在WinHTTP中使用SSL

在WinHTTP中使用SSL

Microsoft Windows HTTP Services (WinHTTP) supports Secure Sockets Layer (SSL) transactions including client certificates. This topic explains concepts involved in an SSL transaction and how they are handled using WinHTTP.

WinHTTP支持包含客户证书的SSL交互。本主题将讲解SSL交互概念及WinHTTP如何使用它。

Secure Sockets Layer(安全套接字层)

SSL is an established standard for ensuring secure HTTP transactions. SSL provides a mechanism to perform up to 128-bit encryption on all transactions between the client and server. It enables the client to verify that the server belongs to a trusted entity through the use of server certificates. It also enables the server to confirm the identity of the client with client certificates.

SSL是个已建立的标准安全HTTP交互过程。SSL可以为客户端与服务器之间所有的通信提供128bit加密。它可以让用户通过验证服务器的证书来验证其可信性。同理服务器也可以验证客户的证书是否合法。

Each of these issues—encryption, server identity, and client identity—are negotiated in the SSL handshake that occurs when a client first requests a resource from a Secure Hypertext Transfer Protocol (HTTPS) server. Essentially, the client and server each present a list of required and preferred settings. If a common set of requirements can be agreed upon and met, an SSL connection is established.

上述每个问题-加密,服务器验证和客户端验证-将会在客户端向服务器发出HTTPS请求时通过握手过程完成。实质上,客户端和服务器端每方都保存有一个列表和一些可选的设置。如果达到通用设置要求,那么SSL连接就可以被建立。

WinHTTP provides a high level interface for using SSL. While the details of the SSL handshake and transaction are handled internally, WinHTTP enables you to retrieve encryption levels, specify the security protocol, and interact with server and client certificates. The following sections provide details on creating WinHTTP based applications that elect an SSL protocol version, examine server certificates, and select client certificates to send to HTTPS servers.

WinHTTP为使用SSL提供了高层接口。这样SSL握手交换在内部得以处理。WinHTTP使你获取加密等级,设置加密协议,操作服务器和客户端证书。下面章节讲述了基于WinHTTP如何创建SSL协议,测试服务器证书,选择客户端证书发送到HTTPS服务器。

Server Certificates

服务器证书

Server certificates are sent from the server to the client so that the client can obtain a public key for the server and ensure that the server has been verified by a certification authority. Certificates can contain different types of data. For example, an X.509 certificate includes the format of the certificate, the serial number of the certificate, the algorithm used to sign the certificate, the name of the certification authority (CA) that issued the certificate, the name and public key of the entity that requests the certificate, and the CA's signature.

从服务器发送给客户的证书称为服务器证书,这样客户就可获取一个服务器的公钥,以此确保服务器可以通过证书验证。证书可以包含不同信息。例如一个X.509证书包含证书类型、证书序列号、证书签名算法,证书颁发机构名称,证书的名字和公钥需要证书和证书签名。

When using the WinHTTP  application programming interface (API), you can retrieve a server certificate by calling WinHttpQueryOption and specifying the WINHTTP_OPTION_SECURITY_CERTIFICATE_STRUCT flag. The server certificate is returned in a WINHTTP_CERTIFICATE_INFO structure. If you prefer to retrieve the certificate context, specify the WINHTTP_OPTION_SERVER_CERT_CONTEXT flag instead.

当使用WinHTTP API时,你可以通过调用WinHttpQueryOption(使用WINHTTP_OPTION_SECURITY_CERTIFICATE_STRUCT标识)获取服务器证书。服务器证书以一个WINHTTP_CERTIFICATE_INFO结构体返回。如果你想获得证书内容,使用WINHTTP_OPTION_SERVER_CERT_CONTEXT标识。

If a server certificate contains errors, details about the error can be obtained in the status callback function. The WINHTTP_CALLBACK_STATUS_SECURE_FAILURE notification indicates an error with a server certificate. The lpvStatusInformation parameter contains one or more detailed error flags. See WINHTTP_STATUS_CALLBACK for more information.

