-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcpp-using-openssl-get-server-certificate.html
More file actions
302 lines (223 loc) · 20.5 KB
/
cpp-using-openssl-get-server-certificate.html
File metadata and controls
302 lines (223 loc) · 20.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
<!DOCTYPE html>
<html>
<head>
<!-- [[! Document Settings ]] -->
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<!-- [[! Page Meta ]] -->
<title>在Windows上C++使用OpenSSL库自动获取服务器证书</title>
<meta name="description" content="与机器,人,神共舞 - 编程,读书,思考,旅行,与机器对话,与人交谈,对神发问,探索,体验人生美丽的风景" />
<meta name="HandheldFriendly" content="True" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="shortcut icon" href="/assets/images/favicon.ico" >
<!-- [[! Styles'n'Scripts ]] -->
<link rel="stylesheet" type="text/css" href="/assets/css/screen.css" />
<link rel="stylesheet" type="text/css"
href="//fonts.googleapis.com/css?family=Merriweather:300,700,700italic,300italic|Open+Sans:700,400" />
<link rel="stylesheet" type="text/css" href="/assets/css/syntax.css" />
<!-- [[! Ghost outputs important style and meta data with this tag ]] -->
<link rel="canonical" href="/" />
<meta name="referrer" content="origin" />
<link rel="next" href="/page2/" />
<meta property="og:site_name" content="与机器,人,神共舞" />
<meta property="og:type" content="website" />
<meta property="og:title" content="与机器,人,神共舞" />
<meta property="og:description" content="编程,读书,思考,旅行,与机器对话,与人交谈,对神发问,探索,体验人生美丽的风景" />
<meta property="og:url" content="/" />
<meta property="og:image" content="/assets/images/cover1.jpg" />
<meta name="twitter:card" content="summary_large_image" />
<meta name="twitter:title" content="与机器,人,神共舞" />
<meta name="twitter:description" content="编程,读书,思考,旅行,与机器对话,与人交谈,对神发问,探索,体验人生美丽的风景" />
<meta name="twitter:url" content="/" />
<meta name="twitter:image:src" content="/assets/images/cover1.jpg" />
<script type="application/ld+json">
{
"@context": "http://schema.org",
"@type": "Website",
"publisher": "Tao's Page",
"url": "/",
"image": "/assets/images/cover1.jpg",
"description": "编程,读书,思考,旅行,与机器对话,与人交谈,对神发问,探索,体验人生美丽的风景"
}
</script>
<meta name="generator" content="Jekyll 3.0.0" />
<link rel="alternate" type="application/rss+xml" title="与机器,人,神共舞" href="/rss.xml" />
</head>
<body class="home-template nav-closed">
<div class="nav">
<h3 class="nav-title">Menu</h3>
<a href="#" class="nav-close">
<span class="hidden">Close</span>
</a>
<ul>
<li class="nav-home " role="presentation"><a href="/">Home</a></li>
<li class="nav-about " role="presentation"><a href="/about.html">About</a></li>
<li class="nav-fables " role="presentation"><a href="/tag/machine/">Machine</a></li>
<li class="nav-speeches " role="presentation"><a href="/tag/human/">Human</a></li>
<li class="nav-fiction " role="presentation"><a href="/tag/god/">God</a></li>
<li class="nav-author " role="presentation"><a href="/author/hetao/">Author</a></li>
</ul>
<a class="subscribe-button icon-feed" href="/vocab.html">Apps</a>
</div>
<span class="nav-cover"></span>
<div class="site-wrapper">
<!-- [[! Everything else gets inserted here ]] -->
<!-- default -->
<!-- The comment above "< default" means - insert everything in this file into -->
<!-- the [body] of the default.hbs template, which contains our header/footer. -->
<!-- Everything inside the #post tags pulls data from the post -->
<!-- #post -->
<header class="main-header post-head no-cover">
<nav class="main-nav clearfix">
</nav>
</header>
<main class="content" role="main">
<article class="post tag-machine">
<header class="post-header">
<h1 class="post-title">在Windows上C++使用OpenSSL库自动获取服务器证书</h1>
<section class="post-meta">
<!-- <a href='/'>Tao He</a> -->
<time class="post-date" datetime="2012-09-24">24 Sep 2012</time>
<!-- [[tags prefix=" on "]] -->
on
<a href='/tag/machine'>Machine</a>
</section>
</header>
<section class="post-content">
<p>在网络通信中,安全性是一个至关重要的考虑因素。为了确保通信的机密性和完整性,许多服务器使用SSL/TLS协议来加密数据传输。OpenSSL 是一个流行的开源工具库,它提供了强大的功能来实现这些加密通信。在Windows上使用C++和OpenSSL库自动获取服务器证书,是一个常见的需求。本文将介绍如何在Windows上使用OpenSSL库来自动获取服务器证书。</p>
<h4 id="环境准备">环境准备</h4>
<p>首先,确保您的开发环境中已经安装了以下软件:</p>
<ol>
