最近一直在测试libcurl使用https服务器单向认证的情况,一直在查找原因和调试。主要出现在下面的问题上:
routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
这个问题的解决思路可以在下面链接中找到:
在server.xml中增加下面的内容:
ciphers="SSL_RSA_WITH_RC4_128_SHA"
If you're running curl 7.35.0 and run into this error in php when trying to connect to a remote host:
35 - error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
it means you need to tell curl to use sslv3 and also use the sslv3 ciphers, ensure you have these curl_setopt settings, eg:
curl_setopt($ch, CURLOPT_SSLVERSION, 3);curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'SSLv3');
下面是libcurl 的测试代码:
#include
#include
#include
#include
static size_t save_response_callback(void *buffer,size_t size,size_t count,void **response)
{
char * ptr = NULL;
printf("buffer is %s\n",(char *)buffer);
ptr =(char *) malloc(count*size + 4);
memcpy(ptr,buffer,count*size);
*response = ptr;
return count;
}
int main(int argc,char *argv[])
{
CURL * curl;
CURLcode res;
char * response = NULL;
if(argc !=2){
printf("Usage:file;\n");
return;
}
//curl_global_init(CURL_GLOBAL_DEFAULT);
curl = curl_easy_init();
if(curl!=NULL){
printf("Usage:file;\n",argv[1]);
curl_easy_setopt(curl,CURLOPT_URL,argv[1]);
curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,&save_response_callback);
curl_easy_setopt(curl,CURLOPT_WRITEDATA,&response);
curl_easy_setopt(curl,CURLOPT_COOKIESESSION,1L);
curl_easy_setopt(curl,CURLOPT_COOKIEFILE,"/dev/null");
curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,1);
//curl_easy_setopt(curl,CURLOPT_CAPATH,"/etc/ssl/cert/");
curl_easy_setopt(curl,CURLOPT_CAINFO,"ca-cert.pem");
curl_easy_setopt(curl,CURLOPT_SSL_VERIFYHOST,1);
curl_easy_setopt(curl,CURLOPT_VERBOSE,1L);
curl_easy_setopt(curl,CURLOPT_TIMEOUT,30);
#if 0
/* 双向验证下面是客户端的CA*/
//curl_easy_setopt(curl,CURLOPT_CAPATH,"./");
curl_easy_setopt(curl,CURLOPT_SSLCERT,"client-cert.pem");
curl_easy_setopt(curl,CURLOPT_SSLCERTPASSWD,"password");
curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"PEM");
curl_easy_setopt(curl,CURLOPT_SSLKEY,"client-key.pem");
curl_easy_setopt(curl,CURLOPT_SSLKEYPASSWD,"password");
curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE,"PEM");
#endif
res = curl_easy_perform(curl);
if(res != CURLE_OK){
printf("curl_wasy_perform error = %s",curl_easy_strerror(res));
}
printf("response\n",response);
curl_easy_cleanup(curl);
}
}参考资料:
SSL证书制作:http://blog.chinaunix.net/uid-7591044-id-1742977.html