vashqlf/webserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first version of ssl/tls c webserver with disfunctional tls handshake

Browse Source
This commit is contained in:
benjilegeek
2026-02-22 01:47:13 +01:00
parent f47dc33f3c
commit 9fef588af0
2 changed files with 158 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
src/http_serv.c Normal file
View File

@@ -0,0 +1,88 @@
#include <arpa/inet.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/prov_ssl.h>
#include <openssl/ssl.h>
#include <stdio.h>
#include <string.h>
#include <sys/socket.h>
#include <unistd.h>
#define PORT 8080
#define BUFFER_SIZE 1024
int main(void) {
// http server
char buffer[BUFFER_SIZE];
char resp[] = "HTTP/1.0 200 OK\r\n"
"Server: webserver-c\r\n"
"Content-type: text/html\r\n\r\n"
"<html>hello, world</html>\r\n";
// create socket
int sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd == -1){
perror("webserver (socket)");
return 1;
}
printf("socket created succesfully\n");
// bind to port and address
struct sockaddr_in host_addr;
socklen_t host_addr_len = sizeof(host_addr);
host_addr.sin_family = AF_INET;
host_addr.sin_port = htons(PORT);
host_addr.sin_addr.s_addr = htonl(INADDR_ANY);
if(bind(sockfd, (struct sockaddr*)&host_addr, host_addr_len) != 0){
perror("webserver (bind)");
return 1;
}
printf("socket succesfully bound to address\n");
// create client address
struct sockaddr_in client_addr;
int client_addr_len = sizeof(host_addr);
// accept connections
while (1) {
int newsockfd = accept(sockfd, (struct sockaddr*) &host_addr, (socklen_t *) &host_addr_len);
if (newsockfd < 0){
perror("webserver (accept)");
return 1;
}
printf("connection accepted\n");
// get client addr
int sockn = getsockname(newsockfd, (struct sockaddr*) &client_addr, (socklen_t *) &client_addr_len);
if (sockn < 0){
perror("webserver (getsockname)");
return 1;
}
// read from socket
ssize_t valread = read(newsockfd, buffer, BUFFER_SIZE);
if (valread < 0){
perror("webserver (read)");
}
// read the request
char method[BUFFER_SIZE], uri[BUFFER_SIZE], version[BUFFER_SIZE];
sscanf(buffer, "%s %s %s", method, uri, version);
printf("[%s:%u] %s %s %s\n", inet_ntoa(client_addr.sin_addr), ntohs(client_addr.sin_port), method, version, uri);
// write to the socket
ssize_t valwrite = write(newsockfd, resp, strlen(resp));
if (valwrite < 0){
perror("webserver (write)");
}
close(newsockfd);
}
return 0;
}

