如何解决SSL 2way C 程序失败,curl_easy_perform() 失败:SSL 对等证书或 SSH 远程密钥不正确
我正在尝试使用我的 apache 服务器进行 2way ssl。在 apache 服务器配置中,我启用了客户端认证验证。 我创建了自 CA 并通过 OpenSSL 1.0.2k-fips 签署了服务器和客户端证书,
这是我的客户端程序,我使用 curl 7.68,并通过 commnad 构建 exe
gcc client.c -o client -lcurl
对于 -lcurl
我设置了我的 libcurl 二进制文件所在目录的路径
export LD_LIBRARY_PATH=<path of exec dir>
客户端.c
#include <stdio.h>
#include <curl/curl.h>
int main(void)
{
CURL *curl;
CURLcode res;
FILE *headerfile;
const char *pPassphrase = "1234";
static const char *pCertFile = "/scratch/amitcck/ssl/CA/client.crt";
static const char *pCACertFile = "/scratch/amitcck/ssl/CA/ca.cert.pem";
static const char *pHeaderFile = "/scartch/amitcck/curl_libs/dumpit.txt";
const char *pKeyName;
const char *pKeyType;
const char *pEngine;
#ifdef USE_ENGINE
pKeyName = "rsa_test";
pKeyType = "ENG";
pEngine = "chil"; /* for nChiper HSM... */
#else
pKeyName = "/scratch/amitcck/ssl/CA/client.key";
pKeyType = "PEM";
pEngine = NULL;
#endif
headerfile = fopen(pHeaderFile,"wb");
curl_global_init(CURL_GLOBAL_DEFAULT);
curl = curl_easy_init();
if(curl) {
/* what call to write: */
curl_easy_setopt(curl,CURLOPT_URL,"https://localhost:8051/");
curl_easy_setopt(curl,CURLOPT_HEADERDATA,headerfile);
do { /* dummy loop,just to break out from */
if(pEngine) {
/* use crypto engine */
if(curl_easy_setopt(curl,CURLOPT_SSLENGINE,pEngine) != CURLE_OK) {
/* load the crypto engine */
fprintf(stderr,"can't set crypto engine \n");
break;
}
if(curl_easy_setopt(curl,CURLOPT_SSLENGINE_DEFAULT,1L) != CURLE_OK) {
/* set the crypto engine as default */
/* only needed for the first time you load
a engine in a curl object... */
fprintf(stderr,"can't set crypto engine as default \n");
break;
}
}
/* cert is stored PEM coded in file... */
/* since PEM is default,we needn't set it for PEM */
if(curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"PEM")!=CURLE_OK){
fprintf(stderr,"PEM wrong \n");
}
/* set the cert for client authentication */
if(curl_easy_setopt(curl,CURLOPT_SSLCERT,pCertFile)!=CURLE_OK)
{
fprintf(stderr,"CRT wrong \n");
}
/* sorry,for engine we must set the passphrase
(if the key has one...) */
if(pPassphrase)
if(curl_easy_setopt(curl,CURLOPT_KEYPASSWD,pPassphrase)!=CURLE_OK){
fprintf(stderr,"passphrase WRONG \n");
}
/* if we use a key stored in a crypto engine,we must set the key type to "ENG" */
if(curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE,pKeyType)!=CURLE_OK){
fprintf(stderr,"Type WRONG\n");
}
/* set the private key (file or ID in engine) */
if(curl_easy_setopt(curl,CURLOPT_SSLKEY,pKeyName)!=CURLE_OK){
fprintf(stderr,"SSL key wrong\n");
}
/* set the file with the certs vaildating the server */
if(curl_easy_setopt(curl,CURLOPT_CAINFO,pCACertFile)!=CURLE_OK){
fprintf(stderr,"Fine\n");
}
/* disconnect if we can't validate server's cert */
if(curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,1L)!=CURLE_OK){
fprintf(stderr,"Not Connected \n");
}
/* Perform the request,res will get the return code */
res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr,"curl_easy_perform() failed: %s\n",curl_easy_strerror(res));
/* we are done... */
} while(0);
/* always cleanup */
curl_easy_cleanup(curl);
}
curl_global_cleanup();
return 0;
}
我的程序因以下错误而失败,
curl_easy_perform() failed: SSL peer certificate or SSH remote key was not OK
当我尝试通过导入 client.p12 文件从 Web 浏览器进行 CA 验证时,该网站在 https 下工作正常。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。