我编写了C curl应用程序代码,使用我自己的证书和使用AES-ECC-CCM chiper套件的自己的服务器设置来测试我的服务器TLS连接。但是我在客户端遇到错误,因为curl无法加载给定的chiper套件。因此,我把我的代码...我按照正确的方式在客户端选择chiper套件..?并且代码是正确的。?
CURL *curl;
CURLcode res;
FILE *headerfile;
const char *pPassphrase = NULL;
static const char *pCertFile = "/root/rev/mysert.der";
static const char *pCACertFile="/root/rev/cacert.der";
const char *pKeyName;
const char *pKeyType;
const char *pEngine;
pKeyName = "/root/rev/testkey.der";
pKeyType = "DER";
headerfile = fopen("dumpit", "w");
curl_global_init(CURL_GLOBAL_DEFAULT);
curl = curl_easy_init();
if(curl) {
/* what call to write: */
curl_easy_setopt(curl, CURLOPT_URL, "https://192.168.1.121/test");
curl_easy_setopt(curl, CURLOPT_WRITEHEADER, headerfile);
while(1) /* do some ugly short cut... */
{
/*SET THE CIPHER TO ECC-CCM */
**curl_easy_setopt(curl,CURLOPT_SSL_CIPHER_LIST,"TLS_ECDHE_ECDSA_WITH_AES_128_CCM");**
curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"DER");
/* set the cert for client authentication */
curl_easy_setopt(curl,CURLOPT_SSLCERT,pCertFile);
/* sorry, for engine we must set the passphrase
(if the key has one...) */
if (pPassphrase)
curl_easy_setopt(curl,CURLOPT_KEYPASSWD,pPassphrase);
/* if we use a key stored in a crypto engine,
we must set the key type to "ENG" */
curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE,pKeyType);
/* set the private key (file or ID in engine) */
curl_easy_setopt(curl,CURLOPT_SSLKEY,pKeyName);
/* set the file with the certs vaildating the server */
curl_easy_setopt(curl,CURLOPT_CAINFO,pCACertFile);
/* disconnect if we can't validate server's cert */
curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,1L);
/* Perform the request, res will get the return code */
res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
break; /* we are done... */
}
/* always cleanup */
curl_easy_cleanup(curl);
}
curl_global_cleanup();
答案 0 :(得分:0)
您的CURL版本是否使用OpenSSL构建?如果是,请参阅this OpenSSL mail thread - 只要没有正式的密码套件号,OpenSSL仍然不能支持TLS_ECDHE_ECDSA_WITH_AES_128_CCM。