woomsg

在路上

openssl使用(補(bǔ))

1. 使用OpenSSL內(nèi)置的數(shù)據(jù)結(jié)構(gòu)BIO可以方便的創(chuàng)建安全和非安全鏈接,
在IBM Web上的"使用OpenSSL進(jìn)行安全編程"系列的三篇文章是個(gè)不錯(cuò)的入門:
http://www.ibm.com/developerworks/cn/linux/l-openssl.html
http://www.ibm.com/developerworks/cn/linux/l-openssl2.html
http://www.ibm.com/developerworks/cn/linux/l-openssl3.html

安全鏈接的簡(jiǎn)要概述:
安全連接要求在連接建立后進(jìn)行握手。在握手過程中，服務(wù)器向客戶機(jī)發(fā)送一個(gè)證書，然后，客戶機(jī)根據(jù)一組可信任證書來核實(shí)該證書。它還將檢查證書，以確保它沒有過期。要檢驗(yàn)證書是可信任的，需要在連接建立之前提前加載一個(gè)可信任證書庫。
只有在服務(wù)器發(fā)出請(qǐng)求時(shí)，客戶機(jī)才會(huì)向服務(wù)器發(fā)送一個(gè)證書。該過程叫做客戶機(jī)認(rèn)證。使用證書，在客戶機(jī)和服務(wù)器之間傳遞密碼參數(shù)，以建立安全連接。盡管握手是在建立連接之后才進(jìn)行的，但是客戶機(jī)或服務(wù)器可以在任何時(shí)刻請(qǐng)求進(jìn)行一次新的握手。

附帶兩個(gè)Demo:分別是使用BIO建立普通的socket鏈接和ssl鏈接, 并下載google得主頁.

1

#include "openssl/ssl.h"
2

#include "openssl/bio.h"
3

#include "openssl/err.h"
4

5

6

#include <iostream>
7

#include <winsock2.h>
8

9

10

#pragma comment( lib, "ws2_32.lib" )
11

#pragma comment( lib, "libeay32.lib" )
12

#pragma comment( lib, "ssleay32.lib" )
13

14

15

int main( int argc, char* argv[] ) {
16

////////////
17

// 初始化 //
18

////////////
19

BIO* bio;
20

int ret;
21

char* request = "GET / HTTP/1.1\x0D\x0AHost: www.google.com\x0D\x0A\x43onnection: Close\x0D\x0A\x0D\x0A";
22

char buf[1024];
23

24

ERR_load_BIO_strings();
25

SSL_load_error_strings();
26

SSLeay_add_ssl_algorithms();
27

28

29

//////////////
30

// 建立鏈接 //
31

//////////////
32

33

bio = BIO_new_connect("www.google.com:80");
34

if(bio == NULL) {
35

std::cout<<"BIO_new_connect error."<<std::endl;
36

return -1;
37

}
38

39

if(BIO_do_connect(bio) <= 0) {
40

std::cout<<"BIO_new_connect error."<<std::endl;
41

BIO_free_all(bio);
42

return -1;
43

}
44

45

// 發(fā)送請(qǐng)求
46

BIO_write(bio, request, strlen(request));
47

48

// 接收數(shù)據(jù)
49

for(;;) {
50

ret = BIO_read(bio, buf, 1023);
51

if(ret <= 0) {
52

break;
53

}
54

buf[ret] = 0;
55

std::cout<<buf<<std::endl;
56

}
57

58

BIO_free_all(bio);
59

return 0;
60

}

1

#include "openssl/ssl.h"
2

#include "openssl/bio.h"
3

#include "openssl/err.h"
4

5

6

#include <iostream>
7

#include <winsock2.h>
8

9

10

#pragma comment( lib, "ws2_32.lib" )
11

#pragma comment( lib, "libeay32.lib" )
12

#pragma comment( lib, "ssleay32.lib" )
13

14

// 我們默認(rèn)對(duì)服務(wù)器的證書都是可信的，沒有進(jìn)行服務(wù)器證書的驗(yàn)證.
15

int main( int argc, char* argv[] ) {
16

////////////
17

// 初始化 //
18

////////////
19

SSL* ssl;
20

SSL_CTX* ctx;
21

22

BIO* bio;
23

int ret;
24

char* request = "GET / HTTP/1.1\x0D\x0AHost: www.google.com\x0D\x0A\x43onnection: Close\x0D\x0A\x0D\x0A";
25

