2
A
回答
1
在我的另一个答案中,您可以看到一个简单的SSL客户端。
在此代码中,您将快速注意到verify_certificate
,您可以使用该代码(另外)验证服务器证书。
旁注
请注意,我不知道哪个库背后的短耳SSL实现的iOS,但请记住验证(甚至是钉)theserver证书可能相当无用的。它只会验证证书的真实性介绍的。在yesterday's security debacle光我不认为这可以帮助很多,因为除非properly patched服务器才能提出有效的证书,但仍使用无关的密钥 - 这仍然允许MITM场景
万一注意到这个你的问题在某种程度上与此相关的situration
从A: HTTPS POST request with boost asio
#define DEMO_USING_SSL
#define BOOST_ASIO_ENABLE_HANDLER_TRACKING
#include <iostream>
#include <iomanip>
#include <boost/bind.hpp>
#include <boost/asio.hpp>
#include <boost/asio/ssl.hpp>
class client
{
public:
client(boost::asio::io_service& io_service,
boost::asio::ssl::context& context,
boost::asio::ip::tcp::resolver::iterator endpoint_iterator)
: socket_(io_service
#ifdef DEMO_USING_SSL
, context)
{
socket_.set_verify_mode(boost::asio::ssl::verify_peer);
socket_.set_verify_callback(
boost::bind(&client::verify_certificate, this, _1, _2));
#else
)
{
(void) context;
#endif
boost::asio::async_connect(socket_.lowest_layer(), endpoint_iterator,
boost::bind(&client::handle_connect, this,
boost::asio::placeholders::error));
}
bool verify_certificate(bool preverified,
boost::asio::ssl::verify_context& ctx)
{
// The verify callback can be used to check whether the certificate that is
// being presented is valid for the peer. For example, RFC 2818 describes
// the steps involved in doing this for HTTPS. Consult the OpenSSL
// documentation for more details. Note that the callback is called once
// for each certificate in the certificate chain, starting from the root
// certificate authority.
// In this example we will simply print the certificate's subject name.
char subject_name[256];
X509* cert = X509_STORE_CTX_get_current_cert(ctx.native_handle());
X509_NAME_oneline(X509_get_subject_name(cert), subject_name, 256);
std::cout << "Verifying " << subject_name << "\n";
return preverified;
}
void handle_connect(const boost::system::error_code& error)
{
#ifdef DEMO_USING_SSL
if (!error)
{
socket_.async_handshake(boost::asio::ssl::stream_base::client,
boost::bind(&client::handle_handshake, this,
boost::asio::placeholders::error));
}
else
{
std::cout << "Connect failed: " << error.message() << "\n";
}
#else
handle_handshake(error);
#endif
}
void handle_handshake(const boost::system::error_code& error)
{
if (!error)
{
std::cout << "Enter message: ";
static char const raw[] = "POST/HTTP/1.1\r\nHost: www.example.com\r\nConnection: close\r\n\r\n";
static_assert(sizeof(raw)<=sizeof(request_), "too large");
size_t request_length = strlen(raw);
std::copy(raw, raw+request_length, request_);
{
// used this for debugging:
std::ostream hexos(std::cout.rdbuf());
for(auto it = raw; it != raw+request_length; ++it)
hexos << std::hex << std::setw(2) << std::setfill('0') << std::showbase << ((short unsigned) *it) << " ";
std::cout << "\n";
}
boost::asio::async_write(socket_,
boost::asio::buffer(request_, request_length),
boost::bind(&client::handle_write, this,
boost::asio::placeholders::error,
boost::asio::placeholders::bytes_transferred));
}
else
{
std::cout << "Handshake failed: " << error.message() << "\n";
}
}
void handle_write(const boost::system::error_code& error,
size_t /*bytes_transferred*/)
{
if (!error)
{
std::cout << "starting read loop\n";
boost::asio::async_read_until(socket_,
//boost::asio::buffer(reply_, sizeof(reply_)),
reply_, '\n',
boost::bind(&client::handle_read, this,
boost::asio::placeholders::error,
boost::asio::placeholders::bytes_transferred));
}
else
{
std::cout << "Write failed: " << error.message() << "\n";
}
}
void handle_read(const boost::system::error_code& error, size_t /*bytes_transferred*/)
{
if (!error)
{
std::cout << "Reply: " << &reply_ << "\n";
}
else
{
std::cout << "Read failed: " << error.message() << "\n";
}
}
private:
#ifdef DEMO_USING_SSL
boost::asio::ssl::stream<boost::asio::ip::tcp::socket> socket_;
#else
boost::asio::ip::tcp::socket socket_;
#endif
char request_[1024];
boost::asio::streambuf reply_;
};
int main(int argc, char* argv[])
{
try
{
if (argc != 3)
{
std::cerr << "Usage: client <host> <port>\n";
return 1;
}
boost::asio::io_service io_service;
boost::asio::ip::tcp::resolver resolver(io_service);
boost::asio::ip::tcp::resolver::query query(argv[1], argv[2]);
boost::asio::ip::tcp::resolver::iterator iterator = resolver.resolve(query);
boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23);
ctx.set_default_verify_paths();
client c(io_service, ctx, iterator);
io_service.run();
}
catch (std::exception& e)
{
std::cerr << "Exception: " << e.what() << "\n";
}
return 0;
}
相关问题
- 1. 加速ASIO和SSL及错误代码
- 2. 加速ASIO async_read(ASYNC_WRITE)包装
- 3. SSL证书认证
- 4. 加速异常,并加速处理ASIO
- 5. golang SSL认证
- 6. 如何知道一个SSL套接字的加速ASIO状态
- 7. SSL在iOS上固定签名证书
- 8. WCF认证的SSL证书
- 9. 加速ASIO错误10054
- 10. 在网站的SSL认证
- 11. HAProxy和SSL认证
- 12. SSL认证验证失败
- 13. 验证SSL认证Java/Android
- 14. 的Python/SSL认证
- 15. 加速在Windows ASIO插座不能async_connect
- 16. boost :: asio :: ssl :: context :: add_verify_path
- 17. 多域SSL认证 - 500域
- 18. 需要iOS应用程序中的默认SSL证书验证
- 19. 认证在iOS中
- 20. Facebook的SSL认证错误
- 21. boost :: asio :: ssl :: context :: context(boost :: asio :: ssl :: context_base :: method)undefined符号
- 22. wcf认证kerberos没有ssl
- 23. SSL iOS上
- 24. curl SSL认证错误
- 25. 如何使用boost :: asio SSL验证客户端证书?
- 26. 没有SSL的API认证
- 27. SSL认证有效性
- 28. logstach http_poller ssl认证问题
- 29. Android和外部证书的SSL认证
- 30. 通过SSL的webservice认证