目的基于openssl实现客户端远程连接
下面是部分接口代码
SSL_library_init();
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
ctx = SSL_CTX_new(SSLv2_client_method());
if (ctx == NULL) {
ERR_print_errors_fp(stdout);
exit(1);
}
if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
perror("Socket");
exit(errno);
}
printf("socket created\n");
memset (&dest, '\0', sizeof(dest));
dest.sin_family = AF_INET;
dest.sin_port = htons(atoi(argv[2]));
if (inet_aton(argv[1], (struct in_addr *) &dest.sin_addr.s_addr) == 0) {
perror(argv[1]);
exit(errno);
}
printf("address created\n");
if (connect(sockfd, (struct sockaddr *) &dest, sizeof(dest)) != 0) {
perror("Connect ");
exit(errno);
}
printf("server connected\n");
ssl = SSL_new(ctx);
if(!SSL_CTX_load_verify_locations(ctx, "/root/.ssh/ca-chain.cert.pem", NULL)){
ERR_print_errors_fp(stderr);
return 1;
}
if (SSL_CTX_use_PrivateKey_file(ctx, "/root/.ssh/client.key.pem", SSL_FILETYPE_PEM) <= 0){
SSL_CTX_free (ctx);
ERR_print_errors_fp(stderr);
return 1;
}
if(!SSL_CTX_use_certificate_file(ctx, "/root/.ssh/client.cert.pem", SSL_FILETYPE_PEM)){
fprintf (stderr, "SSL_CTX_use_certificate_file ERROR\n");
ERR_print_errors_fp(stderr);
return EXIT_FAILURE;
}
if (!SSL_CTX_check_private_key(ctx)) {
ERR_print_errors_fp(stdout);
exit(1);
}
if(SSL_get_verify_result(ssl) != X509_V_OK){
printf("X509证书无效\n");
return false;
}
SSL_set_fd(ssl, sockfd);
if ((t=SSL_connect(ssl)) <= 0){ //返回0
ERR_print_errors_fp(stderr);
}
else {
printf("Connected with %s encryption\n", SSL_get_cipher(ssl));
ShowCerts(ssl);
}
服务端打印出的Bug:
routines:REQUEST_CERTIFICATE:peer error no certificate:s2_pkt.c:681:
是不是本地证书加载未成功?求指点。。。。