本文主要是介绍libcurl使用默认编译的winssl进行https的双向认证,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
双向认证:
1.服务器回验证客户端上报的证书
2.客户端回验证服务器的证书
而证书一般分为:1.受信任的根证书,2不受信任的根证书。
但是由于各种限制不想在libcurl中增加openssl,那么使用默认的winssl也可以完成以上两种证书的双向认证,以下是亲测代码:
static int http_write(char* data, size_t size, size_t nmemb, std::string* writerData)
{unsigned long sizes = size * nmemb;if (writerData == NULL)return-1;writerData->append(data, sizes);return sizes;
}int main_curl(void)
{CURL* curl;CURLcode res = CURLE_OK;const char* pPassphrase = NULL; //password for private keystatic const char* pCACertFile = "C:\\ca.crt"; //CA root certificatstatic const char* pCertFile = "C:\\client.p12"; //client certificatestatic const char* pKeyName = "C:\\client.key"; // private.keystatic const char* pHeaderFile = "dumpit";const char* pKeyType;const char* pEngine;pKeyType = "PEM";pEngine = NULL;std::string sRes;char* url = "https://xxx.com";curl = curl_easy_init();if (curl) {curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);/* what call to write: */curl_easy_setopt(curl, CURLOPT_URL, url);do { /* dummy loop, just to break out from */if (pEngine) {/* use crypto engine */if (curl_easy_setopt(curl, CURLOPT_SSLENGINE, pEngine) != CURLE_OK) {/* load the crypto engine */fprintf(stderr, "can't set crypto engine\n");break;}if (curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT, 1L) != CURLE_OK) {/* set the crypto engine as default *//* only needed for the first time you load* a engine in a curl object... */fprintf(stderr, "can't set crypto engine as default\n");break;}}//winssl 必须是P12证书类型,不能设置其参数,openssl下可以设置//curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");/* 客户端证书 */curl_easy_setopt(curl, CURLOPT_SSLCERT, pCertFile);/* 设置客户端证书的key和类型*/curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM");curl_easy_setopt(curl, CURLOPT_SSLKEY, pKeyName); /* 验证服务器需要的根证书 */curl_easy_setopt(curl, CURLOPT_CAINFO, pCACertFile); /* 自签名证书不要验证对端 */curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L);curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, http_write);curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sRes);/* Perform the request, res will get the return code */res = curl_easy_perform(curl);/* Check for errors */if (res != CURLE_OK)fprintf(stderr, "curl_easy_perform() failed: %s\n",curl_easy_strerror(res));} while (0);/* always cleanup */curl_easy_cleanup(curl);}std::cout<<"RESPONSE HTML:" << sRes;return (res == CURLE_OK);
}
以上的代码如果根证书是受信任的,设置
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
自签证书设置:
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
即可完成winssl的双向认证;
这篇关于libcurl使用默认编译的winssl进行https的双向认证的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!