- 论坛徽章:
- 0
|
10可用积分
大家看看
if(!(SSL_CTX_use_certificate_chain_file(ctx, CERTF))){
ERR_print_errors_fp(stderr);
exit(-2);
}
这个地方就返回失败了,下面是代码;附件是全部工程代码
int main ()
{
int err;
int sd;
struct sockaddr_in sa;
SSL_CTX* ctx;
SSL* ssl;
X509* server_cert;
char* str;
SSL_METHOD *meth;
int seed_int[100]; /*存放随机序列*/
WSADATA wsaData;
if(WSAStartup(MAKEWORD(2,2),&wsaData) != 0){
printf("WSAStartup()fail:%d\n",GetLastError());
return -1;
}
OpenSSL_add_ssl_algorithms(); /*初始化*/
SSL_library_init();
SSL_load_error_strings(); /*为打印调试信息作准备*/
meth=SSLv23_method();
ctx = SSL_CTX_new (meth);
CHK_NULL(ctx);
SSL_CTX_set_default_passwd_cb_userdata(ctx, "password");
if(!(SSL_CTX_use_certificate_chain_file(ctx, CERTF))){
ERR_print_errors_fp(stderr);
exit(-2);
}
if(!(SSL_CTX_use_PrivateKey_file(ctx, CERTF,SSL_FILETYPE_PEM))){
ERR_print_errors_fp(stderr);
exit(-3);
}
/* Load the CAs we trust*/
if(!(SSL_CTX_load_verify_locations(ctx, CACERT,0))){
printf("Load CA failed!\n");
exit(-4);
}
/*构建随机数生成机制,WIN32平台必需*/
srand( (unsigned)time( NULL ) );
for( int i = 0; i < 100;i++ )
seed_int[i] = rand();
RAND_seed(seed_int, sizeof(seed_int));
/*以下是正常的TCP socket建立过程 .............................. */
printf("Begin tcp socket...\n");
sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(sd, "socket");
memset (&sa, '\0', sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = inet_addr (SERVER_ADDR); /* Server IP */
sa.sin_port = htons (PORT); /* Server Port number */
err = connect(sd, (struct sockaddr*) &sa,
sizeof(sa));
CHK_ERR(err, "connect");
/* TCP 链接已建立.开始 SSL 握手过程.......................... */
printf("Begin SSL negotiation \n");
ssl = SSL_new (ctx);
CHK_NULL(ssl);
SSL_set_fd (ssl, sd);
err = SSL_connect (ssl);
CHK_SSL(err);
/*打印所有加密算法的信息(可选)*/
printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
/*得到服务端的证书并打印些信息(可选) */
server_cert = SSL_get_peer_certificate (ssl);
CHK_NULL(server_cert);
printf ("Server certificate:\n");
str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0);
CHK_NULL(str);
printf ("\t subject: %s\n", str);
free (str);
str = X509_NAME_oneline (X509_get_issuer_name (server_cert),0,0);
CHK_NULL(str);
printf ("\t issuer: %s\n", str);
free (str);
X509_free (server_cert); /*如不再需要,需将证书释放 */
/* 数据交换开始,用SSL_write,SSL_read代替write,read */
printf( |
全部工程代码
testssl.rar
(3.7 MB, 下载次数: 134)
|
最佳答案
查看完整内容
如果你需要做身份验证,就需要一堆证书,看看openssl的工具怎么生成证书吧。如果只是用ssl通信,则不需要加载证书。[ 本帖最后由 albeta 于 2009-10-14 12:15 编辑 ]
|