cpp-httplib 测试https功能 cpp-httplib 下载地址编译 exampleg redirect.cc -o redirect -I…/ -lpthread -DCPPHTTPLIB_OPENSSL_SUPPORT -lssl -lcrypto编译如果报错现在oepnssl版本为1.1不想升级openssl。进行下面修改diff--gita/httplib.h b/httplib.h index 5e2bbd0..efea3c8100644--- a/httplib.h b/httplib.h -327,15 327,6 using socket_tint;#include iostream#include sstream-#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)-#if OPENSSL_VERSION_NUMBER 0x1010107f-#error Please use OpenSSL or a current version of BoringSSL-#endif-#define SSL_get1_peer_certificate SSL_get_peer_certificate-#elif OPENSSL_VERSION_NUMBER 0x30000000L-#error Sorry, OpenSSL versions prior to 3.0.0 are not supported-#endif-#endif // CPPHTTPLIB_OPENSSL_SUPPORT#ifdef CPPHTTPLIB_ZLIB_SUPPORT -10274,7 10265,7 inline bool SSLClient::initialize_ssl(Socketsocket, Errorerror){returnfalse;}- auto server_certSSL_get1_peer_certificate(ssl2); auto server_certSSL_get_peer_certificate(ssl2);auto sedetail::scope_exit([]{X509_free(server_cert);});if(server_certnullptr){--- a/example/redirect.cc b/example/redirect.cc -9,6 9,7 #define SERVER_CERT_FILE ./cert.pem#define SERVER_PRIVATE_KEY_FILE ./key.pem#define CPPHTTPLIB_OPENSSL_SUPPORT 1using namespace httplib; -16,6 17,7 int main(void){// HTTP server Server http;#ifdef CPPHTTPLIB_OPENSSL_SUPPORT std::coutsslstd::endl;SSLServer https(SERVER_CERT_FILE, SERVER_PRIVATE_KEY_FILE);#endif -47,7 49,7 int main(void){auto httpThreadstd::thread([](){http.listen(localhost,8080);});#ifdef CPPHTTPLIB_OPENSSL_SUPPORT- auto httpsThreadstd::thread([](){https.listen(localhost,8081);}); auto httpsThreadstd::thread([](){https.listen(0.0.0.0,8081);});#endifhttpThread.join();编译通过制作证书证书文件格式有PEM 和 P12PKCS#12两种核心功能基本一致PEM 是文本 P12是二进制格式。生成私钥 需要输入密码openssl genpkey -algorithm RSA -out key.pem -aes256删除私钥密码openssl rsa -in key.pem -out key_no_pass.pem生成证书请求文件openssl req -new -key key.pem -out server.csr生成自签名证书 (cert.pem)openssl x509 -req -days 365 -in server.csr -signkey key.pem -out cert.pem执行sudo ./redirect网页输入ip上面看到了访问的网站是不安全的。如何安全访问呢使用下面脚本生成证书#!/bin/bashopenssl genrsa-outca.key2048openssl req-x509-new-nodes-keyca.key-sha256-days1000-outca.crt-subj/CCN/STTianJin/LTianJin/Oabc/OUabc/CNRootCA#openssl genrsa -out server.key 2048openssl genpkey-algorithmRSA-outserver_pass.key-aes256openssl rsa-inserver_pass.key-outserver.key openssl req-new-keyserver.key-outserver.csr-subj/CCN/STTianJin/LTianJin/OIking/OUIking/CNabc.comcatsan.cnfEOF [v3_req] subjectAltName alt_names [alt_names] DNS.1 test.local IP.1 10.8.xx.xx IP.2 192.168.xx.xx EOFopenssl x509-req-inserver.csr-CAca.crt-CAkeyca.key-CAcreateserial-outserver.crt-days365-sha256-extfilesan.cnf-extensionsv3_req openssl pkcs12-export-inkeyserver.key-inserver.crt-certfileca.crt-outserver.p12-nameabc.local将上面生成的server.p12 文件导入至浏览器的受信任证书中如下证书的签名将文件内容服务器名以及服务器公钥 做hash运算得到hash值使用自己CA的私钥和hash值进行加密运算将计算的签名结果放进证书验签4. 先在服务器中找CA的公钥5. 将签名结果和CA公钥进行反加密计算得到hash值6. 然后计算文件内容的hash值与上面计算的hash值做比对进行验证