如果我为 linux 或 windows 10 或更高版本申请,如何强制 OpenSSL 使用我系统的根 CA?
[英]how I can enforce OpenSSL to use my system's root CA if I make my application for linux or for windows 10 or later?
问题描述
I am making the following piece of code:
我正在制作以下代码:
#include <stdio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <shlwapi.h>
#if defined(WIN32) || defined(_WIN32) || defined(__WIN32) && !defined(__CYGWIN__)
#define _WINSOCK_DEPRECATED_NO_WARNINGS
#define _CRT_SECURE_NO_WARNINGS
#include <winsock2.h>
#include <ws2tcpip.h>
#include <shlwapi.h>
// Need to link with Ws2_32.lib, Mswsock.lib, and Advapi32.lib
#pragma comment (lib, "Ws2_32.lib")
//#pragma comment (lib, "Mswsock.lib")
//#pragma comment (lib, "AdvApi32.lib")
#define WIN32_LEAN_AND_MEAN
int verifyCerts( SSL_CTX* ctx )
{
// directory where executable is
char path[MAX_PATH] = "";
memset(path, 0, MAX_PATH);
GetModuleFileName(0, path, MAX_PATH);
PathRemoveFileSpec(path);
sprintf(path,"%s\\%s",path,"certificates");
printf("\nCert path %s\n",path);
sprintf(path,"%s\\%s",path,"certificates");
printf("\nCert path %s\n",path);
int value = SSL_CTX_load_verify_locations(ctx,NULL,path);
}
#else // By default use system's CA root
int verifyCerts( SSL_CTX* ctx )
{
}
#endif
SSL_CTX* InitCTX(void)
{
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
const SSL_METHOD* method = SSLv23_method();
SSL_CTX* ctx = SSL_CTX_new(method);
SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1);
if (ctx == NULL)
{
ERR_print_errors_fp(stderr);
abort();
}
int value = verifyCerts( ctx );
if(value == 0) {
printf("Certificate error\n");
exit(1);
}
SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL);
return ctx;
}
In my case I want to do the following:就我而言,我想做以下事情:
- For windows XP (legacy application) to provide certificates alongside to my application so I can mame my application as sacure as possible.对于 windows XP(旧版应用程序)在我的应用程序旁边提供证书,以便我可以尽可能安全地制作我的应用程序。
- At any other case (for linux systems or windows 10 or above) I'll use the OS's default CA certs (no hussle to provide my own).在任何其他情况下(对于 linux 系统或 windows 10 或更高版本),我将使用操作系统的默认 CA 证书(无需麻烦提供我自己的证书)。
So how I can ensure that the latter case is applicable as well?那么我如何确保后一种情况也适用呢?
1 个解决方案
解决方案1
0 2022-08-01 07:29:16
At #else section just place the following code:在#else部分只需放置以下代码:
int verifyCerts( SSL_CTX* ctx )
{
const char *path = getenv(X509_get_default_cert_dir_env());
if (!path){
path = X509_get_default_cert_dir();
}
return SSL_CTX_load_verify_locations(ctx,NULL,path);
}
That will allow for linux systems to verify using default certs path.这将允许 linux 系统使用默认证书路径进行验证。 So for wondows XP only we can use custom mingw flags.因此,对于 Wonders XP,我们只能使用自定义 mingw 标志。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
如何让我的应用程序使用Windows主题? - How do I make my application use the Windows theme?
如何转换我的 Windows C 程序以在 Linux 系统上运行? - How can I convert my Windows C program to run on a Linux system?
如何在 Windows10 上获得我的 C 程序运行时间而不是 s? - How can I get my C program running time in ms not s on Windows10?
如何使我的应用程序遵循系统主题? - How do I make my application follow the system theme?
如何在已安装 OpenSSL 的 Linux 中使用 BoringSSL? - How can I use BoringSSL in Linux that already has OpenSSL installed?
我需要 10 个带循环的结果,但我做不到我只能得到 4 个结果我如何修复我的循环 - I need 10 result with loop but I can't make it I can only get 4 result how I can fix my loop
OpenSSL 库:Linux libcrypto 和 libssl 上有 2 个库,windows 上有 13 个以上。 我应该在 windows 上链接什么来编译我的示例? - OpenSSL libs: 2 on Linux libcrypto and libssl and more than 13 on windows. What shall I link on windows to compile my sample?
如何在C应用程序中使用C ++ DLL? - How can I use my C++ DLLs with a C application?
如何在代码中使用Git的malloc包装器? - How can I use Git's malloc wrapper in my code?
如何以编程方式确定驱动器的空间/大小?在LInux和Windows上都有 - How can I determine the space/size of my drive programatically? Both in LInux and on Windows
相关标签