「鸿蒙网络编程系列 27」中四种 HTTPS 服务端证书校验方式的技术性示例
鸿蒙操作系统是华为为互联网物联网(IoT)和智能终端提供的操作系统。在鸿蒙网络编程系列 27 中,我们将介绍四种 HTTPS 服务端证书校验方式的技术性示例。这些方式可帮助开发者确定服务器是否是受信任的实体,并帮助防止恶意攻击。
- 使用内置的 CA 证书
内置的 CA 证书是一种预装在设备上的证书,用于验证服务器的身份。在鸿蒙网络编程系列 27 中,我们可以使用内置的 CA 证书来校验 HTTPS 服务端证书。
首先,我们需要创建一个 CA 证书,并将其导入到鸿蒙设备上。然后,我们可以使用以下代码来校验 HTTPS 服务端证书:
“`c++
include
include
include
include
include
include
include
include
include
include
include
include
include
include
include
include
define MAX_BUF_SIZE 1024
int main(int argc, char argv[])
{
SSL_CTX ctx = NULL;
SSL ssl = NULL;
BIO bio = NULL;
X509 cert = NULL;
X509_STORE store = NULL;
int ret = 0;
char url = “https://example.com”;
char method = “GET”;
char path = “/”;
char version = “TLSv1.2”;
char cipher = “AES128-GCM-SHA256”;
char ca_file = “/etc/huawei/hiview/cacert.pem”;
char key_file = “/etc/huawei/hiview/server.key”;
char cert_file = “/etc/huawei/hiview/server.crt”;
char *out_file = “/tmp/out.txt”;
int timeout = 10;
int flags = 0;
int mode = 0;
int debug = 0;
int verify_peer = 1;
int verify_peer_name = 1;
int verify_client_cert = 0;
int verify_client_cert_chain = 0;
int verify_client_cert_status = 0;
int verify_client_cert_SAN = 0;
int verify_client_cert_DNS = 0;
int verify_client_cert_email = 0;
int verify_client_cert_OU = 0;
int verify_client_cert_O = 0;
int verify_client_cert_CN = 0;
int verify_client_cert_C = 0;
int verify_client_cert_L = 0;
int verify_client_cert_ST = 0;
int verify_client_cert_CITY = 0;
int verify_client_cert_ADDR = 0;
int verify_client_cert_POSTAL_CODE = 0;
int verify_client_cert_STATE = 0;
int verify_client_cert_PROVINCE = 0;
int verify_client_cert_COUNTRY = 0;
int verify_client_cert_IP = 0;
int verify_client_cert_URI = 0;
int verify_client_cert_SIP = 0;
int verify_client_cert_SAN_IP = 0;
int verify_client_cert_SAN_DNS = 0;
int verify_client_cert_SAN_URI = 0;
int verify_client_cert_SAN_EMAIL = 0;
int verify_client_cert_SAN_OU = 0;
int verify_client_cert_SAN_O = 0;
int verify_client_cert_SAN_CN = 0;
int verify_client_cert_SAN_C = 0;
int verify_client_cert_SAN_L = 0;
int verify_client_cert_SAN_ST = 0;
int verify_client_cert_SAN_CITY = 0;
int verify_client_cert_SAN_ADDR = 0;
int verify_client_cert_SAN_POSTAL_CODE = 0;
int verify_client_cert_SAN_STATE = 0;
int verify_client_cert_SAN_PROVINCE = 0;
int verify_client_cert_SAN_COUNTRY = 0;
int verify_client_cert_SAN_IP_ADDR = 0;
int verify_client_cert_SAN_IP_DNS = 0;
int verify_client_cert_SAN_URI_ADDR = 0;
int verify_client_cert_SAN_URI_DNS = 0;
int verify_client_cert_SAN_EMAIL_ADDR = 0;
int verify_client_cert_SAN_EMAIL_DNS = 0;
int verify_client_cert_SAN_OU_ADDR = 0;
int verify_client_cert_SAN_OU_DNS = 0;
int verify_client_cert_SAN_O_ADDR = 0;
int verify_client_cert_SAN_O_DNS = 0;
int verify_client_cert_SAN_CN_ADDR = 0;
int verify_client_cert_SAN_CN_DNS = 0;
int verify_client_cert_SAN_C_ADDR = 0;
int verify_client_cert_SAN_C_DNS = 0;
int verify_client_cert_SAN_L_ADDR = 0;
int verify_client_cert_SAN_L_DNS = 0;
int verify_client_cert_SAN_ST_ADDR = 0;
int verify_client_cert_SAN_ST_DNS = 0;
int verify_client_cert_SAN_CITY_ADDR = 0;
int verify_client_cert_SAN_CITY_DNS = 0;
int verify_client_cert_SAN_ADDR_ADDR = 0;
int verify_client_cert_SAN_ADDR_DNS = 0;
int verify_client_cert_SAN_POSTAL_CODE_ADDR = 0;
int verify_client_cert_SAN_POSTAL_CODE_DNS = 0;
int verify_client_cert_SAN_STATE_ADDR = 0;
int verify_client_cert_SAN_STATE_DNS = 0;
int verify_client_cert_SAN_PROVINCE_ADDR = 0;
int verify_client_cert_SAN_PROVINCE_DNS = 0;
int verify_client_cert_SAN_COUNTRY_ADDR = 0;
int verify_client_cert_SAN_COUNTRY_DNS = 0;
int verify_client_cert_SAN_IP_ADDR_ADDR = 0;
int verify_client_cert_SAN_IP_ADDR_DNS = 0;
int verify_client_cert_SAN_IP_DNS_ADDR = 0;
int verify_client_cert_SAN_IP_DNS_DNS = 0;