【问题标题】:lib cCURL with https throws error带有 https 的 lib cCURL 引发错误
【发布时间】:2012-09-04 16:18:30
【问题描述】:

我编写了 C curl 应用程序代码来测试我的服务器 TLS 连接,使用我自己的证书和自己的服务器设置与 AES-ECC-CCM 芯片套件。但我在客户端收到错误,因为 curl 无法加载给定的芯片套件。因此在这里我放了我的代码..我是否遵循正确的方法在客户端选择芯片套件..?并且代码是正确的..?

CURL *curl;
CURLcode res;
FILE *headerfile;
const char *pPassphrase = NULL;

static const char *pCertFile = "/root/rev/mysert.der";
static const char *pCACertFile="/root/rev/cacert.der";

const char *pKeyName;
const char *pKeyType;

const char *pEngine;


pKeyName  = "/root/rev/testkey.der";
pKeyType  = "DER";



headerfile = fopen("dumpit", "w");

curl_global_init(CURL_GLOBAL_DEFAULT);

curl = curl_easy_init();
if(curl) {
 /* what call to write: */ 
curl_easy_setopt(curl, CURLOPT_URL, "https://192.168.1.121/test");
curl_easy_setopt(curl, CURLOPT_WRITEHEADER, headerfile);

while(1)                    /* do some ugly short cut... */ 
{

   /*SET THE CIPHER TO ECC-CCM */
   **curl_easy_setopt(curl,CURLOPT_SSL_CIPHER_LIST,"TLS_ECDHE_ECDSA_WITH_AES_128_CCM");**
  curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"DER");

  /* set the cert for client authentication */ 
  curl_easy_setopt(curl,CURLOPT_SSLCERT,pCertFile);

  /* sorry, for engine we must set the passphrase
     (if the key has one...) */ 
  if (pPassphrase)
    curl_easy_setopt(curl,CURLOPT_KEYPASSWD,pPassphrase);

  /* if we use a key stored in a crypto engine,
     we must set the key type to "ENG" */ 
  curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE,pKeyType);

  /* set the private key (file or ID in engine) */ 
  curl_easy_setopt(curl,CURLOPT_SSLKEY,pKeyName);

  /* set the file with the certs vaildating the server */ 
  curl_easy_setopt(curl,CURLOPT_CAINFO,pCACertFile);

  /* disconnect if we can't validate server's cert */ 
  curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,1L);

  /* Perform the request, res will get the return code */ 
  res = curl_easy_perform(curl);
  /* Check for errors */ 
  if(res != CURLE_OK)
    fprintf(stderr, "curl_easy_perform() failed: %s\n",
            curl_easy_strerror(res));

    break;                   /* we are done... */ 
  }
  /* always cleanup */ 
  curl_easy_cleanup(curl);
 }

 curl_global_cleanup();

【问题讨论】:

    标签: curl https libcurl


    【解决方案1】:

    您的 CURL 版本是用 OpenSSL 构建的吗?如果是这样,请参阅this OpenSSL mail thread - 只要没有官方密码套件编号,OpenSSL 仍然无法支持 TLS_ECDHE_ECDSA_WITH_AES_128_CCM。

    【讨论】:

      猜你喜欢
      • 2012-09-09
      • 1970-01-01
      • 2019-04-19
      • 2017-02-27
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多