|
参考文章:
在windows上安装好的OpenSSL的环境后,我们就可以使用OpenSSL进行开发了。OpenSSL内置的BIO抽象库处理包括文件和套接字在内各种类型的通信。下面将介绍使用BIO抽象库建立套接字的非安全和安全连接。
非安全连接和安全连接的区别:
安全连接要求在连接建立后进行握手。在握手过程中,服务器项客户机发送一个证书,然后,客户机根据一组可信任证书来核实该证书。它还将检查证书,以确保它没有过期。要检验证书是可信任的,需要在连接建立之前提前加载一个可信任证书库。
只有在服务器发出请求时,客户机才会向服务器发送一个证书。该过程叫做客户机认证。使用证书,在客户机和服务器之间传递密码参数,以建立安全连接。尽管握手是在建立连接之后才进行的,但是客户机和服务器可以再任何时刻请求进行一次新的握手。
非安全连接例子:
#include <stdio.h>
#include <stdlib.h> #include "openssl/bio.h"
#include "openssl/ssl.h" #include "openssl/err.h" #pragma comment(lib, "libeay32.lib")
#pragma comment(lib, "ssleay32.lib") int main(int argc, char *argv[])
{ BIO *bio; int x; char *request = "GET / HTTP/1.1\r\nHost: www.baidu.com\r\nConnection: Close\r\n\r\n"; char buf[1024]; /* Initializing OpenSSL */
SSL_load_error_strings(); ERR_load_BIO_strings(); OpenSSL_add_all_algorithms(); /* create and set up connect */
bio = BIO_new_connect("www.baidu.com:80"); if(bio == NULL) { printf("BIO_new_connect opt failue.\n"); return -1; } if(BIO_do_connect(bio) <= 0)
{ printf("connect error.\n"); BIO_free_all(bio); return -1; } /* send request */
BIO_write(bio, request, strlen(request)); /* read the response */ for (;;) { x = BIO_read(bio, buf, strlen(buf)-1); if (x <= 0) break; buf[x] = 0; printf("%s\n", buf); } BIO_free_all(bio);
return 0; } 安全连接例子:
#include <stdio.h>
#include <stdlib.h> #include "openssl/bio.h"
#include "openssl/ssl.h" #include "openssl/err.h" #pragma comment(lib, "libeay32.lib")
#pragma comment(lib, "ssleay32.lib") int main(int argc, char *argv[])
{ SSL *ssl; SSL_CTX *ctx; BIO *bio; int x; char *request = "GET / HTTP/1.1\r\nHost: www.\r\nConnection: Close\r\n\r\n"; char buf[1024]; /* Initializing OpenSSL */
SSL_load_error_strings(); ERR_load_BIO_strings(); OpenSSL_add_all_algorithms(); /* create and set up SSL context */
ctx = SSL_CTX_new(SSLv23_client_method()); /* load trust store */
if(! SSL_CTX_load_verify_locations(ctx, "TrustStore.pem", NULL)) { /* Handle failed load here */ printf("Error loading trust store\n"); SSL_CTX_free(ctx); return -1; } /* create and set up connect */ bio = BIO_new_ssl_connect(ctx); /* set SSL_MODE_AUTO_RETRY flag */
BIO_get_ssl(bio, &ssl); SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); /* Attempt to connect */
BIO_set_conn_hostname(bio, "www.:https"); /* Verify the connection opened and perform the handshake */
if(BIO_do_connect(bio) <= 0) { printf("connect error.\n"); SSL_CTX_free(ctx); BIO_free_all(bio); return -1; } /* check cert */
if(SSL_get_verify_result(ssl) != X509_V_OK) { printf("cert is not match.\n"); SSL_CTX_free(ctx); BIO_free_all(bio); return -1; } /* send request */ BIO_write(bio, request, strlen(request)); /* read the response */ for (;;) { x = BIO_read(bio, buf, strlen(buf)-1); if (x <= 0) break; buf[x] = 0; printf("%s\n", buf); } BIO_free_all(bio);
SSL_CTX_free(ctx); return 0; } |
|
|
