「鸿蒙网络编程系列27」中四种HTTPS服务端证书校验方式的技术性示例

鸿蒙操作系统是华为为互联网物联网(IoT)和智能终端提供的操作系统。在鸿蒙网络编程系列27中,我们将介绍四种HTTPS服务端证书校验方式的技术性示例。这些方式可帮助开发者确定服务器是否是受信任的实体,并帮助防止恶意攻击。

  1. 使用内置的CA证书

内置的CA证书是一种预装在设备上的证书,用于验证服务器的身份。在鸿蒙网络编程系列27中,我们可以使用内置的CA证书来校验HTTPS服务端证书。

首先,我们需要创建一个CA证书,并将其导入到鸿蒙设备上。然后,我们可以使用以下代码来校验HTTPS服务端证书:

1
2
3
4
5
6
7



<h1>include <stdio.h></stdio.h></h1><h1>include <stdlib.h></stdlib.h></h1><h1>include <string.h></string.h></h1><h1>include <sys socket.h=""></sys></h1><h1>include <netinet in.h=""></netinet></h1><h1>include <arpa inet.h=""></arpa></h1><h1>include <openssl ssl.h=""></openssl></h1><h1>include <openssl err.h=""></openssl></h1><h1>include <openssl x509.h=""></openssl></h1><h1>include <openssl pem.h=""></openssl></h1><h1>include <openssl bio.h=""></openssl></h1><h1>include <openssl engine.h=""></openssl></h1><h1>include <openssl conf.h=""></openssl></h1><h1>include <openssl ssl_conf.h=""></openssl></h1><h1>include <openssl err.h=""></openssl></h1><h1>include <hiview hiview.h=""></hiview></h1>

# define MAX\_BUF\_SIZE 1024

int main(int argc, char _argv\[\]){ SSL\_CTX _ctx = NULL; SSL _ssl = NULL; BIO _bio = NULL; X509 _cert = NULL; X509\_STORE _store = NULL; int ret = 0; char _url = "https://example.com"; char _method = "GET"; char _path = "/"; char _version = "TLSv1.2"; char _cipher = "AES128-GCM-SHA256"; char _ca\_file = "/etc/huawei/hiview/cacert.pem"; char _key\_file = "/etc/huawei/hiview/server.key"; char _cert\_file = "/etc/huawei/hiview/server.crt"; char \*out\_file = "/tmp/out.txt"; int timeout = 10; int flags = 0; int mode = 0; int debug = 0; int verify\_peer = 1; int verify\_peer\_name = 1; int verify\_client\_cert = 0; int verify\_client\_cert\_chain = 0; int verify\_client\_cert\_status = 0; int verify\_client\_cert\_SAN = 0; int verify\_client\_cert\_DNS = 0; int verify\_client\_cert\_email = 0; int verify\_client\_cert\_OU = 0; int verify\_client\_cert\_O = 0; int verify\_client\_cert\_CN = 0; int verify\_client\_cert\_C = 0; int verify\_client\_cert\_L = 0; int verify\_client\_cert\_ST = 0; int verify\_client\_cert\_CITY = 0; int verify\_client\_cert\_ADDR = 0; int verify\_client\_cert\_POSTAL\_CODE = 0; int verify\_client\_cert\_STATE = 0; int verify\_client\_cert\_PROVINCE = 0; int verify\_client\_cert\_COUNTRY = 0; int verify\_client\_cert\_IP = 0; int verify\_client\_cert\_URI = 0; int verify\_client\_cert\_SIP = 0; int verify\_client\_cert\_SAN\_IP = 0; int verify\_client\_cert\_SAN\_DNS = 0; int verify\_client\_cert\_SAN\_URI = 0; int verify\_client\_cert\_SAN\_EMAIL = 0; int verify\_client\_cert\_SAN\_OU = 0; int verify\_client\_cert\_SAN\_O = 0; int verify\_client\_cert\_SAN\_CN = 0; int verify\_client\_cert\_SAN\_C = 0; int verify\_client\_cert\_SAN\_L = 0; int verify\_client\_cert\_SAN\_ST = 0; int verify\_client\_cert\_SAN\_CITY = 0; int verify\_client\_cert\_SAN\_ADDR = 0; int verify\_client\_cert\_SAN\_POSTAL\_CODE = 0; int verify\_client\_cert\_SAN\_STATE = 0; int verify\_client\_cert\_SAN\_PROVINCE = 0; int verify\_client\_cert\_SAN\_COUNTRY = 0; int verify\_client\_cert\_SAN\_IP\_ADDR = 0; int verify\_client\_cert\_SAN\_IP\_DNS = 0; int verify\_client\_cert\_SAN\_URI\_ADDR = 0; int verify\_client\_cert\_SAN\_URI\_DNS = 0; int verify\_client\_cert\_SAN\_EMAIL\_ADDR = 0; int verify\_client\_cert\_SAN\_EMAIL\_DNS = 0; int verify\_client\_cert\_SAN\_OU\_ADDR = 0; int verify\_client\_cert\_SAN\_OU\_DNS = 0; int verify\_client\_cert\_SAN\_O\_ADDR = 0; int verify\_client\_cert\_SAN\_O\_DNS = 0; int verify\_client\_cert\_SAN\_CN\_ADDR = 0; int verify\_client\_cert\_SAN\_CN\_DNS = 0; int verify\_client\_cert\_SAN\_C\_ADDR = 0; int verify\_client\_cert\_SAN\_C\_DNS = 0; int verify\_client\_cert\_SAN\_L\_ADDR = 0; int verify\_client\_cert\_SAN\_L\_DNS = 0; int verify\_client\_cert\_SAN\_ST\_ADDR = 0; int verify\_client\_cert\_SAN\_ST\_DNS = 0; int verify\_client\_cert\_SAN\_CITY\_ADDR = 0; int verify\_client\_cert\_SAN\_CITY\_DNS = 0; int verify\_client\_cert\_SAN\_ADDR\_ADDR = 0; int verify\_client\_cert\_SAN\_ADDR\_DNS = 0; int verify\_client\_cert\_SAN\_POSTAL\_CODE\_ADDR = 0; int verify\_client\_cert\_SAN\_POSTAL\_CODE\_DNS = 0; int verify\_client\_cert\_SAN\_STATE\_ADDR = 0; int verify\_client\_cert\_SAN\_STATE\_DNS = 0; int verify\_client\_cert\_SAN\_PROVINCE\_ADDR = 0; int verify\_client\_cert\_SAN\_PROVINCE\_DNS = 0; int verify\_client\_cert\_SAN\_COUNTRY\_ADDR = 0; int verify\_client\_cert\_SAN\_COUNTRY\_DNS = 0; int verify\_client\_cert\_SAN\_IP\_ADDR\_ADDR = 0; int verify\_client\_cert\_SAN\_IP\_ADDR\_DNS = 0; int verify\_client\_cert\_SAN\_IP\_DNS\_ADDR = 0; int verify\_client\_cert\_SAN\_IP\_DNS\_DNS = 0;