目前日期文章:201705 (3)

瀏覽方式: 標題列表 簡短摘要

 

LibCurl supports URL transfer over HTTPS protocol. In this post we’ll use LibCurl to download a webpage over HTTPSprotocol. To get started, make sure that you have setup your system as outlined in one of my previous posts. Note that LibCurl comes with SSL libraries included and hence you need not to install any extra packages.

Getting started

Let’s first try to download a HTTPS webpage without SSL using following code:

 1 #include <stdio.h>
 2 #define CURL_STATICLIB
 3 #include <curl/curl.h>
 4 
 5 int main(int argc, char *argv[])
 6 {
 7     CURL *curl;
 8     CURLcode res;
 9 
10     curl = curl_easy_init();
11     if (curl)
12     {
13         curl_easy_setopt(curl, CURLOPT_URL, "https://google.com");
14         /* google.com is redirected, so we tell LibCurl to follow redirection */
15         curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
16 
17         /* Perform the request, res will get the return code */
18         res = curl_easy_perform(curl);
19         /* Check for errors */
20         if(res != CURLE_OK)
21             fprintf(stderr, "curl_easy_perform() failed: %s\n", curl_easy_strerror(res));
22 
23         /* Always cleanup */
24         curl_easy_cleanup(curl);
25     }
26 
27     return 0;
28 }

When we compile and run the above program, we get following error:

curl_easy_perform() failed: Peer certificate cannot be authenticated with given CA certificates

Well we can force LibCurl not to verify the authencity of peer’s certificate by modifying the program as below:

 1 #include <stdio.h>
 2 #define CURL_STATICLIB
 3 #include <curl/curl.h>
 4 
 5 int main(int argc, char *argv[])
 6 {
 7     CURL *curl;
 8     CURLcode res;
 9 
10     curl = curl_easy_init();
11     if (curl)
12     {
13         curl_easy_setopt(curl, CURLOPT_URL, "https://google.com");
14         /* google.com is redirected, so we tell LibCurl to follow redirection */
15         curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
16         curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
17         /* Perform the request, res will get the return code */
18         res = curl_easy_perform(curl);
19         /* Check for errors */
20         if(res != CURLE_OK)
21             fprintf(stderr, "curl_easy_perform() failed: %s\n", curl_easy_strerror(res));
22 
23         /* Always cleanup */
24         curl_easy_cleanup(curl);
25     }
26 
27     return 0;
28 }

This will resolve the error we were getting earlier but this is not secure as we are bypassing the verification of SSLcertificte presented by peer.

LibCurl with SSL

Now let’s modify the code as below to enable SSL certificate verification by LibCurl:

 1 #include <stdio.h>
 2 #define CURL_STATICLIB
 3 #include <curl/curl.h>
 4 
 5 int main(int argc, char *argv[])
 6 {
 7     CURL *curl;
 8     CURLcode res;
 9 
10     curl = curl_easy_init();
11     if (curl)
12     {
13         curl_easy_setopt(curl, CURLOPT_URL, "https://google.com");
14         /* google.com is redirected, so we tell LibCurl to follow redirection */
15         curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
16         /* SSL Options */
17         curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER , 1);
18         curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST , 1);
19         /* Provide CA Certs from http://curl.haxx.se/docs/caextract.html */
20         curl_easy_setopt(curl, CURLOPT_CAINFO, "ca-bundle.crt");
21 
22         /* Perform the request, res will get the return code */
23         res = curl_easy_perform(curl);
24         /* Check for errors */
25         if(res != CURLE_OK)
26             fprintf(stderr, "curl_easy_perform() failed: %s\n", curl_easy_strerror(res));
27 
28         /* Always cleanup */
29         curl_easy_cleanup(curl);
30     }
31 
32     return 0;
33 }

LibCurl depends on ca-bundle.crt to verify server’s certificate. CA bundle extract is provided by LibCurl itself and you can download it from here. We need to place the ca-bundle.crt in same folder as our executable. Also notice that we have enabled CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST in lines 17 and 18. When CURLOPT_SSL_VERIFYPEER is enabled, LibCurl verifes if the ceriticate presented is authentiate or not. If the verification fails to prove that the certificate is authentic, the connection fails. Authenticating the certificate is not enough to be sure about the server. We also want to ensure that the server is the server we mean to be talking to. When CURLOPT_SSL_VERIFYHOST is enabled, LibCurl checks that the host name in the certificate is valid for the host name we’re connecting to. If LibCurl fails to verify this, the connection fails.