<li><strong>Visual Studio</strong>:一个强大的C++集成开发环境。</li>
<li><strong>OpenSSL库</strong>:可以从<a href="https://www.openssl.org/">OpenSSL官网</a>下载并安装适用于Windows的版本。</li>
</ol>
<h4 id="编写c代码">编写C++代码</h4>
<p>接下来,我们编写C++代码,使用OpenSSL库来连接服务器并获取其证书。以下是一个示例代码,展示了如何使用OpenSSL库自动获取服务器证书。</p>
<div class="language-cpp highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="cp">#include <iostream>
#include <openssl/ssl.h>
#include <openssl/bio.h>
#include <openssl/err.h>
</span>
<span class="kt">void</span> <span class="nf">initializeOpenSSL</span><span class="p">()</span> <span class="p">{</span>
<span class="n">SSL_load_error_strings</span><span class="p">();</span>
<span class="n">OpenSSL_add_ssl_algorithms</span><span class="p">();</span>
<span class="p">}</span>
<span class="kt">void</span> <span class="nf">cleanupOpenSSL</span><span class="p">()</span> <span class="p">{</span>
<span class="n">EVP_cleanup</span><span class="p">();</span>
<span class="p">}</span>
<span class="n">SSL_CTX</span><span class="o">*</span> <span class="nf">createSSLContext</span><span class="p">()</span> <span class="p">{</span>
<span class="k">const</span> <span class="n">SSL_METHOD</span><span class="o">*</span> <span class="n">method</span> <span class="o">=</span> <span class="n">SSLv23_client_method</span><span class="p">();</span>
<span class="n">SSL_CTX</span><span class="o">*</span> <span class="n">ctx</span> <span class="o">=</span> <span class="n">SSL_CTX_new</span><span class="p">(</span><span class="n">method</span><span class="p">);</span>
<span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="n">ctx</span><span class="p">)</span> <span class="p">{</span>
<span class="n">std</span><span class="o">::</span><span class="n">cerr</span> <span class="o"><<</span> <span class="s">"Unable to create SSL context"</span> <span class="o"><<</span> <span class="n">std</span><span class="o">::</span><span class="n">endl</span><span class="p">;</span>
<span class="n">ERR_print_errors_fp</span><span class="p">(</span><span class="n">stderr</span><span class="p">);</span>
<span class="n">exit</span><span class="p">(</span><span class="n">EXIT_FAILURE</span><span class="p">);</span>
<span class="p">}</span>
<span class="k">return</span> <span class="n">ctx</span><span class="p">;</span>
<span class="p">}</span>
<span class="kt">void</span> <span class="nf">getServerCertificate</span><span class="p">(</span><span class="k">const</span> <span class="kt">char</span><span class="o">*</span> <span class="n">hostname</span><span class="p">,</span> <span class="k">const</span> <span class="kt">char</span><span class="o">*</span> <span class="n">port</span><span class="p">)</span> <span class="p">{</span>
<span class="n">SSL_CTX</span><span class="o">*</span> <span class="n">ctx</span> <span class="o">=</span> <span class="n">createSSLContext</span><span class="p">();</span>
<span class="n">SSL</span><span class="o">*</span> <span class="n">ssl</span><span class="p">;</span>
<span class="n">BIO</span><span class="o">*</span> <span class="n">bio</span><span class="p">;</span>
<span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">host</span> <span class="o">=</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span><span class="p">(</span><span class="n">hostname</span><span class="p">)</span> <span class="o">+</span> <span class="s">":"</span> <span class="o">+</span> <span class="n">port</span><span class="p">;</span>
<span class="n">bio</span> <span class="o">=</span> <span class="n">BIO_new_ssl_connect</span><span class="p">(</span><span class="n">ctx</span><span class="p">);</span>
<span class="k">if</span> <span class="p">(</span><span class="n">BIO_set_conn_hostname</span><span class="p">(</span><span class="n">bio</span><span class="p">,</span> <span class="n">host</span><span class="p">.</span><span class="n">c_str</span><span class="p">())</span> <span class="o"><=</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span>
<span class="n">std</span><span class="o">::</span><span class="n">cerr</span> <span class="o"><<</span> <span class="s">"Error setting up connection to "</span> <span class="o"><<</span> <span class="n">host</span> <span class="o"><<</span> <span class="n">std</span><span class="o">::</span><span class="n">endl</span><span class="p">;</span>
