中财网中国智谋书籍:Windows下OpenSSL的BIO安全编程
来源:百度文库 编辑:中财网 时间:2024/05/03 10:48:54
参考文章: http://www.ibm.com/developerworks/cn/linux/l-openssl.html http://www.ibm.com/developerworks/cn/linux/l-openssl2.html http://www.ibm.com/developerworks/cn/linux/l-openssl3.html http://www.cppblog.com/woomsg/archive/2008/10/22/64626.html 在windows上安装好的OpenSSL的环境后,我们就可以使用OpenSSL进行开发了。OpenSSL内置的BIO抽象库处理包括文件和套接字在内各种类型的通信。下面将介绍使用BIO抽象库建立套接字的非安全和安全连接。 非安全连接和安全连接的区别: 安全连接要求在连接建立后进行握手。在握手过程中,服务器项客户机发送一个证书,然后,客户机根据一组可信任证书来核实该证书。它还将检查证书,以确保它没有过期。要检验证书是可信任的,需要在连接建立之前提前加载一个可信任证书库。 只有在服务器发出请求时,客户机才会向服务器发送一个证书。该过程叫做客户机认证。使用证书,在客户机和服务器之间传递密码参数,以建立安全连接。尽管握手是在建立连接之后才进行的,但是客户机和服务器可以再任何时刻请求进行一次新的握手。非安全连接例子:#include
#include#include "openssl/bio.h"
#include "openssl/ssl.h"
#include "openssl/err.h"#pragma comment(lib, "libeay32.lib")
#pragma comment(lib, "ssleay32.lib")int main(int argc, char *argv[])
{
BIO *bio;
int x;
char *request = "GET / HTTP/1.1\r\nHost: www.baidu.com\r\nConnection: Close\r\n\r\n";
char buf[1024]; /* Initializing OpenSSL */
SSL_load_error_strings();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms(); /* create and set up connect */
bio = BIO_new_connect("www.baidu.com:80");
if(bio == NULL)
{
printf("BIO_new_connect opt failue.\n");
return -1;
} if(BIO_do_connect(bio) <= 0)
{
printf("connect error.\n");
BIO_free_all(bio);
return -1;
} /* send request */
BIO_write(bio, request, strlen(request));
/* read the response */
for (;;)
{
x = BIO_read(bio, buf, strlen(buf)-1);
if (x <= 0)
break;
buf[x] = 0;
printf("%s\n", buf);
} BIO_free_all(bio);
return 0;
}
安全连接例子: #include
#include#include "openssl/bio.h"
#include "openssl/ssl.h"
#include "openssl/err.h"#pragma comment(lib, "libeay32.lib")
#pragma comment(lib, "ssleay32.lib")int main(int argc, char *argv[])
{
SSL *ssl;
SSL_CTX *ctx;
BIO *bio;
int x;
char *request = "GET / HTTP/1.1\r\nHost: www.verisign.com\r\nConnection: Close\r\n\r\n";
char buf[1024]; /* Initializing OpenSSL */
SSL_load_error_strings();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms(); /* create and set up SSL context */
ctx = SSL_CTX_new(SSLv23_client_method()); /* load trust store */
if(! SSL_CTX_load_verify_locations(ctx, "TrustStore.pem", NULL))
{
/* Handle failed load here */
printf("Error loading trust store\n");
SSL_CTX_free(ctx);
return -1;
}
/* create and set up connect */
bio = BIO_new_ssl_connect(ctx); /* set SSL_MODE_AUTO_RETRY flag */
BIO_get_ssl(bio, &ssl);
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); /* Attempt to connect */
BIO_set_conn_hostname(bio, "www.verisign.com:https"); /* Verify the connection opened and perform the handshake */
if(BIO_do_connect(bio) <= 0)
{
printf("connect error.\n");
SSL_CTX_free(ctx);
BIO_free_all(bio);
return -1;
} /* check cert */
if(SSL_get_verify_result(ssl) != X509_V_OK)
{
printf("cert is not match.\n");
SSL_CTX_free(ctx);
BIO_free_all(bio);
return -1;
}
/* send request */
BIO_write(bio, request, strlen(request));
/* read the response */
for (;;)
{
