【发布时间】:2021-09-27 13:02:29
【问题描述】:
我正在使用 C 语言中的 OpenSSL API 创建一个 Web 服务器,一切正常,我可以通过浏览器访问我的网站,但是当我在 Discord 上共享链接时,我收到了以下错误消息:
1568:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:ssl\record\rec_layer_s3.c:1544:SSL alert number 48
我想要的是 Discord 集成显示链接的预览,如下所示:Discord integration example
这就是我所做的:
#define CA_CERT_FILE "cacert.pem"
#define SERVER_CERT_FILE "cert.pem"
#define SERVER_KEY_FILE "key.pem"
SSL_CTX *create_context() {
SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method());
if(!ctx) {
wprintf(L"Unable to create SSL context");
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); //Tested with a callback function that return 1, still not work
SSL_CTX_set_verify_depth(ctx, 4);
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION);
SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CA_CERT_FILE));
if(!SSL_CTX_load_verify_locations(ctx, CA_CERT_FILE, NULL)) {
printf("SSL_CTX_load_verify_locations error!\n");
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}
if(SSL_CTX_use_certificate_file(ctx, SERVER_CERT_FILE, SSL_FILETYPE_PEM) <= 0) {
printf("SSL_CTX_use_certificate_file error!\n");
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}
if(SSL_CTX_use_PrivateKey_file(ctx, SERVER_KEY_FILE, SSL_FILETYPE_PEM) <= 0) {
printf("SSL_CTX_use_PrivateKey_file error!\n");
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}
if(!SSL_CTX_check_private_key(ctx)) {
printf("SSL_CTX_check_private_key error!\n");
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}
return ctx;
}
【问题讨论】: