Openssl建立SSL双向认证连接源码
#include "stdio.h"
#include "string.h"
#include "openssl/ssl.h"
#include "openssl/bio.h"
#include "openssl/err.h"
#pragma comment(lib, "WS2_32.lib")
#pragma comment(lib, "libeay32.lib")
#pragma comment(lib, "ssleay32.lib")
//获取服务器证书
int GetSrvCert(SSL * ssl, X509 ** pCert)
{
int rv = -1;
if(ssl == NULL)
{
return rv;
}
rv = SSL_get_verify_result(ssl);
*pCert = SSL_get_peer_certificate(ssl);
return rv;
}
//验证证书的合法性
int VerifyCert(X509 * pCert, const char * hostname)
{
char commonName [512] = {0};
X509_NAME * name = NULL;
if(pCert == NULL || hostname == NULL)
{
return -1;
}
//获取commonName
name = X509_get_subject_name(pCert);
X509_NAME_get_text_by_NID(name, NID_commonName, commonName, 512);
fprintf(stderr, "VerifyCert - Common Name on certificate: %s\n", commonName);
if(strcmp(commonName, hostname) == 0)
{
return 1;
}
else
{
return 0;
}
}
int main()
{
BIO *bio = NULL;
SSL *ssl = NULL;
SSL_CTX *ctx = NULL;
X509 *pCert = NULL;
int nRead = 0;
int nTotalLen = 0;
char szHttpReq[255] = "GET / HTTP/1.1\r\nHost: www.jinhill.com\r\nConnection: Close\r\n\r\n";
char szResp[1024] = {0};
//初始化SSL库
SSL_library_init();
ERR_load_BIO_strings();
SSL_load_error_strings();
//添加SSL握手时所有支持的算法
OpenSSL_add_all_algorithms();
//设置客户端使用的SSL版本
SSL_METHOD* sslMethod = (SSL_METHOD*)SSLv3_client_method();
//创建SSL上下文环境 每个进程只需维护一个SSL_CTX结构体
ctx = SSL_CTX_new(sslMethod);
//加载受信任的根证书
if(! SSL_CTX_load_verify_locations(ctx, "JinhillRootCA.cer", NULL))
{
fprintf(stderr, "Error loading trust store\n");
ERR_print_errors_fp(stderr);
SSL_CTX_free(ctx);
return 0;
}
//设置证书密码
SSL_CTX_set_default_passwd_cb_userdata(ctx, "1234");
//读取证书文件
SSL_CTX_use_certificate_file(ctx,"cb.crt",SSL_FILETYPE_PEM);
//读取密钥文件
SSL_CTX_use_PrivateKey_file(ctx,"cb.key",SSL_FILETYPE_PEM);
//验证密钥是否与证书一致
SSL_CTX_check_private_key(ctx);
bio = BIO_new_ssl_connect(ctx);
BIO_get_ssl(bio, &ssl);
//设备SSL连接模式自动重试
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
//建议连接
BIO_set_conn_hostname(bio, "www.jinhill.com:443");
fprintf(stderr, "Connecting to host www.jinhill.com\n");
if(BIO_do_connect(bio) <= 0)
{
fprintf(stderr, "Error attempting to connect\n");
ERR_print_errors_fp(stderr);
BIO_free_all(bio);
SSL_CTX_free(ctx);
return 0;
}
fprintf(stderr, "Retrieving peer certificate\n");
//获取服务器证书
if(GetSrvCert(ssl, &pCert) != X509_V_OK)
{
fprintf(stderr, "Certificate verification error: %i\n", SSL_get_verify_result(ssl));
BIO_free_all(bio);
SSL_CTX_free(ctx);
return 0;
}
//校验服务器证书
fprintf(stderr, "Validating peer certificate\n");
if(! VerifyCert(pCert, "www.jinhill.com"))
{
fprintf(stderr, "Hostname and Common Name do not match\n");
BIO_free_all(bio);
SSL_CTX_free(ctx);
return 0;
}
//发送HTTP请求
fprintf(stderr, "Sending szHttpReq\n");
BIO_write(bio, szHttpReq, strlen(szHttpReq));
//读取HTTP响应
fprintf(stderr, "Reading response\n");
nTotalLen = 0;
while(1)
{
nRead = BIO_read(bio, szResp, 1024);
if(nRead <= 0)
{
break;
}
szResp[nRead] = 0;
nTotalLen += nRead;
printf("%s", szResp);
}
printf("\nTotal bytes read: %i\n", nTotalLen);
//关闭连接
BIO_free_all(bio);
SSL_CTX_free(ctx);
return 0;
}
源码下载