SSL 2way C程序失败,curl_easy_perform()失败:SSL对等证书或SSH远程密钥不正常
我正在尝试使用apache服务器执行双向ssl。在apache服务器配置中,我启用了客户端认证验证。 我创建了自CA,并通过OpenSSL 1.0.2k-fips签署了服务器和客户端证书 这是我的客户端程序,我正在使用curl 7.68,并通过commnad构建exeSSL 2way C程序失败,curl_easy_perform()失败:SSL对等证书或SSH远程密钥不正常,c,ssl,curl,openssl,libcurl,C,Ssl,Curl,Openssl,Libcurl,我正在尝试使用apache服务器执行双向ssl。在apache服务器配置中,我启用了客户端认证验证。 我创建了自CA,并通过OpenSSL 1.0.2k-fips签署了服务器和客户端证书 这是我的客户端程序,我正在使用curl 7.68,并通过commnad构建exe gcc client.c -o client -lcurl for-lcurl 我通过设置我的libcurl二进制文件所在的dir路径 export LD_LIBRARY_PATH=<path of exec dir>
gcc client.c -o client -lcurl
export LD_LIBRARY_PATH=<path of exec dir>
#include <stdio.h>
#include <curl/curl.h>
int main(void)
{
CURL *curl;
CURLcode res;
FILE *headerfile;
const char *pPassphrase = "1234";
static const char *pCertFile = "/scratch/amitcck/ssl/CA/client.crt";
static const char *pCACertFile = "/scratch/amitcck/ssl/CA/ca.cert.pem";
static const char *pHeaderFile = "/scartch/amitcck/curl_libs/dumpit.txt";
const char *pKeyName;
const char *pKeyType;
const char *pEngine;
#ifdef USE_ENGINE
pKeyName = "rsa_test";
pKeyType = "ENG";
pEngine = "chil"; /* for nChiper HSM... */
#else
pKeyName = "/scratch/amitcck/ssl/CA/client.key";
pKeyType = "PEM";
pEngine = NULL;
#endif
headerfile = fopen(pHeaderFile, "wb");
curl_global_init(CURL_GLOBAL_DEFAULT);
curl = curl_easy_init();
if(curl) {
/* what call to write: */
curl_easy_setopt(curl, CURLOPT_URL, "https://localhost:8051/");
curl_easy_setopt(curl, CURLOPT_HEADERDATA, headerfile);
do { /* dummy loop, just to break out from */
if(pEngine) {
/* use crypto engine */
if(curl_easy_setopt(curl, CURLOPT_SSLENGINE, pEngine) != CURLE_OK) {
/* load the crypto engine */
fprintf(stderr, "can't set crypto engine \n");
break;
}
if(curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT, 1L) != CURLE_OK) {
/* set the crypto engine as default */
/* only needed for the first time you load
a engine in a curl object... */
fprintf(stderr, "can't set crypto engine as default \n");
break;
}
}
/* cert is stored PEM coded in file... */
/* since PEM is default, we needn't set it for PEM */
if(curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM")!=CURLE_OK){
fprintf(stderr, "PEM wrong \n");
}
/* set the cert for client authentication */
if(curl_easy_setopt(curl, CURLOPT_SSLCERT, pCertFile)!=CURLE_OK)
{
fprintf(stderr, "CRT wrong \n");
}
/* sorry, for engine we must set the passphrase
(if the key has one...) */
if(pPassphrase)
if(curl_easy_setopt(curl, CURLOPT_KEYPASSWD, pPassphrase)!=CURLE_OK){
fprintf(stderr, "passphrase WRONG \n");
}
/* if we use a key stored in a crypto engine,
we must set the key type to "ENG" */
if(curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, pKeyType)!=CURLE_OK){
fprintf(stderr, "Type WRONG\n");
}
/* set the private key (file or ID in engine) */
if(curl_easy_setopt(curl, CURLOPT_SSLKEY, pKeyName)!=CURLE_OK){
fprintf(stderr, "SSL key wrong\n");
}
/* set the file with the certs vaildating the server */
if(curl_easy_setopt(curl, CURLOPT_CAINFO, pCACertFile)!=CURLE_OK){
fprintf(stderr, "Fine\n");
}
/* disconnect if we can't validate server's cert */
if(curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L)!=CURLE_OK){
fprintf(stderr, "Not Connected \n");
}
/* Perform the request, res will get the return code */
res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
/* we are done... */
} while(0);
/* always cleanup */
curl_easy_cleanup(curl);
}
curl_global_cleanup();
return 0;
}
curl_easy_perform() failed: SSL peer certificate or SSH remote key was not OK