<span class="n">ERR_print_errors_fp</span><span class="p">(</span><span class="n">stderr</span><span class="p">);</span>
<span class="k">return</span><span class="p">;</span>
<span class="p">}</span>
<span class="n">BIO_get_ssl</span><span class="p">(</span><span class="n">bio</span><span class="p">,</span> <span class="o">&</span><span class="n">ssl</span><span class="p">);</span>
<span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="n">ssl</span><span class="p">)</span> <span class="p">{</span>
<span class="n">std</span><span class="o">::</span><span class="n">cerr</span> <span class="o"><<</span> <span class="s">"Unable to locate SSL pointer"</span> <span class="o"><<</span> <span class="n">std</span><span class="o">::</span><span class="n">endl</span><span class="p">;</span>
<span class="n">ERR_print_errors_fp</span><span class="p">(</span><span class="n">stderr</span><span class="p">);</span>
<span class="k">return</span><span class="p">;</span>
<span class="p">}</span>
<span class="n">SSL_set_mode</span><span class="p">(</span><span class="n">ssl</span><span class="p">,</span> <span class="n">SSL_MODE_AUTO_RETRY</span><span class="p">);</span>
<span class="k">if</span> <span class="p">(</span><span class="n">BIO_do_connect</span><span class="p">(</span><span class="n">bio</span><span class="p">)</span> <span class="o"><=</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span>
<span class="n">std</span><span class="o">::</span><span class="n">cerr</span> <span class="o"><<</span> <span class="s">"Error attempting to connect"</span> <span class="o"><<</span> <span class="n">std</span><span class="o">::</span><span class="n">endl</span><span class="p">;</span>
<span class="n">ERR_print_errors_fp</span><span class="p">(</span><span class="n">stderr</span><span class="p">);</span>
<span class="k">return</span><span class="p">;</span>
<span class="p">}</span>
<span class="k">if</span> <span class="p">(</span><span class="n">BIO_do_handshake</span><span class="p">(</span><span class="n">bio</span><span class="p">)</span> <span class="o"><=</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span>
<span class="n">std</span><span class="o">::</span><span class="n">cerr</span> <span class="o"><<</span> <span class="s">"Error attempting to handshake"</span> <span class="o"><<</span> <span class="n">std</span><span class="o">::</span><span class="n">endl</span><span class="p">;</span>
<span class="n">ERR_print_errors_fp</span><span class="p">(</span><span class="n">stderr</span><span class="p">);</span>
<span class="k">return</span><span class="p">;</span>
<span class="p">}</span>
<span class="n">X509</span><span class="o">*</span> <span class="n">cert</span> <span class="o">=</span> <span class="n">SSL_get_peer_certificate</span><span class="p">(</span><span class="n">ssl</span><span class="p">);</span>
<span class="k">if</span> <span class="p">(</span><span class="n">cert</span><span class="p">)</span> <span class="p">{</span>
<span class="n">std</span><span class="o">::</span><span class="n">cout</span> <span class="o"><<</span> <span class="s">"Successfully retrieved server certificate:"</span> <span class="o"><<</span> <span class="n">std</span><span class="o">::</span><span class="n">endl</span><span class="p">;</span>
<span class="n">X509_print_fp</span><span class="p">(</span><span class="n">stdout</span><span class="p">,</span> <span class="n">cert</span><span class="p">);</span>
<span class="n">X509_free</span><span class="p">(</span><span class="n">cert</span><span class="p">);</span>
<span class="p">}</span> <span class="k">else</span> <span class="p">{</span>
<span class="n">std</span><span class="o">::</span><span class="n">cerr</span> <span class="o"><<</span> <span class="s">"Error: No certificate retrieved"</span> <span class="o"><<</span> <span class="n">std</span><span class="o">::</span><span class="n">endl</span><span class="p">;</span>
<span class="p">}</span>
