📚

【C 言語】OpenSSL を使って TLS 対応の HTTP/1 サーバーをつくる

2024/06/30に公開

OpenSSL 公式 Wiki のコードをそのまま使わせてもらう。レスポンスのメッセージを HTTP/1 に書き換える

zig run server.c -lc -lssl -lcrypto

証明書と秘密鍵は mkcert で生成した

mkcert localhost
server.c
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <signal.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <openssl/ssl.h>
#include <openssl/err.h>

// https://wiki.openssl.org/index.php/Simple_TLS_Server
// https://en.wikipedia.org/wiki/HTTP_message_body

int create_socket(int port);
SSL_CTX *create_context();
void configure_context(SSL_CTX *ctx);

int main(int argc, char **argv)
{
    int sock;
    SSL_CTX *ctx;
    const char reply[] = "HTTP/1.1 200 OK\r\n"
                         "Content-Type: text/plain; charset=utf-8\r\n"
                         "Content-Length: 7\r\n"
                         "Connection: close\r\n"
                         "\r\n"
                         "Hello\r\n";

    int port = 8080;

    /* Ignore broken pipe signals */
    signal(SIGPIPE, SIG_IGN);

    ctx = create_context();

    configure_context(ctx);

    sock = create_socket(port);

    printf("serving https://localhost:%d\n", port);

    /* Handle connections */
    while(1) {
        struct sockaddr_in addr;
        unsigned int len = sizeof(addr);
        SSL *ssl;

        int client = accept(sock, (struct sockaddr*)&addr, &len);
        if (client < 0) {
            perror("Unable to accept");
            exit(EXIT_FAILURE);
        }

        ssl = SSL_new(ctx);
        SSL_set_fd(ssl, client);

        if (SSL_accept(ssl) <= 0) {
            ERR_print_errors_fp(stderr);
        } else {
            SSL_write(ssl, reply, strlen(reply));
        }

        SSL_shutdown(ssl);
        SSL_free(ssl);
        close(client);
    }

    close(sock);
    SSL_CTX_free(ctx);
}

int create_socket(int port)
{
    int s;
    struct sockaddr_in addr;

    addr.sin_family = AF_INET;
    addr.sin_port = htons(port);
    addr.sin_addr.s_addr = htonl(INADDR_ANY);

    s = socket(AF_INET, SOCK_STREAM, 0);
    if (s < 0) {
        perror("Unable to create socket");
        exit(EXIT_FAILURE);
    }

    if (bind(s, (struct sockaddr*)&addr, sizeof(addr)) < 0) {
        perror("Unable to bind");
        exit(EXIT_FAILURE);
    }

    if (listen(s, 1) < 0) {
        perror("Unable to listen");
        exit(EXIT_FAILURE);
    }

    return s;
}

SSL_CTX *create_context()
{
    const SSL_METHOD *method;
    SSL_CTX *ctx;

    method = TLS_server_method();

    ctx = SSL_CTX_new(method);
    if (!ctx) {
        perror("Unable to create SSL context");
        ERR_print_errors_fp(stderr);
        exit(EXIT_FAILURE);
    }

    return ctx;
}

void configure_context(SSL_CTX *ctx)
{
    const unsigned char protos[] = {
     8, 'h', 't', 't', 'p', '/', '1', '.', '1'
    };
    unsigned int protos_lengh = sizeof(protos);
    SSL_CTX_set_alpn_protos(ctx, protos, protos_lengh);

    /* Set the key and cert */
    if (SSL_CTX_use_certificate_file(ctx, "localhost.pem", SSL_FILETYPE_PEM) <= 0) {
        ERR_print_errors_fp(stderr);
        exit(EXIT_FAILURE);
    }

    if (SSL_CTX_use_PrivateKey_file(ctx, "localhost-key.pem", SSL_FILETYPE_PEM) <= 0 ) {
        ERR_print_errors_fp(stderr);
        exit(EXIT_FAILURE);
    }
}

Discussion