char buf[1024];
26

27

ERR_load_BIO_strings();
28

SSL_load_error_strings();
29

SSLeay_add_ssl_algorithms();
30

31

ctx = SSL_CTX_new ( SSLv23_client_method() );
32

if (!ctx) {
33

ERR_print_errors_fp(stderr);
34

std::cout<<"SSL_CTX_new error."<<std::endl;
35

return -1;
36

}
37

38

//////////////
39

// 建立鏈接 //
40

//////////////
41

bio = BIO_new_ssl_connect(ctx);
42

BIO_get_ssl(bio, & ssl);
43

SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
44

BIO_set_conn_hostname(bio, "www.google.com:443");
45

if(BIO_do_connect(bio) <= 0) {
46

std::cout<<"BIO_do_connect error."<<std::endl;
47

return -1;
48

}
49

50

51

// 發(fā)送請(qǐng)求
52

BIO_write(bio, request, strlen(request));
53

54

// 接收數(shù)據(jù)
55

for(;;) {
56

ret = BIO_read(bio, buf, 1023);
57

if(ret <= 0) {
58

break;
59

}
60

buf[ret] = 0;
61

std::cout<<buf<<std::endl;
62

}
63

64

BIO_free_all(bio);
65

SSL_CTX_free(ctx);
66

return 0;
67

}
68

posted on 2008-10-22 10:48 ysong.lee 閱讀(2895) 評(píng)論(10) 編輯收藏引用

Feedback

# re: openssl使用(補(bǔ)) 2009-03-25 09:54 PGG

如何使用DTLS？回復(fù) 更多評(píng)論

# re: openssl使用(補(bǔ)) 2010-06-15 03:44 ReillyMelva

When you are in the corner and have no cash to move out from that point, you would need to receive the <a href="http://lowest-rate-loans.com/topics/credit-loans">credit loans</a>. Just because that should aid you unquestionably. I get commercial loan every single year and feel great just because of it. 回復(fù) 更多評(píng)論

# re: openssl使用(補(bǔ)) 2010-09-28 21:55 essay writer

Thanks a lot that you created the good enough outcome associated with this topic. Though, to find the professional essay writing service, all of us must have some knowledge about custom write. 回復(fù) 更多評(píng)論

# re: openssl使用(補(bǔ)) 2011-09-30 14:14 loans

Following my own analysis, billions of persons on our planet get the business loans at good banks. Thus, there's great possibilities to find a student loan in any country. 回復(fù) 更多評(píng)論

# re: openssl使用(補(bǔ)) 2013-04-10 02:34 essay writing service review

Have no clue which firm to choose to get aid from? Look through QualityEssays testimonials best-writing-services.com, and take a right choice. 回復(fù) 更多評(píng)論

# re: openssl使用(補(bǔ)) 2013-04-10 13:56 resume writing samples

Can’t complete remarkable CV yourself? Paper writing agencies accessible online will help you out with pleasure whenever you desire to try buying resume online. 回復(fù) 更多評(píng)論

刷新評(píng)論列表

只有注冊(cè)用戶登錄后才能發(fā)表評(píng)論。




網(wǎng)站導(dǎo)航: 博客園 IT新聞 BlogJava 博問 Chat2DB 管理

青青草原综合久久大伊人导航_色综合久久天天综合_日日噜噜夜夜狠狠久久丁香五月_热久久这里只有精品

woomsg

openssl使用(補(bǔ))

Feedback

# re: openssl使用(補(bǔ)) 2009-03-25 09:54 PGG

# re: openssl使用(補(bǔ)) 2010-06-15 03:44 ReillyMelva

# re: openssl使用(補(bǔ)) 2010-09-28 21:55 essay writer

# re: openssl使用(補(bǔ)) 2011-09-30 14:14 loans

# re: openssl使用(補(bǔ)) 2013-04-10 02:34 essay writing service review

# re: openssl使用(補(bǔ)) 2013-04-10 13:56 resume writing samples

導(dǎo)航

統(tǒng)計(jì)信息

News

常用鏈接

留言簿(4)

隨筆檔案

Links

搜索

最新評(píng)論

閱讀排行榜

評(píng)論排行榜