 

 

 

 

 

來源

https://pranavprakash.net/2014/09/27/using-libcurl-with-ssl/

mybeauty 發表在 痞客邦 留言(0) 人氣()

最近在做使用openssl链接http和https的项目,编译时出现以下问题。

/usr/local/openssl/lib/libcrypto.a(async.o): In function `async_free_pool_internal':
async.c:(.text+0xe4): undefined reference to `pthread_setspecific'
async.c:(.text+0xf4): undefined reference to `pthread_getspecific'
async.c:(.text+0x104): undefined reference to `pthread_setspecific'
/usr/local/openssl/lib/libcrypto.a(async.o): In function `ASYNC_init_thread.part.1':
async.c:(.text+0x253): undefined reference to `pthread_setspecific'
/usr/local/openssl/lib/libcrypto.a(async.o): In function `async_start_func':
async.c:(.text+0x36f): undefined reference to `pthread_getspecific'
async.c:(.text+0x39e): undefined reference to `pthread_getspecific'
/usr/local/openssl/lib/libcrypto.a(async.o): In function `ASYNC_start_job':
async.c:(.text+0x404): undefined reference to `pthread_getspecific'
async.c:(.text+0x41e): undefined reference to `pthread_getspecific'
async.c:(.text+0x433): undefined reference to `pthread_getspecific'
/usr/local/openssl/lib/libcrypto.a(async.o):async.c:(.text+0x44c): more undefined references to `pthread_getspecific' follow
/usr/local/openssl/lib/libcrypto.a(async.o): In function `ASYNC_start_job':
async.c:(.text+0x7ef): undefined reference to `pthread_setspecific'
async.c:(.text+0x811): undefined reference to `pthread_getspecific'
async.c:(.text+0x82d): undefined reference to `pthread_getspecific'
async.c:(.text+0x83f): undefined reference to `pthread_getspecific'
async.c:(.text+0x870): undefined reference to `pthread_getspecific'
async.c:(.text+0x891): undefined reference to `pthread_getspecific'
/usr/local/openssl/lib/libcrypto.a(async.o):async.c:(.text+0x8a6): more undefined references to `pthread_getspecific' follow
/usr/local/openssl/lib/libcrypto.a(async_posix.o): In function `async_global_init':
async_posix.c:(.text+0xc): undefined reference to `pthread_key_create'
async_posix.c:(.text+0x1e): undefined reference to `pthread_key_create'
/usr/local/openssl/lib/libcrypto.a(async_posix.o): In function `async_local_init':
async_posix.c:(.text+0x3d): undefined reference to `pthread_setspecific'
async_posix.c:(.text+0x50): undefined reference to `pthread_setspecific'
/usr/local/openssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_globallookup':
dso_dlfcn.c:(.text+0x21): undefined reference to `dlopen'
dso_dlfcn.c:(.text+0x34): undefined reference to `dlsym'
dso_dlfcn.c:(.text+0x3f): undefined reference to `dlclose'
/usr/local/openssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_bind_func':
dso_dlfcn.c:(.text+0x354): undefined reference to `dlsym'
dso_dlfcn.c:(.text+0x3fb): undefined reference to `dlerror'
/usr/local/openssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_bind_var':
dso_dlfcn.c:(.text+0x474): undefined reference to `dlsym'
dso_dlfcn.c:(.text+0x52e): undefined reference to `dlerror'
/usr/local/openssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_load':
dso_dlfcn.c:(.text+0x5a4): undefined reference to `dlopen'
dso_dlfcn.c:(.text+0x60b): undefined reference to `dlclose'
dso_dlfcn.c:(.text+0x638): undefined reference to `dlerror'
/usr/local/openssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_pathbyaddr':
dso_dlfcn.c:(.text+0x6ce): undefined reference to `dladdr'
dso_dlfcn.c:(.text+0x731): undefined reference to `dlerror'
/usr/local/openssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_unload':
dso_dlfcn.c:(.text+0x78a): undefined reference to `dlclose'

 

解决方案:

=======================================================================================================

gcc obj/Debug/main.o -L/usr/local/openssl/lib -lssl -lcrypto -ldl -lpthread -o main

原因分析:

在链接这个库的时候一定要注意2个问题:

1.openssl库的版本问题,请直接链到你需要的openssl库路径,比如我的就是/usr/local/openssl/lib,

2.注意-lssl -lcrypto要写在-ldl -lpthread前面,这四个必须要。

相关知识:

-L :此选项是指定链接库的文件夹地址

-l(小写的L):-lssl 即是寻找/usr/local/openssl/lib目录下的 libssl.a 这个库,编译器会自动寻找 libssl.a或者libssl.so

-I(大写的i):指定头文件的文件夹地址

 
來源
http://www.cnblogs.com/Boyona/p/4999339.html

mybeauty 發表在 痞客邦 留言(0) 人氣()

整理virtualBox的上網設定

-------------------------------------------------------------------

 

寫在前面

(1) 這一篇文章是說明VirtualBox內的Ubuntu,設定2張網卡,一張NAT可以透過Host的win 7筆電上大網。

另一張Bridge連到embedded開發板。這是不上大網的,是設定成固定IP

(2) 要注意的事Bridge在VirtualBox裡設定完成之後,要進Ubuntu設定Bridge這張網卡的IP

 

-------------------------------------------------------------------

這一篇是我看過最詳細的說明

VirtualBox能設定4張網卡,連線模式在下面這篇文章寫的很清楚。

http://kanchengzxdfgcv.blogspot.tw/2015/10/oracle-vm-virtualbox.html

 

以下使得Ubuntu可以出大網,也可以和arm的板子對接。

-------------------------------------------------------------------
注意!
/etc/network/interfaces的設定要這樣子寫
NAT那一張不用寫上來
bridge那一張不要設gateway

# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback

auto enp0s3
iface enp0s3 inet static
address 192.168.0.105
netmask 255.255.255.0

 

 

 

 

 

 

 

 

 

 

 

 

 

 

mybeauty 發表在 痞客邦 留言(0) 人氣()