149
src/main.c
View File

@@ -1,57 +1,40 @@
#include <arpa/inet.h> #include <arpa/inet.h>
#include <err.h>
#include <netinet/in.h> #include <netinet/in.h>
#include <netinet/tcp.h> #include <netinet/tcp.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/prov_ssl.h> #include <openssl/prov_ssl.h>
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <stdlib.h>
#include <sys/socket.h> #include <sys/socket.h>
#include <unistd.h> #include <unistd.h>
#define PORT 8080 #define PORT 8080
#define HOSTPORT "*:4040"
#define BUFFER_SIZE 1024 #define BUFFER_SIZE 1024
#define CHAIN_FILE "/home/vashqlf/Code/C/webserver/assets/cert.pem"
#define KEY_FILE "/home/vashqlf/Code/C/webserver/assets/key.pem"
int main(void) { int main(void) {
// http server char buf[BUFFER_SIZE];
char buffer[BUFFER_SIZE]; size_t nread;
char resp[] = "HTTP/1.0 200 OK\r\n" size_t nwritten;
"Server: webserver-c\r\n" size_t total = 0;
"Content-type: text/html\r\n\r\n"
"<html>hello, world</html>\r\n";
// create socket
int sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd == -1){
perror("webserver (socket)");
return 1;
}
printf("socket created succesfully\n");
// bind to port and address
struct sockaddr_in host_addr;
socklen_t host_addr_len = sizeof(host_addr);
host_addr.sin_family = AF_INET;
host_addr.sin_port = htons(PORT);
host_addr.sin_addr.s_addr = htonl(INADDR_ANY);
if(bind(sockfd, (struct sockaddr*)&host_addr, host_addr_len) != 0){
perror("webserver (bind)");
return 1;
}
printf("socket succesfully bound to address\n");
// TLS/SSL BLOCK
// create SSL_CTX config object // create SSL_CTX config object
SSL_CTX* ctx = SSL_CTX_new(TLS_server_method()); SSL_CTX* ctx = SSL_CTX_new(TLS_server_method());
if (ctx == NULL) { if (ctx == NULL) {
perror("webserver (SSL_CTX)"); ERR_print_errors_fp(stderr);
return 1; errx(EXIT_FAILURE, "Failed to create server SSL_CTX");
} }
// restrict allowed TLS version so 1.2 or above // restrict allowed TLS version so 1.2 or above
if (!SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION)) { if (!SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION)) {
SSL_CTX_free(ctx); SSL_CTX_free(ctx);
perror("webserver (TLS_VERSION)") ; ERR_print_errors_fp(stderr);
errx(EXIT_FAILURE, "Failed to set minimum TLS version.");
} }
// configure option flags // configure option flags
@@ -61,17 +44,17 @@ int main(void) {
SSL_CTX_set_options(ctx, opts); SSL_CTX_set_options(ctx, opts);
// load certificate // load certificate
if (SSL_CTX_use_certificate_chain_file(ctx, "../assets/cert.pem") <= 0) { if (SSL_CTX_use_certificate_chain_file(ctx, CHAIN_FILE) <= 0) {
SSL_CTX_free(ctx); SSL_CTX_free(ctx);
perror("webserver (SSL_CERT)"); ERR_print_errors_fp(stderr);
return 1; errx(EXIT_FAILURE, "Failed to load the server certificate chain file.");
} }
// load private key // load private key
if (SSL_CTX_use_PrivateKey_file(ctx, "../assets/key.pem", SSL_FILETYPE_PEM) <= 0) { if (SSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM) <= 0) {
SSL_CTX_free(ctx); SSL_CTX_free(ctx);
perror("webserver (SSL_KEY)"); ERR_print_errors_fp(stderr);
return 1; errx(EXIT_FAILURE, "Failed to load the server private key file.");
} }
// TODO enable session caching // TODO enable session caching
@@ -79,56 +62,64 @@ int main(void) {
// no need to verify client by cert // no need to verify client by cert
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
// create listener socket wrapped in a BIO
BIO* acceptor_bio = BIO_new_accept(HOSTPORT);
// listen on socket if (acceptor_bio == NULL) {
if(listen(sockfd, SOMAXCONN) != 0){ SSL_CTX_free(ctx);
perror("webserver (listen)"); ERR_print_errors_fp(stderr);
return 1; errx(EXIT_FAILURE, "Failed to create the acceptor bio.");
} }
printf("socket listening on port %d\n", PORT);
// create client address // first call to do accept makes the socket listening
struct sockaddr_in client_addr; BIO_set_bind_mode(acceptor_bio, BIO_BIND_REUSEADDR);
int client_addr_len = sizeof(host_addr); if (BIO_do_accept(acceptor_bio) <= 0){
SSL_CTX_free(ctx);
ERR_print_errors_fp(stderr);
errx(EXIT_FAILURE, "Failed setting up acceptor socket.");
}
// accept connections // accept connections
while (1) { while (1) {
int newsockfd = accept(sockfd, (struct sockaddr*) &host_addr, (socklen_t *) &host_addr_len); ERR_clear_error();
if (newsockfd < 0){ // wait for next client to connect
perror("webserver (accept)"); if (BIO_do_accept(acceptor_bio) <= 0) {
return 1; continue;
}
printf("connection accepted\n");
// get client addr
int sockn = getsockname(newsockfd, (struct sockaddr*) &client_addr, (socklen_t *) &client_addr_len);
if (sockn < 0){
perror("webserver (getsockname)");
return 1;
} }
// read from socket BIO* client_bio = BIO_pop(acceptor_bio);
ssize_t valread = read(newsockfd, buffer, BUFFER_SIZE); fprintf(stderr, "New client connection accepted\n");
if (valread < 0){
perror("webserver (read)"); // associate a new SSL handle with the new connection
SSL* ssl;
if ((ssl = SSL_new(ctx)) == NULL){
ERR_print_errors_fp(stderr);
warnx("Error creating SSL handle for new connection");
BIO_free(client_bio);
continue;
}
SSL_set_bio(ssl, client_bio, client_bio);
// attempt SSL handshake
if (SSL_accept(ssl) <= 0) {
ERR_print_errors_fp(stderr);
warnx("Error performing SSL handshake with client");
SSL_free(ssl);
continue;
} }
// read the request // echoe client input back to client
char method[BUFFER_SIZE], uri[BUFFER_SIZE], version[BUFFER_SIZE]; while (SSL_read_ex(ssl, buf, sizeof(buf), &nread) > 0){
sscanf(buffer, "%s %s %s", method, uri, version); if (SSL_write_ex(ssl, buf, nread, &nwritten) > 0 && nwritten == nread){
total += nwritten;
printf("[%s:%u] %s %s %s\n", inet_ntoa(client_addr.sin_addr), ntohs(client_addr.sin_port), method, version, uri); continue;
}
// write to the socket warnx("Error echoing client input");
ssize_t valwrite = write(newsockfd, resp, strlen(resp)); break;
if (valwrite < 0){ }
perror("webserver (write)"); fprintf(stderr, "Client connection closed, %zu bytes sent\n", total);
SSL_free(ssl);
} }
close(newsockfd); SSL_CTX_free(ctx);
} return EXIT_SUCCESS;
return 0;
} }