c - SSL 2way C 程序失败,curl_easy_perform() failed: SSL peer certificate or SSH remote key was not OK
问题描述
我正在尝试用我的 apache 服务器做 2way ssl。在 apache 服务器配置中,我启用了客户端认证验证。我创建了自我 CA 并通过 OpenSSL 1.0.2k-fips 签署了服务器和客户端证书,
这是我的客户端程序,我使用 curl 7.68,并通过 commnad 构建 exe
gcc client.c -o client -lcurl
对于 -lcurl
我设置了我的libcurl二进制文件所在的目录路径
export LD_LIBRARY_PATH=<path of exec dir>
客户端.c
#include <stdio.h>
#include <curl/curl.h>
int main(void)
{
CURL *curl;
CURLcode res;
FILE *headerfile;
const char *pPassphrase = "1234";
static const char *pCertFile = "/scratch/amitcck/ssl/CA/client.crt";
static const char *pCACertFile = "/scratch/amitcck/ssl/CA/ca.cert.pem";
static const char *pHeaderFile = "/scartch/amitcck/curl_libs/dumpit.txt";
const char *pKeyName;
const char *pKeyType;
const char *pEngine;
#ifdef USE_ENGINE
pKeyName = "rsa_test";
pKeyType = "ENG";
pEngine = "chil"; /* for nChiper HSM... */
#else
pKeyName = "/scratch/amitcck/ssl/CA/client.key";
pKeyType = "PEM";
pEngine = NULL;
#endif
headerfile = fopen(pHeaderFile, "wb");
curl_global_init(CURL_GLOBAL_DEFAULT);
curl = curl_easy_init();
if(curl) {
/* what call to write: */
curl_easy_setopt(curl, CURLOPT_URL, "https://localhost:8051/");
curl_easy_setopt(curl, CURLOPT_HEADERDATA, headerfile);
do { /* dummy loop, just to break out from */
if(pEngine) {
/* use crypto engine */
if(curl_easy_setopt(curl, CURLOPT_SSLENGINE, pEngine) != CURLE_OK) {
/* load the crypto engine */
fprintf(stderr, "can't set crypto engine \n");
break;
}
if(curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT, 1L) != CURLE_OK) {
/* set the crypto engine as default */
/* only needed for the first time you load
a engine in a curl object... */
fprintf(stderr, "can't set crypto engine as default \n");
break;
}
}
/* cert is stored PEM coded in file... */
/* since PEM is default, we needn't set it for PEM */
if(curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM")!=CURLE_OK){
fprintf(stderr, "PEM wrong \n");
}
/* set the cert for client authentication */
if(curl_easy_setopt(curl, CURLOPT_SSLCERT, pCertFile)!=CURLE_OK)
{
fprintf(stderr, "CRT wrong \n");
}
/* sorry, for engine we must set the passphrase
(if the key has one...) */
if(pPassphrase)
if(curl_easy_setopt(curl, CURLOPT_KEYPASSWD, pPassphrase)!=CURLE_OK){
fprintf(stderr, "passphrase WRONG \n");
}
/* if we use a key stored in a crypto engine,
we must set the key type to "ENG" */
if(curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, pKeyType)!=CURLE_OK){
fprintf(stderr, "Type WRONG\n");
}
/* set the private key (file or ID in engine) */
if(curl_easy_setopt(curl, CURLOPT_SSLKEY, pKeyName)!=CURLE_OK){
fprintf(stderr, "SSL key wrong\n");
}
/* set the file with the certs vaildating the server */
if(curl_easy_setopt(curl, CURLOPT_CAINFO, pCACertFile)!=CURLE_OK){
fprintf(stderr, "Fine\n");
}
/* disconnect if we can't validate server's cert */
if(curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L)!=CURLE_OK){
fprintf(stderr, "Not Connected \n");
}
/* Perform the request, res will get the return code */
res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
/* we are done... */
} while(0);
/* always cleanup */
curl_easy_cleanup(curl);
}
curl_global_cleanup();
return 0;
}
我的程序因以下错误而失败,
curl_easy_perform() failed: SSL peer certificate or SSH remote key was not OK
当我尝试通过导入 client.p12 文件从 Web 浏览器进行 CA 验证时,该网站在 https 上运行良好。
解决方案
推荐阅读
- python - 使用第三方 haar 分类器时出现错误
- c# - 如何将 DataSet 转换为 XML 并返回 DataSet
- laravel - 如何从laravel中的表单中获取id
- python - 使用字符串解包嵌套元组
- perl - xls Perl 脚本中的指数格式
- javascript - 返回对象而不是 Promise 原型,useEffect()
- javascript - 节点包管理器的 npm install 命令是否会自动运行 npm build
- node.js - 有什么方法可以获取 ActiveMQ 队列当前未决消息计数
- ios - 根据父对象的 NSSet 中的子元素对父对象进行排序
- javascript - 如何在无限循环中显示ajax的函数结果?