龙湖镇华南城网站建设,手表网站十大品牌,百度地图开发平台,注册网站需要多少双向认证#xff1a;
1.服务器回验证客户端上报的证书
2.客户端回验证服务器的证书
而证书一般分为#xff1a;1.受信任的根证书#xff0c;2不受信任的根证书。
但是由于各种限制不想在libcurl中增加openssl#xff0c;那么使用默认的winssl也可以完成以上两种证书的双…双向认证
1.服务器回验证客户端上报的证书
2.客户端回验证服务器的证书
而证书一般分为1.受信任的根证书2不受信任的根证书。
但是由于各种限制不想在libcurl中增加openssl那么使用默认的winssl也可以完成以上两种证书的双向认证以下是亲测代码
static int http_write(char* data, size_t size, size_t nmemb, std::string* writerData)
{unsigned long sizes size * nmemb;if (writerData NULL)return-1;writerData-append(data, sizes);return sizes;
}int main_curl(void)
{CURL* curl;CURLcode res CURLE_OK;const char* pPassphrase NULL; //password for private keystatic const char* pCACertFile C:\\ca.crt; //CA root certificatstatic const char* pCertFile C:\\client.p12; //client certificatestatic const char* pKeyName C:\\client.key; // private.keystatic const char* pHeaderFile dumpit;const char* pKeyType;const char* pEngine;pKeyType PEM;pEngine NULL;std::string sRes;char* url https://xxx.com;curl curl_easy_init();if (curl) {curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);/* what call to write: */curl_easy_setopt(curl, CURLOPT_URL, url);do { /* dummy loop, just to break out from */if (pEngine) {/* use crypto engine */if (curl_easy_setopt(curl, CURLOPT_SSLENGINE, pEngine) ! CURLE_OK) {/* load the crypto engine */fprintf(stderr, cant set crypto engine\n);break;}if (curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT, 1L) ! CURLE_OK) {/* set the crypto engine as default *//* only needed for the first time you load* a engine in a curl object... */fprintf(stderr, cant set crypto engine as default\n);break;}}//winssl 必须是P12证书类型不能设置其参数openssl下可以设置//curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, PEM);/* 客户端证书 */curl_easy_setopt(curl, CURLOPT_SSLCERT, pCertFile);/* 设置客户端证书的key和类型*/curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, PEM);curl_easy_setopt(curl, CURLOPT_SSLKEY, pKeyName); /* 验证服务器需要的根证书 */curl_easy_setopt(curl, CURLOPT_CAINFO, pCACertFile); /* 自签名证书不要验证对端 */curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L);curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, http_write);curl_easy_setopt(curl, CURLOPT_WRITEDATA, sRes);/* Perform the request, res will get the return code */res curl_easy_perform(curl);/* Check for errors */if (res ! CURLE_OK)fprintf(stderr, curl_easy_perform() failed: %s\n,curl_easy_strerror(res));} while (0);/* always cleanup */curl_easy_cleanup(curl);}std::coutRESPONSE HTML: sRes;return (res CURLE_OK);
}
以上的代码如果根证书是受信任的设置
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);自签证书设置
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);即可完成winssl的双向认证
