[BEZ] cviceni 5,6

Odpovědět
Uživatelský avatar
Destroyer
VCKLAN TEAM
Příspěvky: 812
Registrován: čtv 13. srp 2009 13:50:15
Bydliště: Praha 12
Kontaktovat uživatele:

cviceni 5,6

Příspěvek od Destroyer » pon 04. kvě 2015 4:46:31

openssl s_client -showcerts -connect http://www.fit.cvut.cz:443
openssl x509 -in cert.pem -purpose

Kód: Vybrat vše

/**
 * \file ukol5-6-certifikaty.cpp
 * Code for downloading a page and a certificate.
 * \author Miroslav Vlach <vlachmir@fit.cvut.cz> */
// source: http://www.nickoh.com/emacs_files/ssl-examples/ExampleSSLClient.c.txt , https://edux.fit.cvut.cz/courses/BI-PA2/_media/net_2015.tgz
// compile: g++ -std=c++11 -Wall -pedantic ukol5-6-certifikaty.cpp -lcrypto -lssl
// dependency: libssl-dev
#include <cstdio>
#include <cstring>
#include <cctype>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <unistd.h>
#include <openssl/ssl.h>
using namespace std;


void ciphersList (SSL * ssl)
{
  int index = 0;
  const char *next = NULL;
  printf("Listing all available ciphers:\n");
  do {
    next = SSL_get_cipher_list(ssl,index);
    if (next != NULL) {
      printf("%s\n",next);
      index++;
    }
  }
  while (next != NULL);
}

int prepareCliSocket ( const char * listenAddr, int port )
 {
   struct addrinfo * ai, hints;
   char portTx[20];
 
  hints.ai_family = AF_UNSPEC;
  hints.ai_socktype = SOCK_STREAM;
  hints.ai_flags = 0;       
 
   snprintf ( portTx, sizeof ( portTx ), "%d", port );
   if ( getaddrinfo ( listenAddr, portTx, &hints, &ai ) != 0 )
   {
    return -1;
   }
 
   int sock = socket ( ai -> ai_family, SOCK_STREAM, 0 );
   if ( sock == -1 )
    {
      freeaddrinfo ( ai );
      return -1;
    }
 
   if ( connect ( sock, ai -> ai_addr, ai -> ai_addrlen ) != 0 )
    {
      close ( sock );
      freeaddrinfo ( ai );
      return -1;
    }
   freeaddrinfo ( ai );
   return sock;
 }
 
int main ( int argc, char * argv [] )
 {
  SSL*     ssl;
  X509*    server_cert;
  const SSL_CIPHER * cipher;
  const char * ciphername;
  char buffer[4096];
  FILE * cert, *page;
  cert = fopen("cert.pem","wb");
  page = fopen("stranka.html","wb");
 
  SSL_library_init();
  SSL_CTX* ctx = SSL_CTX_new (SSLv23_method());
  SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);

   
  int cliSock = prepareCliSocket ( "www.fit.cvut.cz", 443 );
   if ( cliSock == -1 )
    {
      printf ( "error - cli socket\n" );
      return 1;
    }
  ssl = SSL_new (ctx);
  SSL_set_fd(ssl, cliSock);
  SSL_set_cipher_list(ssl, "ALL:!ECDHE-RSA-AES256-GCM-SHA384:!ECDHE-RSA-AES128-GCM-SHA256"); // 6
  SSL_connect(ssl);
  const char * header = "GET /student/odkazy HTTP/1.1\r\nConnection: close\r\nHost: fit.cvut.cz\r\n\r\n";
  SSL_write(ssl,header,strlen(header));
  int l;
  while (1)
  {
  l = SSL_read(ssl,buffer,sizeof(buffer));
  if (l <= 0 ) break;
  fwrite(buffer, sizeof(char), l, page);
  }
  printf("Soubor stranka.html vytvoren.\n");
 
  server_cert = SSL_get_peer_certificate(ssl);
  PEM_write_X509(cert,server_cert);
  printf("Soubor cert.pem vytvoren.\n");
  //PEM_write_X509(stdout,server_cert);
  X509_print_fp ( stdout, server_cert );

cipher = SSL_get_current_cipher(ssl); // 6
ciphername = SSL_CIPHER_get_name(cipher); // 6
printf("\n\nJmeno sifry: %s\n\n",ciphername); // 6

   ciphersList(ssl); // 6
   
   close ( cliSock );
   fclose( cert );
   fclose( page );
   
   return 0;
 }
You're pro or you're a noob. That's life

Odpovědět