.wikipedia.org/wiki/HTTP_message_body
int create_socket(int port);
SSL_CTX *create_context();
void configure_context(SSL_CTX *ctx);
int main(int argc, char **argv)
{
int sock;
SSL_CTX *ctx;
const char reply[] = "HTTP/1.1 200 OK\r\n"
"Content-Type: text/plain; charset=utf-8\r\n"
"Content-Length: 7\r\n"
"Connection: close\r\n"
"\r\n"
"Hello\r\n";
int port = 8080;
/* Ignore broken pipe signals */
signal(SIGPIPE, SIG_IGN);
ctx = create_context();
configure_context(ctx);
sock = create_socket(port);
printf("serving https://localhost:%d\n", port);
/* Handle connections */
while(1) {
struct sockaddr_in addr;
unsigned int len = sizeof(addr);
SSL *ssl;
int client = accept(sock, (struct sockaddr*)&addr, &len);
if (client < 0) {
perror("Unable to accept");
exit(EXIT_FAILURE);
}
ssl = SSL_new(ctx);
SSL_set_fd(ssl, client);
if (SSL_accept(ssl) <= 0) {
ERR_print_errors_fp(stderr);
} else {
SSL_write(ssl, reply, strlen(reply));
}
SSL_shutdown(ssl);
SSL_free(ssl);
close(client);
}
close(sock);
SSL_CTX_free(ctx);
}
int create_socket(int port)
{
int s;
struct sockaddr_in addr;
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = htonl(INADDR_ANY);
s = socket(AF_INET, SOCK_STREAM, 0);
if (s < 0) {
perror("Unable to create socket");
exit(EXIT_FAILURE);
}
if (bind(s, (struct sockaddr*)&addr, sizeof(addr)) < 0) {
perror("Unable to bind");
exit(EXIT_FAILURE);
}
if (listen(s, 1) < 0) {
perror("Unable to listen");
exit(EXIT_FAILURE);
}
return s;
}
SSL_CTX *create_context()
{
const SSL_METHOD *method;
SSL_CTX *ctx;
method = TLS_server_method();
ctx = SSL_CTX_new(method);
if (!ctx) {
perror("Unable to create SSL context");
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}
return ctx;
}
void configure_context(SSL_CTX *ctx)
{
const unsigned char protos[] = {
8, 'h', 't', 't', 'p', '/', '1', '.', '1'
};
unsigned int protos_lengh = sizeof(protos);
SSL_CTX_set_alpn_protos(ctx, protos, protos_lengh);
/* Set the key and cert */
if (SSL_CTX_use_certificate_file(ctx, "localhost.pem", SSL_FILETYPE_PEM) <= 0) {
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}
if (SSL_CTX_use_PrivateKey_file(ctx, "localhost-key.pem", SSL_FILETYPE_PEM) <= 0 ) {
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}
}
Discussion