<span class="n">BIO_free_all</span><span class="p">(</span><span class="n">bio</span><span class="p">);</span>
<span class="n">SSL_CTX_free</span><span class="p">(</span><span class="n">ctx</span><span class="p">);</span>
<span class="p">}</span>
<span class="kt">int</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span>
<span class="n">initializeOpenSSL</span><span class="p">();</span>
<span class="k">const</span> <span class="kt">char</span><span class="o">*</span> <span class="n">hostname</span> <span class="o">=</span> <span class="s">"www.example.com"</span><span class="p">;</span>
<span class="k">const</span> <span class="kt">char</span><span class="o">*</span> <span class="n">port</span> <span class="o">=</span> <span class="s">"443"</span><span class="p">;</span>
<span class="n">getServerCertificate</span><span class="p">(</span><span class="n">hostname</span><span class="p">,</span> <span class="n">port</span><span class="p">);</span>
<span class="n">cleanupOpenSSL</span><span class="p">();</span>
<span class="k">return</span> <span class="mi">0</span><span class="p">;</span>
<span class="p">}</span>
</code></pre></div></div>
<h4 id="代码解释">代码解释</h4>
<ol>
<li><strong>初始化OpenSSL</strong>:在使用任何OpenSSL功能之前,需要加载OpenSSL的错误字符串和算法库。</li>
<li><strong>创建SSL上下文</strong>:使用<code class="language-plaintext highlighter-rouge">SSLv23_client_method</code>创建一个新的SSL上下文,这将支持各种SSL/TLS协议。</li>
<li><strong>连接服务器</strong>:使用BIO对象建立与服务器的连接,并进行SSL握手。</li>
<li><strong>获取证书</strong>:通过<code class="language-plaintext highlighter-rouge">SSL_get_peer_certificate</code>函数从服务器获取证书,并打印证书信息。</li>
<li><strong>清理资源</strong>:释放分配的BIO和SSL上下文资源。</li>
</ol>
<h4 id="总结">总结</h4>
<p>通过以上步骤,您可以在Windows上使用C++和OpenSSL库自动获取服务器证书。这不仅提高了程序的安全性,还为处理安全通信提供了强大的支持。OpenSSL库的灵活性和强大功能,使其成为处理SSL/TLS通信的首选工具之一。希望本文能够帮助您在Windows环境下顺利实现服务器证书的自动获取。</p>
</section>
<footer class="post-footer">
<!-- Everything inside the #author tags pulls data from the author -->
<!-- #author-->
<!-- Add Disqus Comments -->
</footer>
</article>
</main>
<aside class="read-next">
<!-- [[! next_post ]] -->
<a class="read-next-story no-cover" href="/jom-hangs-while-building-on-qt-creator">
<section class="post">
<h2>Jom hangs while building on Qt Creator</h2>
<p>I encounter a pretty annoy problem this afternoon. The executable jom.exe hangs while I building...</p>
</section>
</a>
<!-- [[! /next_post ]] -->
<!-- [[! prev_post ]] -->
<a class="read-next-story prev no-cover" href="/integrate-cas-with-openldap">
<section class="post">
<h2>CAS与OpenLDAP整合</h2>
<p>CAS(Central Authentication Service)和OpenLDAP是现代企业和机构在用户认证和目录服务中广泛使用的两个重要工具。CAS是一种流行的单点登录(SSO)解决方案,能够简化用户的认证过程,提高安全性和用户体验。OpenLDAP则是一个开放源代码的轻量级目录访问协议(LDAP)服务器,提供了高效的目录服务和用户信息管理。将CAS与OpenLDAP整合在一起,可以实现集中化的用户认证和目录管理,极大地提升系统的安全性和便捷性。 什么是CAS? CAS是由耶鲁大学开发的开源项目,主要用于Web应用的单点登录。通过CAS,用户只需一次登录,便可访问所有集成了CAS认证的应用系统。这种方式不仅简化了用户的操作流程,还避免了多次输入用户名和密码带来的安全风险。 什么是OpenLDAP? OpenLDAP是一个实现了LDAP协议的开源目录服务,它被广泛用于用户信息存储、检索和管理。LDAP目录可以包含用户、群组、计算机等信息,支持快速查询和高效管理。由于其灵活性和扩展性,OpenLDAP在企业环境中非常受欢迎。 CAS与OpenLDAP整合的必要性 整合CAS与OpenLDAP的主要目的是实现统一的用户认证和目录服务管理。通过将CAS与OpenLDAP结合,企业可以利用OpenLDAP的强大目录服务功能,同时享受CAS提供的单点登录便利。这种整合可以带来以下好处: 统一用户管理:所有用户信息集中存储在OpenLDAP中,避免了分散管理的复杂性和冗余数据的产生。 提高安全性:通过统一认证,减少了密码泄露的风险。同时,CAS可以与多种认证方式(如双因素认证)集成,进一步增强安全性。 简化用户体验:用户只需一次登录,便可访问多个应用系统,提升了工作效率和用户满意度。 实现整合的步骤 要实现CAS与OpenLDAP的整合,需要进行以下几个步骤: 安装和配置OpenLDAP:首先,需要在服务器上安装并配置OpenLDAP。确保目录中包含所有需要认证的用户信息。...</p>
</section>
</a>
<!-- [[! /prev_post ]] -->
</aside>
<!-- /post -->
<footer class="site-footer clearfix">
<section class="copyright"><a href="/">与机器,人,神共舞</a> © 2024</section>
</footer>
</div>
<!-- [[! Ghost outputs important scripts and data with this tag ]] -->
<script type="text/javascript" src="https://code.jquery.com/jquery-1.11.3.min.js"></script>
<!-- [[! The main JavaScript file for Casper ]] -->
<script type="text/javascript" src="/assets/js/jquery.fitvids.js"></script>
<script type="text/javascript" src="/assets/js/index.js"></script>
<!-- Add Google Analytics -->
<!-- Google Analytics Tracking code -->
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-78960009-1', 'auto');
ga('send', 'pageview');
</script>
</body>
</html>