openssl指定证书密码建立连接
来源:互联网 发布:电子校音器软件下载 编辑:程序博客网 时间:2024/04/29 07:39
下面是server 和client 的代码。用没跑过,但是用类似的代码跑了。流程是这样的。要注意的是openssl中ssl连接建立前用阻塞的socket,建立后可以设置非阻塞。openssl每个操作后最好检查下是否成功。
/************server*************************/#include <string.h>#include <iostream>#include <winsock2.h>#include <openssl/ssl.h>#include <openssl/x509.h>#include <openssl/rand.h>#include <openssl/err.h> #pragma comment (lib,"WS2_32.lib")#pragma comment( lib, "libeay32.lib" )#pragma comment( lib, "ssleay32.lib" ) char buffer[10001] = {0}; int main(){SSL_library_init(); //初始化SSL库OpenSSL_add_all_algorithms(); //支持所有算法SSL_load_error_strings(); //提供将错误号解析为字符串的功能SSL *ssl = NULL;SSL_CTX *ssl_ctx = NULL;SSL_METHOD *ssl_method = NULL;X509 *client_cert = NULL;//设置客户端使用的SSL版本//ssl_method = SSLv3_server_method();ssl_method = SSLv23_server_method();//创建SSL上下文环境 每个进程只需维护一个SSL_CTX结构体ssl_ctx = SSL_CTX_new(ssl_method); //验证对方SSL_CTX_set_verify(ssl_ctx,SSL_VERIFY_PEER,NULL); //若验证,则放置CA证书SSL_CTX_load_verify_locations(ssl_ctx, "cacert.pem", NULL); //设置pass phraseSSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, "pass phrase");//读取证书文件SSL_CTX_use_certificate_file(ssl_ctx,"*****Cert.pem",SSL_FILETYPE_PEM); //读取密钥文件SSL_CTX_use_PrivateKey_file(ssl_ctx,"*****Key.pem",SSL_FILETYPE_PEM); //验证密钥是否与证书一致SSL_CTX_check_private_key(ssl_ctx); /*构建随机数生成机制,WIN32平台必需*/srand( (unsigned)time( NULL ) );for( int i = 0; i < 100;i++ )seed_int[i] = rand();RAND_seed(seed_int, sizeof(seed_int));//设置加密方式//SSL_CTX_set_cipher_list(ssl_ctx,"RC4-MD5");//建立TCP服务器端、开始监听并接受客户端连接请求 // 初始化 Winsock.WSADATA wsaData;int iResult = WSAStartup( MAKEWORD(2,2), &wsaData );if ( iResult != NO_ERROR ){//失败return -1;}// 建立socketserver = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP );if ( server == INVALID_SOCKET ){//失败WSACleanup();return -2;} // 绑定socketsockaddr_in service;service.sin_family = AF_INET;//service.sin_addr.s_addr = inet_addr("127.0.0.1");service.sin_addr.s_addr = INADDR_ANY;service.sin_port = htons( 8899 ); if ( bind( server, (SOCKADDR*) &service, sizeof(service) ) == SOCKET_ERROR ){//失败closesocket(server);return -3;} // 监听 socketif ( listen( server, 10 ) == SOCKET_ERROR ){//失败return -4;} do{sClient = accept(server,NULL,NULL);Sleep(100);}while(sClient == INVALID_SOCKET); //创建当前连接的SSL结构体ssl = SSL_new(ssl_ctx);//将SSL绑定到套接字上SSL_set_fd(ssl, sClient); //接受SSL链接SSL_accept(ssl); //获取和释放客户端证书client_cert = SSL_get_peer_certificate(ssl);//打印所有加密算法的信息(可选)std::cout<<"SSL connection using"<<SSL_get_cipher(ssl)<<std::endl; X509_free(client_cert); //unsigned long cmd;//if (SOCKET_ERROR == ioctlsocket(sClient, FIONBIO, &cmd))//{//创建套接字时发生错误,非阻塞设置失败//ErrorProcess();//closesocket(sClient);//} while(true){SSL_read(ssl, buffer, 10000);memset(buffer,0,10000);SSL_write(ssl, "hello, world!", sizeof("hello, world!"));Sleep(1000); } //断开SSL链接SSL_shutdown(ssl);//释放当前SSL链接结构体SSL_free(ssl);//断开TCP链接closesocket(sClient);//释放SSL上下文SSL_CTX_free(ssl_ctx); return 0;}
