[英]how I can enforce OpenSSL to use my system's root CA if I make my application for linux or for windows 10 or later?
I am making the following piece of code:我正在制作以下代码:
#include <stdio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <shlwapi.h>
#if defined(WIN32) || defined(_WIN32) || defined(__WIN32) && !defined(__CYGWIN__)
#define _WINSOCK_DEPRECATED_NO_WARNINGS
#define _CRT_SECURE_NO_WARNINGS
#include <winsock2.h>
#include <ws2tcpip.h>
#include <shlwapi.h>
// Need to link with Ws2_32.lib, Mswsock.lib, and Advapi32.lib
#pragma comment (lib, "Ws2_32.lib")
//#pragma comment (lib, "Mswsock.lib")
//#pragma comment (lib, "AdvApi32.lib")
#define WIN32_LEAN_AND_MEAN
int verifyCerts( SSL_CTX* ctx )
{
// directory where executable is
char path[MAX_PATH] = "";
memset(path, 0, MAX_PATH);
GetModuleFileName(0, path, MAX_PATH);
PathRemoveFileSpec(path);
sprintf(path,"%s\\%s",path,"certificates");
printf("\nCert path %s\n",path);
sprintf(path,"%s\\%s",path,"certificates");
printf("\nCert path %s\n",path);
int value = SSL_CTX_load_verify_locations(ctx,NULL,path);
}
#else // By default use system's CA root
int verifyCerts( SSL_CTX* ctx )
{
}
#endif
SSL_CTX* InitCTX(void)
{
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
const SSL_METHOD* method = SSLv23_method();
SSL_CTX* ctx = SSL_CTX_new(method);
SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1);
if (ctx == NULL)
{
ERR_print_errors_fp(stderr);
abort();
}
int value = verifyCerts( ctx );
if(value == 0) {
printf("Certificate error\n");
exit(1);
}
SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL);
return ctx;
}
In my case I want to do the following:就我而言,我想做以下事情:
So how I can ensure that the latter case is applicable as well?那么我如何确保后一种情况也适用呢?
At #else
section just place the following code:在
#else
部分只需放置以下代码:
int verifyCerts( SSL_CTX* ctx )
{
const char *path = getenv(X509_get_default_cert_dir_env());
if (!path){
path = X509_get_default_cert_dir();
}
return SSL_CTX_load_verify_locations(ctx,NULL,path);
}
That will allow for linux systems to verify using default certs path.这将允许 linux 系统使用默认证书路径进行验证。 So for wondows XP only we can use custom mingw flags.
因此,对于 Wonders XP,我们只能使用自定义 mingw 标志。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.