- 论坛徽章:
- 0
|
要访问https服务器,现在把加载的XML文件直接写入了socket缓冲区.没有用到http协议(而且以前也没有用过),不知道改如何改动能实现http的post请求方式. 这是老大给的一个任务,已经超期了,哪位大大能够帮帮忙,不胜感激!
int main(int argc, char* argv[])
{
int err;
int sd;
struct sockaddr_in sa;
SSL_CTX* ctx;
SSL* ssl;
X509* server_cert;
char* str;
char buff [4096];
SSL_METHOD *meth;
int seed_int[100]; /*存放随机序列*/
WSADATA wsaData;
if(WSAStartup(MAKEWORD(2,2),&wsaData) != 0){
printf("WSAStartup()fail:%d\n",GetLastError());
return -1;
}
OpenSSL_add_ssl_algorithms(); /*初始化*/
SSL_load_error_strings(); /*为打印调试信息作准备*/
meth = SSLv23_client_method(); /*指定通讯协议(SSLv2/SSLv3/TLSv1)*/
ctx = SSL_CTX_new(meth); /*申请一个会话环境:一个SSL上下文结构*/
CHK_NULL(ctx);
SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL); /*验证与否*/
SSL_CTX_load_verify_locations(ctx,"F:\\CaTestCert.pem",NULL); /*加载受信任的ca证书库,用于检查服务器证书合法性*/
//双向认证需要指定客户端证书和客户端私钥
err = SSL_CTX_use_certificate_file(ctx,"F:\\paTestCert.pem",SSL_FILETYPE_PEM);
if ( err <= 0)/*指定client证书*/
{
ERR_print_errors_fp(stderr);
exit(-2);
}
err = SSL_CTX_use_PrivateKey_file(ctx, "F:\\paTestKey.pem", SSL_FILETYPE_PEM);
if ( err <= 0) /*指定client私钥*/
{
ERR_print_errors_fp(stderr);
exit(-3);
}
if (!SSL_CTX_check_private_key(ctx))/*检查证书和私钥是否匹配*/
{
printf("Private key does not match the certificate public key\n");
exit(-4);
}
/*构建随机数生成机制,WIN32平台必需*/
srand( (unsigned)time( NULL ) );
for( int i = 0; i < 100;i++ )
seed_int = rand();
RAND_seed(seed_int, sizeof(seed_int));
/*以下是正常的TCP socket建立过程 .............................. */
printf("Begin tcp socket...\n");
sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(sd, "socket");
memset (&sa, '\0', sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = inet_addr (SERVER_ADDR); /* Server IP */
sa.sin_port = htons (PORT); /* Server Port number */
err = connect(sd, (struct sockaddr*)&sa, sizeof(sa));
CHK_ERR(err, "connect");
/* TCP 链接已建立.开始 SSL 握手过程.......................... */
printf("Begin SSL negotiation \n");
ssl = SSL_new (ctx); /*申请一个SSL 套节字*/
CHK_NULL(ssl);
SSL_set_fd (ssl, sd); /*绑定读写套接字*/
err = SSL_connect (ssl); /*握手*/
CHK_SSL(err);
/*打印所有加密算法的信息(可选)*/
printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
/*提取出服务器的证书(此时证书得到且已经验证过了),整理成X509结构*/
server_cert = SSL_get_peer_certificate (ssl);
CHK_NULL(server_cert);
printf ("Server certificate:\n");
/*X509_NAME_oneline:将得到的对象变成字符型,以便于打印*/
/*X509_get_subject_name:得到证书所有者的名字*/
str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0);
CHK_NULL(str);
printf ("\t subject: %s\n", str);
free(str);
/*X509_get_issuer_name:得到证书签署者(往往是CA)的名字*/
str = X509_NAME_oneline(X509_get_issuer_name(server_cert),0,0);
CHK_NULL(str);
printf ("\t issuer: %s\n", str);
free(str);
/*将服务器证书释放 */
X509_free (server_cert); /*如不再需要,需将证书释放 */
/* 数据交换开始,用SSL_write,SSL_read代替write,read */
printf("Begin SSL data exchange\n");
/*加载xml begin*/
#if 1
CoInitialize(NULL);
{
_di_IXMLDocument XMLDoc;
XMLDoc = LoadXMLDocument(L"F:\\work\\https\\code document\\xml\\EKA1.xml");
_di_IXMLNode root = XMLDoc->DocumentElement;
XMLDoc->Active=true;
AnsiString xmlstr;
XMLDoc->SaveToXML(xmlstr);
strcpy(buff,xmlstr.c_str());
}
CoUninitialize();
#endif
//-----------------------------------------------------end
err = SSL_write(ssl, buff, strlen(buff));
printf("send \n%d, char:\n%s\n", err, buff);
CHK_SSL(err);
err = SSL_read(ssl, buff, sizeof(buff) - 1);
CHK_SSL(err);
buff[err] = '\0';
printf("resv \n%d, chars:\n%s\n", err, buff);
/* 收尾工作 */
SSL_shutdown (ssl); /* 关闭SSL套接字 */
shutdown (sd,2); /*关闭套接字*/
SSL_free (ssl); /*释放SSL套接字*/
SSL_CTX_free (ctx); /*释放SSL环境*/
return 0;
}
[ 本帖最后由 fxy0921 于 2008-5-15 14:01 编辑 ] |
|