x = BIO_read(bio, buf, strlen(buf)-1);
if (x <= 0)
break;
buf[x] = 0;
printf("%s\n", buf);
} BIO_free_all(bio);
SSL_CTX_free(ctx);
return 0;
}
#include
#include "openssl/ssl.h"
#include "openssl/err.h"#pragma comment(lib, "libeay32.lib")
#pragma comment(lib, "ssleay32.lib")int main(int argc, char *argv[])
{
BIO *bio;
int x;
char *request = "GET / HTTP/1.1\r\nHost: www.baidu.com\r\nConnection: Close\r\n\r\n";
char buf[1024]; /* Initializing OpenSSL */
SSL_load_error_strings();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms(); /* create and set up connect */
bio = BIO_new_connect("www.baidu.com:80");
if(bio == NULL)
{
printf("BIO_new_connect opt failue.\n");
return -1;
} if(BIO_do_connect(bio) <= 0)
{
printf("connect error.\n");
BIO_free_all(bio);
return -1;
} /* send request */
BIO_write(bio, request, strlen(request));
/* read the response */
for (;;)
{
x = BIO_read(bio, buf, strlen(buf)-1);
if (x <= 0)
break;
buf[x] = 0;
printf("%s\n", buf);
} BIO_free_all(bio);
return 0;
}
安全连接例子: #include
#include
#include "openssl/ssl.h"
#include "openssl/err.h"#pragma comment(lib, "libeay32.lib")
#pragma comment(lib, "ssleay32.lib")int main(int argc, char *argv[])
{
SSL *ssl;
SSL_CTX *ctx;
BIO *bio;
int x;
char *request = "GET / HTTP/1.1\r\nHost: www.verisign.com\r\nConnection: Close\r\n\r\n";
char buf[1024]; /* Initializing OpenSSL */
SSL_load_error_strings();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms(); /* create and set up SSL context */
ctx = SSL_CTX_new(SSLv23_client_method()); /* load trust store */
if(! SSL_CTX_load_verify_locations(ctx, "TrustStore.pem", NULL))
{
/* Handle failed load here */
printf("Error loading trust store\n");
SSL_CTX_free(ctx);
return -1;
}
/* create and set up connect */
bio = BIO_new_ssl_connect(ctx); /* set SSL_MODE_AUTO_RETRY flag */
BIO_get_ssl(bio, &ssl);
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); /* Attempt to connect */
BIO_set_conn_hostname(bio, "www.verisign.com:https"); /* Verify the connection opened and perform the handshake */
if(BIO_do_connect(bio) <= 0)
{
printf("connect error.\n");
SSL_CTX_free(ctx);
BIO_free_all(bio);
return -1;
} /* check cert */
if(SSL_get_verify_result(ssl) != X509_V_OK)
{
printf("cert is not match.\n");
SSL_CTX_free(ctx);
BIO_free_all(bio);
return -1;
}
/* send request */
BIO_write(bio, request, strlen(request));
/* read the response */
for (;;)
{
x = BIO_read(bio, buf, strlen(buf)-1);
if (x <= 0)
break;
buf[x] = 0;
printf("%s\n", buf);
} BIO_free_all(bio);
SSL_CTX_free(ctx);
return 0;
}
我的BIO艺术片
有卖NEW BIO的黑环吗?
在windows xp下重新安TCPIP
关于openssl?
关于openssl
蜘蛛纸牌的英文名叫什么,安在WINDOWS的哪个目录下??
在WINDOWS XP下安装的IIS组件,安完了为什么在开始中找不到?
求bio-rad(伯乐)酶标仪的相关问题
谁知道BIO HAZARD 2(ps)研究所的门怎么进
bio是什么意思?
bio是什么
Windows XP SP2下安装Windows2000怎么安?
怎样在BIOS下安windows xp呢?
如何在WINDOWS下安装unix/可以安吗?
win 2000 下能不能安Windows Media 10。0
apache openssl mod_ssl在linux下面和win32下面的问题
怎么在windows xp下在安一个windows 2000系统啊
windows 下的程序
linux下能否安微软的应用程序
我刚下的游戏安不了!
网上下的字体安不起?
网上下的字体安不起?
下的模拟器游戏怎么安啊?
win2000下安win98的方法?