2
我已經編寫了C curl應用程序代碼,以使用我自己的證書和自己的帶有AES-ECC-CCM chiper套件的服務器設置來測試我的服務器TLS連接。但是由於curl無法加載給定的chiper套件,我在客戶端得到了錯誤。因此在這裏,我把我的代碼..我按照正確的方式來選擇在客戶端的Chiper套件..?和代碼是正確的..?lib cCURL帶有https拋出錯誤
CURL *curl;
CURLcode res;
FILE *headerfile;
const char *pPassphrase = NULL;
static const char *pCertFile = "/root/rev/mysert.der";
static const char *pCACertFile="/root/rev/cacert.der";
const char *pKeyName;
const char *pKeyType;
const char *pEngine;
pKeyName = "/root/rev/testkey.der";
pKeyType = "DER";
headerfile = fopen("dumpit", "w");
curl_global_init(CURL_GLOBAL_DEFAULT);
curl = curl_easy_init();
if(curl) {
/* what call to write: */
curl_easy_setopt(curl, CURLOPT_URL, "https://192.168.1.121/test");
curl_easy_setopt(curl, CURLOPT_WRITEHEADER, headerfile);
while(1) /* do some ugly short cut... */
{
/*SET THE CIPHER TO ECC-CCM */
**curl_easy_setopt(curl,CURLOPT_SSL_CIPHER_LIST,"TLS_ECDHE_ECDSA_WITH_AES_128_CCM");**
curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"DER");
/* set the cert for client authentication */
curl_easy_setopt(curl,CURLOPT_SSLCERT,pCertFile);
/* sorry, for engine we must set the passphrase
(if the key has one...) */
if (pPassphrase)
curl_easy_setopt(curl,CURLOPT_KEYPASSWD,pPassphrase);
/* if we use a key stored in a crypto engine,
we must set the key type to "ENG" */
curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE,pKeyType);
/* set the private key (file or ID in engine) */
curl_easy_setopt(curl,CURLOPT_SSLKEY,pKeyName);
/* set the file with the certs vaildating the server */
curl_easy_setopt(curl,CURLOPT_CAINFO,pCACertFile);
/* disconnect if we can't validate server's cert */
curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,1L);
/* Perform the request, res will get the return code */
res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
break; /* we are done... */
}
/* always cleanup */
curl_easy_cleanup(curl);
}
curl_global_cleanup();