/**************client*********************/#include <iostream>#include <string.h>#include <winsock2.h>#include <openssl/ssl.h>#include <openssl/x509.h>#include <openssl/rand.h>#include <openssl/err.h>#pragma comment (lib,"WS2_32.lib")#pragma comment( lib, "libeay32.lib" )#pragma comment( lib, "ssleay32.lib" ) int main(int argc, _TCHAR* argv[]){ SOCKET client;char buffer[256] = {0};int seed_int[100]; /*存放随机序列*/ SSL *ssl = NULL;SSL_CTX *ssl_ctx = NULL;SSL_METHOD *ssl_method = NULL;X509 *server_cert = NULL; SSL_library_init(); //init librariesOpenSSL_add_all_algorithms(); //支持所有算法SSL_load_error_strings(); //提供将错误号解析为字符串的功能 //设置客户端使用的SSL版本ssl_method = SSLv3_client_method();//创建SSL上下文环境 每个进程只需维护一个SSL_CTX结构体ssl_ctx = SSL_CTX_new(ssl_method);/*构建随机数生成机制,WIN32平台必需*/srand( (unsigned)time( NULL ) );for( int i = 0; i < 100;i++ )seed_int[i] = rand();RAND_seed(seed_int, sizeof(seed_int)); /* Load the RSA CA certificate into the SSL_CTX structure *//* This will allow this client to verify the server's *//* certificate. */SSL_CTX_load_verify_locations(ssl_ctx, "cacert.pem", NULL); /* Set flag in context to require peer (server) certificate verification */SSL_CTX_set_verify(ssl_ctx,SSL_VERIFY_PEER,NULL);SSL_CTX_set_verify_depth(ssl_ctx,1);SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, "pass phrase");//读取证书文件SSL_CTX_use_certificate_file(ssl_ctx,"******Cert.pem",SSL_FILETYPE_PEM);//读取密钥文件SSL_CTX_use_PrivateKey_file(ssl_ctx,"******Key.pem",SSL_FILETYPE_PEM);//验证密钥是否与证书一致SSL_CTX_check_private_key(ssl_ctx); //建立TCP链接// 初始化 Winsock.WSADATA wsaData;int iResult = WSAStartup( MAKEWORD(2,2), &wsaData );if ( iResult != NO_ERROR ){//AfxMessageBox("Error at WSAStartup()!");return;} // 建立socket socket.client = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP );if ( client == INVALID_SOCKET ){//AfxMessageBox("Error at socket!");WSACleanup();return;} // 连接到服务器.sockaddr_in clientService;clientService.sin_family = AF_INET;clientService.sin_addr.s_addr = inet_addr( "127.0.0.1" );clientService.sin_port = htons( 8899 );if ( connect( client, (SOCKADDR*) &clientService, sizeof(clientService) ) == SOCKET_ERROR){//AfxMessageBox( "Failed to connect!" );WSACleanup();return;} //unsigned long cmd;//if (SOCKET_ERROR == ioctlsocket(client, FIONBIO, &cmd))//{////AfxMessageBox( "创建套接字时发生错误,非阻塞设置失败:");//closesocket(client);//}//创建维护当前连接信息的SSL结构体ssl = SSL_new(ssl_ctx);//将SSL绑定到套接字上SSL_set_fd(ssl, client);//建立SSL链接SSL_connect(ssl); //获取服务器端证书server_cert = SSL_get_peer_certificate(ssl); //释放服务器端证书X509_free(server_cert); unsigned long cmd;if (SOCKET_ERROR == ioctlsocket(client, FIONBIO, &cmd)){//AfxMessageBox( "创建套接字时发生错误,非阻塞设置失败:");closesocket(client);}while(true){SSL_write(ssl, "hello, world!", sizeof("hello, world!");SSL_read(ssl, buffer, 255);printf("received: %s\n",buffer);memset(buffer,0,255); Sleep(1000);}//断开SSL链接SSL_shutdown(ssl);//释放当前SSL链接结构体SSL_free(ssl);closesocket(client);//释放上下文SSL_CTX_free(ssl_ctx); return 0;}
0 0
- openssl指定证书密码建立连接
- 转 openssl 建立服务器证书
- openssl 建立连接
- openssl 建立连接
- openssl建立证书和私钥方法
- 通过OPENSSL建立证书以及CSR证书签名过程
- 通过OPENSSL建立证书以及CSR证书签名过程
- OPENSSL https 证书的使用Demo(证书加密码)
- Openssl建立SSL双向认证连接源码
- Openssl建立SSL双向认证连接源码
- Openssl建立SSL双向认证连接源码
- Openssl建立SSL双向认证连接源码
- 用Openssl建立私有CA并颁发证书
- 基于 OpenSSL 的 CA 建立及证书签发
- 基于 OpenSSL 的 CA 建立及证书签发
- openssl建立证书,非常详细配置ssl+apache
- 基于 OpenSSL 的 CA 建立及证书签发
- 用Openssl建立私有CA并颁发证书
- iOS基础 -- UIActivityViewController
- C语言if语句详解
- WebServivce对接过程
- http://eask.eduwo.com//eask/easkquestion_view.htm?tquestionsid=1037081
- UIMenuController
- openssl指定证书密码建立连接
- 香港通信资费真的有说的那么优惠吗?
- 男妇女被称
- Linux驱动常见BUG: scheduling while atomic: swapper/0/0x00000100
- 双色人生
- 线段树维护区间最大值hdu1754
- C/C++语言void及void指针深层探索
- myeclipse使用maven教程
- oracle索引原理(b-tree,bitmap,聚集,非聚集索引)