下面的代码修改一下 需要支持https双向认证int https_post(const char *cert_path, const char *url, const char *body, char *response) { int sockfd, len; struct sockaddr_in dest; struct hostent *host; SSL_CTX *ctx; SSL ssl; char request[MAX_BUF_SIZE], buf[MAX_BUF_SIZE]; // 初始化OpenSSL库 SSL_library_init(); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); // 解析主机名 //printf("66666666 %s\n", url); char hostname[2560]; getHostFromURL(url, hostname); host = gethostbyname(hostname); if (host == NULL) { perror("gethostbyname"); return -1; } // 创建套接字 sockfd = socket(AF_INET, SOCK_STREAM, 0); if (sockfd < 0) { perror("socket"); return -1; } // 设置目标地址 bzero(&dest, sizeof(dest)); dest.sin_family = AF_INET; dest.sin_port = htons(443); dest.sin_addr.s_addr = (long)host->h_addr; // 连接服务器 if (connect(sockfd, (struct sockaddr)&dest, sizeof(dest)) != 0) { perror("connect"); return -1; } ctx = SSL_CTX_new(TLS_method()); // 设置支持的协议版本为 TLSv1.2 SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION); SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION); if (ctx == NULL) { perror("SSL_CTX_new"); return -1; } // 加载证书 if (SSL_CTX_load_verify_locations(ctx, cert_path, NULL) != 1) { perror("SSL_CTX_load_verify_locations"); return -1; } // 创建SSL ssl = SSL_new(ctx); if (ssl == NULL) { perror("SSL_new"); return -1; } // 将套接字绑定到SSL SSL_set_fd(ssl, sockfd); // SSL握手 if (SSL_connect(ssl) == -1) { perror("SSL_connect"); return -1; } // 构造HTTP请求 char *escaped_url = urlencode(url); sprintf(request, "POST / HTTP/1.1\r\n" "Host: %s\r\n" "Content-Type: application/json\r\n" "Content-Length: %d\r\n" "\r\n" "%s", escaped_url, strlen(body), body); // 发送HTTP请求 SSL_write(ssl, request, strlen(request)); // 接收HTTP响应 len = SSL_read(ssl, buf, MAX_BUF_SIZE); printf("response %s\n", buf); // 关闭SSL和套接字 SSL_free(ssl); close(sockfd); // 处理响应 strncpy(response, buf, len); printf("Child process created with PID %d\n", 60909); response[len] = '\0'; printf("Child process created with PID %d\n", 70909); // 清理OpenSSL库 SSL_CTX_free(ctx); EVP_cleanup(); printf("Child process created with PID %d\n", 909); free(escaped_url); return 0; }
时间: 2024-02-25 10:55:27 浏览: 28
以下是修改后的代码,支持https双向认证:
```
int https_post(const char *cert_path, const char *key_path, const char *url, const char *body, char *response) {
int sockfd, len;
struct sockaddr_in dest;
struct hostent *host;
SSL_CTX *ctx;
SSL *ssl;
char request[MAX_BUF_SIZE], buf[MAX_BUF_SIZE];
// 初始化OpenSSL库
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
// 解析主机名
char hostname[2560];
getHostFromURL(url, hostname);
host = gethostbyname(hostname);
if (host == NULL) {
perror("gethostbyname");
return -1;
}
// 创建套接字
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd < 0) {
perror("socket");
return -1;
}
// 设置目标地址
bzero(&dest, sizeof(dest));
dest.sin_family = AF_INET;
dest.sin_port = htons(443);
dest.sin_addr.s_addr = *(long*)host->h_addr;
// 连接服务器
if (connect(sockfd, (struct sockaddr *)&dest, sizeof(dest)) != 0) {
perror("connect");
return -1;
}
ctx = SSL_CTX_new(TLS_method());
if (ctx == NULL) {
perror("SSL_CTX_new");
return -1;
}
// 设置支持的协议版本为 TLSv1.2
SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION);
// 加载 CA 证书
if (SSL_CTX_load_verify_locations(ctx, cert_path, NULL) != 1) {
perror("SSL_CTX_load_verify_locations");
return -1;
}
// 加载客户端证书和私钥
if (SSL_CTX_use_certificate_file(ctx, cert_path, SSL_FILETYPE_PEM) <= 0) {
perror("SSL_CTX_use_certificate_file");
return -1;
}
if (SSL_CTX_use_PrivateKey_file(ctx, key_path, SSL_FILETYPE_PEM) <= 0) {
perror("SSL_CTX_use_PrivateKey_file");
return -1;
}
if (!SSL_CTX_check_private_key(ctx)) {
perror("SSL_CTX_check_private_key");
return -1;
}
// 创建 SSL
ssl = SSL_new(ctx);
if (ssl == NULL) {
perror("SSL_new");
return -1;
}
// 将套接字绑定到SSL
SSL_set_fd(ssl, sockfd);
// SSL握手
if (SSL_connect(ssl) == -1) {
perror("SSL_connect");
return -1;
}
// 构造HTTP请求
char *escaped_url = urlencode(url);
sprintf(request, "POST / HTTP/1.1\r\n"
"Host: %s\r\n"
"Content-Type: application/json\r\n"
"Content-Length: %d\r\n"
"\r\n"
"%s", escaped_url, strlen(body), body);
// 发送HTTP请求
SSL_write(ssl, request, strlen(request));
// 接收HTTP响应
len = SSL_read(ssl, buf, MAX_BUF_SIZE);
// 关闭SSL和套接字
SSL_shutdown(ssl);
SSL_free(ssl);
close(sockfd);
// 处理响应
strncpy(response, buf, len);
response[len] = '\0';
// 清理OpenSSL库
SSL_CTX_free(ctx);
EVP_cleanup();
free(escaped_url);
return 0;
}
```
您需要将证书路径和私钥路径作为参数传入,以支持双向认证。其中,cert_path 是 CA 证书路径,key_path 是客户端证书和私钥路径。
相关推荐
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)