libcurl的证书钢钉工作的iPhone,但不是在Android [英] Libcurl Certificate Pinning working on iPhone but not on Android
问题描述
这是我的C ++ code,我使用的OBJ-C和Java项目。
字符串readBuffer;
串certificateBeingUsed;
卷曲*卷曲= curl_easy_init();
curl_easy_setopt(卷曲,CURLOPT_CUSTOMREQUEST,POST);
curl_easy_setopt(卷曲,CURLOPT_URL,https://开头API服务器);
curl_easy_setopt(卷曲,CURLOPT_WRITEFUNCTION,WriteCallback);
curl_easy_setopt(卷曲,CURLOPT_WRITEDATA,&安培; readBuffer);
curl_easy_setopt(卷曲,CURLOPT_CONNECTTIMEOUT,120);
curl_easy_setopt(卷曲,CURLOPT_ENCODING,GZIP);curl_easy_setopt(卷曲,CURLOPT_SSL_VERIFYPEER,真正的);
curl_easy_setopt(卷曲,CURLOPT_SSL_VERIFYHOST,2);
curl_easy_setopt(卷曲,CURLOPT_CAINFO,certificateBeingUsed);卷曲code资源;
RES = curl_easy_perform(卷曲);
----------------------------------------------- ---------------------
在X code,我有我的ceritificatecertificatePinning.der存储在资源/证书文件夹。
要使用code以上,我设置certificateBeingUsed我的证书路径:
certificateBeingUsed = \"/Users/graceo/Library/Developer/CoreSimulator/Devices/1BB154CB-276B-4DDC-86C8-4975213D7E3B/data/Containers/Bundle/Application/4819EC2A-CA18-46BF-815F-445B5E3E519F/TestStoryBoardWithLibraryAndSwift.app/certificatePinning.der\"
和 RES 返回成功与 readBuffer 包含从服务器发送的响应。
----------------------------------------------- ---------------------
在Android的工作室,我有我的ceritificatecertificatePinning.der存储资产的文件夹。 (我把它复制到数据文件夹中使用它之前)
要使用code以上,我设置certificateBeingUsed我的证书路径:
certificateBeingUsed =/data/data/packageName/certificatePinning.der
但 RES 收益 CURLE_SSL_CACERT_BADFILE(77)和 readBuffer 为空
----------------------------------------------- ---------------------
这是什么,我很想念在Android版无法验证存储与服务器的??
证书注:
- 我支持SSL libcurl中。
- 在Android的,如果我将它设置为证书 cacert.pem 它将返回成功,但我想使用我的证书来代替。
这可能是编码的问题,尝试转换您的.der文件使用此为.pem格式为:
OpenSSL的X509 -in cert.crt -inform德-outform PEM退房手续cert.pem
This is my C++ code that I am using in Obj-C and JAVA projects.
string readBuffer;
string certificateBeingUsed;
CURL *curl = curl_easy_init();
curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(curl, CURLOPT_URL, "https://apiServer");
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, WriteCallback);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &readBuffer);
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 120);
curl_easy_setopt(curl, CURLOPT_ENCODING, GZIP);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER , true);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST , 2);
curl_easy_setopt(curl, CURLOPT_CAINFO,certificateBeingUsed);
CURLcode res;
res = curl_easy_perform(curl);
--------------------------------------------------------------------
In Xcode, I have my ceritificate "certificatePinning.der" stored in Resources/Certificates folder.
To use the code above, I set certificateBeingUsed to my certificate path:
certificateBeingUsed = "/Users/graceo/Library/Developer/CoreSimulator/Devices/1BB154CB-276B-4DDC-86C8-4975213D7E3B/data/Containers/Bundle/Application/4819EC2A-CA18-46BF-815F-445B5E3E519F/TestStoryBoardWithLibraryAndSwift.app/certificatePinning.der"
and res returns success with readBuffer containing the response sent from the server.
--------------------------------------------------------------------
In Android Studio, I have my ceritificate "certificatePinning.der" stored in assets folder. (I copy it to the data folder before using it)
To use the code above, I set certificateBeingUsed to my certificate path:
certificateBeingUsed = "/data/data/packageName/certificatePinning.der"
but res returns CURLE_SSL_CACERT_BADFILE (77) and readBuffer is empty
--------------------------------------------------------------------
What is it that I am missing in Android that could not validate the certificate stored with the server's ??
NB:
- I have SSL supported in libCurl.
- In android if I set it to the certificate cacert.pem it will return success, but I want to use my certificate instead.
This may be a problem with encoding, try to convert your .der file to .pem format using this:
openssl x509 -in cert.crt -inform der -outform pem -out cert.pem
这篇关于libcurl的证书钢钉工作的iPhone,但不是在Android的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
