使用 libcurl & SSL协议
我发现关于这个主题的信息确实很少。我已经有一个 dll 使用 libcurl 成功发布了帖子。
我已经使用 openssl 编译了 libcurl 以实现 ssl 功能。
这是我最初的卷曲设置的一个发挥。
curl_easy_setopt(handle, CURLOPT_ERRORBUFFER, errorBuffer);
//curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER , 1);
//curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST , 1);
//curl_easy_setopt(curl, CURLOPT_CAINFO , "./ca.cert");
curl_easy_setopt(handle, CURLOPT_POSTFIELDS, cParam);
curl_easy_setopt(handle, CURLOPT_POSTFIELDSIZE, strlen(cParam));
curl_easy_setopt(handle, CURLOPT_FOLLOWLOCATION, 1);
curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, Request::writer);
curl_easy_setopt(handle, CURLOPT_WRITEDATA, &buffer);
curl_easy_setopt(handle, CURLOPT_URL, cURL);
我想问那些以前做过这件事的人,是不是只要添加上面这些行就可以让 SSL 工作(只要证书存在)那么简单?还是更复杂?
有趣的是我并不完全确定 SSL 是如何工作的。我以前从未使用过它。我是否需要在应用程序中存储密钥并随每个请求一起发送?无论如何,我的主要问题是第一个问题。先感谢您。
I've found there is really very little information around on this topic. I already have a dll making successful posts using libcurl.
I've compiled libcurl with openssl for ssl functionality.
Here is an exert of my original curl setup.
curl_easy_setopt(handle, CURLOPT_ERRORBUFFER, errorBuffer);
//curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER , 1);
//curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST , 1);
//curl_easy_setopt(curl, CURLOPT_CAINFO , "./ca.cert");
curl_easy_setopt(handle, CURLOPT_POSTFIELDS, cParam);
curl_easy_setopt(handle, CURLOPT_POSTFIELDSIZE, strlen(cParam));
curl_easy_setopt(handle, CURLOPT_FOLLOWLOCATION, 1);
curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, Request::writer);
curl_easy_setopt(handle, CURLOPT_WRITEDATA, &buffer);
curl_easy_setopt(handle, CURLOPT_URL, cURL);
My question to those who've done this before, is it as easy as just adding those lines above to get SSL to work (as long as the certificate exists)? Or is it more complicated?
The funny thing is I'm not completely sure how SSL works. I've never worked with it before. Do I need to store a key in my application and send it with each request? Anyway my main question was the first. Thank you in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
是的,就是这么简单。只需确保您拥有的“ca.cert”文件是真正的 CA 证书,可以验证您的服务器的证书。
Yes, it is that simple. Just make sure that the "ca.cert" file you have is a true CA cert that can verify your server's certificate.
要在 libcurl 中使用 SSL,您所需要做的就是提供 https url 而不是 http url。您需要使用curl_easy_setopt设置的唯一选项是CURLOPT_URL,尽管如果您不指定写入回调,它只会将接收到的数据打印到stdout。
All you need to do to use SSL with libcurl is give an https url instead of an http url. The only option you need to set with curl_easy_setopt is CURLOPT_URL, although it will just print the received data to stdout if you don't specify a write callback.
如果您确实想检查主机名匹配,请确保在使用
CURLOPT_SSL_VERIFYHOST
时将实际值设置为 2L(默认值)而不是 1(如该示例中的注释所示),否则它只会检查证书中是否存在“通用名称”(CN)。Make sure that when using
CURLOPT_SSL_VERIFYHOST
you set the actual value to 2L (which is the default) instead of 1 (as shown as a comment in that example), if you really want to check the hostname matches, otherwise it would just check for the existence of a "Common name" (CN) in the certificate.