官網:https://curl.haxx.se/libcurl/c/libcurl.html
libcurl參數說明:
CURLOPT_SSLCERTTYPE:證書的格式,支持PEM, DER格式
CURLOPT_SSLCERT:客戶端證書的名字,加密傳輸下默認格式是P12,其它方式下是PEM,使用時候用./filename避免混淆,當使用client證書的時候,很大可能需要使用private key
CURLOPT_SSLKEY: 這個是privatekey的文件名,默認格式是PEM,可以通過 CURLOPT_SSLKEYTYPE修改
CURLOPT_KEYPASSWD: 使用private.key時候需要密碼,載入證書不會用到密碼,但是載入private.key時候需要
CURLOPT_CAINFO: 根證書,用來驗證對端證書的有效性,一般時頒發機構(CA)頒發的
CURLOPT_SSL_VERIFYPEER: 決定是否驗證對方證書的有效性,當進行TLS或者SSL連接時,服務器發送證書表明他的身份,CURL會驗證證書是否真實(,這種信任基於數字簽名鏈,植根於您提供的證書頒發機構(CA)證書
1、準備文件
根證書 |
ca.crt |
cacrt.pem |
根證書籤發的服務端證書 |
server.crt |
|
服務端私鑰 |
server.key |
|
根證書籤發的客戶端證書 |
client.crt |
clientcrt.pem |
客戶端私鑰 |
client.key |
clientkey.pem |
cacrt.pem :爲了驗證服務器的證書,因爲服務器證書時通過根證書籤發的
clientcrt.pem, clientkey.pem :客戶端證書,雙向認證發給服務器進行認證
頭文件記libcurl庫文件(參考github libcurl開源)
2、simplc.c文件
#include <stdio.h>
#include "include/curl/curl.h"
int main(void)
{
CURL *curl;
CURLcode res;
FILE *headerfile;
const char *pPassphrase = NULL; //password for private key
static const char *pCertFile = "./clientcrt.pem"; //client certificate
static const char *pCACertFile = "cacrt.pem"; //CA root certificat
static const char *pHeaderFile = "dumpit";
const char *pKeyName;
const char *pKeyType;
const char *pEngine;
pKeyName = "clientkey.pem"; // private.key
pKeyType = "PEM";
pEngine = NULL;
headerfile = fopen(pHeaderFile, "wb");
curl_global_init(CURL_GLOBAL_DEFAULT);
curl = curl_easy_init();
if(curl) {
/* what call to write: */
curl_easy_setopt(curl, CURLOPT_URL, "HTTPS://192.168.31.14:8124");
curl_easy_setopt(curl, CURLOPT_HEADERDATA, headerfile);
do { /* dummy loop, just to break out from */
if(pEngine) {
/* use crypto engine */
if(curl_easy_setopt(curl, CURLOPT_SSLENGINE, pEngine) != CURLE_OK) {
/* load the crypto engine */
fprintf(stderr, "can't set crypto engine\n");
break;
}
if(curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT, 1L) != CURLE_OK) {
/* set the crypto engine as default */
/* only needed for the first time you load
* a engine in a curl object... */
fprintf(stderr, "can't set crypto engine as default\n");
break;
}
}
/* cert is stored PEM coded in file... */
/* since PEM is default, we needn't set it for PEM */
curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");
/* set the cert for client authentication */
curl_easy_setopt(curl, CURLOPT_SSLCERT, pCertFile);
/* sorry, for engine we must set the passphrase
* (if the key has one...) */
if(pPassphrase)
curl_easy_setopt(curl, CURLOPT_KEYPASSWD, pPassphrase);
/* if we use a key stored in a crypto engine,
* we must set the key type to "ENG" */
curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, pKeyType);
/* set the private key (file or ID in engine) */
curl_easy_setopt(curl, CURLOPT_SSLKEY, pKeyName);
/* set the file with the certs vaildating the server */
curl_easy_setopt(curl, CURLOPT_CAINFO, pCACertFile);
/* disconnect if we can't validate server's cert */
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
/* Perform the request, res will get the return code */
res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
/* we are done... */
} while(0);
/* always cleanup */
curl_easy_cleanup(curl);
}
curl_global_cleanup();
return 0;
}
Makefile
TARGET = simplessl
#Which object files that the executable consists of
OBJS= simplessl.o
# What compiler to use
CC = gcc
# Compiler flags, -g for debug, -c to make an object file
CFLAGS = -c -g
# This should point to a directory that holds libcurl, if it isn't
# in the system's standard lib dir
# We also set a -L to include the directory where we have the openssl
# libraries
LDFLAGS = -L./lib/libs -L/usr/local/ssl/lib
# We need -lcurl for the curl stuff
# We need -lsocket and -lnsl when on Solaris
# We need -lssl and -lcrypto when using libcurl with SSL support
# We need -lpthread for the pthread example
LIBS = -lcurl #-lsocket -lnsl -lssl -lcrypto
# Link the target with all objects and libraries
$(TARGET) : $(OBJS)
$(CC) -o $(TARGET) $(OBJS) $(LDFLAGS) $(LIBS)
# Compile the source files into object files
simplessl.o : simplessl.c
$(CC) $(CFLAGS) $<
編譯後執行可以看到結果:
請到我的下載資源中找源代碼