我编写了 C curl 应用程序代码来测试我的服务器 TLS 连接,使用我自己的证书和使用 AES-ECC-CCM 芯片套件的自己的服务器设置。但我在客户端收到错误,因为 curl 无法加载给定的芯片套件。因此在这里我放了我的代码..我是否遵循正确的方法在客户端选择芯片套件..?并且代码是正确的..?
CURL *curl;
CURLcode res;
FILE *headerfile;
const char *pPassphrase = NULL;
static const char *pCertFile = "/root/rev/mysert.der";
static const char *pCACertFile="/root/rev/cacert.der";
const char *pKeyName;
const char *pKeyType;
const char *pEngine;
pKeyName = "/root/rev/testkey.der";
pKeyType = "DER";
headerfile = fopen("dumpit", "w");
curl_global_init(CURL_GLOBAL_DEFAULT);
curl = curl_easy_init();
if(curl) {
/* what call to write: */
curl_easy_setopt(curl, CURLOPT_URL, "https://192.168.1.121/test");
curl_easy_setopt(curl, CURLOPT_WRITEHEADER, headerfile);
while(1) /* do some ugly short cut... */
{
/*SET THE CIPHER TO ECC-CCM */
**curl_easy_setopt(curl,CURLOPT_SSL_CIPHER_LIST,"TLS_ECDHE_ECDSA_WITH_AES_128_CCM");**
curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"DER");
/* set the cert for client authentication */
curl_easy_setopt(curl,CURLOPT_SSLCERT,pCertFile);
/* sorry, for engine we must set the passphrase
(if the key has one...) */
if (pPassphrase)
curl_easy_setopt(curl,CURLOPT_KEYPASSWD,pPassphrase);
/* if we use a key stored in a crypto engine,
we must set the key type to "ENG" */
curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE,pKeyType);
/* set the private key (file or ID in engine) */
curl_easy_setopt(curl,CURLOPT_SSLKEY,pKeyName);
/* set the file with the certs vaildating the server */
curl_easy_setopt(curl,CURLOPT_CAINFO,pCACertFile);
/* disconnect if we can't validate server's cert */
curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,1L);
/* Perform the request, res will get the return code */
res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
break; /* we are done... */
}
/* always cleanup */
curl_easy_cleanup(curl);
}
curl_global_cleanup();