如果服务器证书包含错误,可以通过状态回调函数获取。WINHTTP_CALLBACK_STATUS_SECURE_FAILURE通知表明有服务器证书错误发生。lpvStatusInformation参数包含一个或多个错误细节。查看

  • 1
    点赞
  • 13
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
以下是使用winhttp库在QT下使用https SSL post数据的示例代码: ```cpp #include <Windows.h> #include <Winhttp.h> #pragma comment(lib, "Winhttp.lib") void postData() { HINTERNET hSession = NULL; HINTERNET hConnect = NULL; HINTERNET hRequest = NULL; DWORD dwSize = 0; DWORD dwDownloaded = 0; LPSTR pszOutBuffer; BOOL bResults = FALSE; // Initialize WinHTTP session hSession = WinHttpOpen(L"WinHTTP Example/1.0", WINHTTP_ACCESS_TYPE_DEFAULT_PROXY, WINHTTP_NO_PROXY_NAME, WINHTTP_NO_PROXY_BYPASS, 0); if (!hSession) { qDebug() << "WinHttpOpen failed!" << GetLastError(); goto cleanup; } // Specify an HTTPS server hConnect = WinHttpConnect(hSession, L"www.example.com", INTERNET_DEFAULT_HTTPS_PORT, 0); if (!hConnect) { qDebug() << "WinHttpConnect failed!" << GetLastError(); goto cleanup; } // Create an HTTPS request hRequest = WinHttpOpenRequest(hConnect, L"POST", L"/post", NULL, WINHTTP_NO_REFERER, WINHTTP_DEFAULT_ACCEPT_TYPES, WINHTTP_FLAG_SECURE); if (!hRequest) { qDebug() << "WinHttpOpenRequest failed!" << GetLastError(); goto cleanup; } // Set request headers LPCWSTR pszHeaders = L"Content-Type: application/x-www-form-urlencoded\r\n"; bResults = WinHttpAddRequestHeaders(hRequest, pszHeaders, (DWORD)-1L, WINHTTP_ADDREQ_FLAG_ADD); if (!bResults) { qDebug() << "WinHttpAddRequestHeaders failed!" << GetLastError(); goto cleanup; } // Send the POST request LPCWSTR pszData = L"key1=value1&key2=value2"; bResults = WinHttpSendRequest(hRequest, WINHTTP_NO_ADDITIONAL_HEADERS, 0, (LPVOID)pszData, wcslen(pszData), wcslen(pszData), 0); if (!bResults) { qDebug() << "WinHttpSendRequest failed!" << GetLastError(); goto cleanup; } // Receive response from the server bResults = WinHttpReceiveResponse(hRequest, NULL); if (!bResults) { qDebug() << "WinHttpReceiveResponse failed!" << GetLastError(); goto cleanup; } // Read the server's response do { // Check for available data dwSize = 0; if (!WinHttpQueryDataAvailable(hRequest, &dwSize)) { qDebug() << "WinHttpQueryDataAvailable failed!" << GetLastError(); goto cleanup; } // Allocate space for the buffer pszOutBuffer = new char[dwSize + 1]; if (!pszOutBuffer) { qDebug() << "Out of memory!"; goto cleanup; } // Read the data ZeroMemory(pszOutBuffer, dwSize + 1); if (!WinHttpReadData(hRequest, (LPVOID)pszOutBuffer, dwSize, &dwDownloaded)) { qDebug() << "WinHttpReadData failed!" << GetLastError(); goto cleanup; } // Print the response to the console qDebug() << QString::fromLocal8Bit(pszOutBuffer); // Free the memory allocated to the buffer delete[] pszOutBuffer; } while (dwSize > 0); cleanup: // Close any open handles if (hRequest) WinHttpCloseHandle(hRequest); if (hConnect) WinHttpCloseHandle(hConnect); if (hSession) WinHttpCloseHandle(hSession); } ``` 以上代码,我们首先使用WinHttpOpen函数创建一个WinHTTP会话,然后使用WinHttpConnect函数连接到指定的HTTPS服务器。接着,我们使用WinHttpOpenRequest函数创建一个HTTPS请求,并使用WinHttpAddRequestHeaders函数设置请求头。然后,我们使用WinHttpSendRequest函数发送POST请求,并使用WinHttpReceiveResponse函数接收服务器的响应。最后,我们使用WinHttpQueryDataAvailable函数查询是否有可用的数据,使用WinHttpReadData函数读取服务器的响应,并使用qDebug打印到控制台上。注意,我们使用了QString::fromLocal8Bit函数将服务器的响应从char *转换为QString。最后,我们使用WinHttpCloseHandle函数关闭所有打开的句柄。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值