2
我正试图在客户端中实施证书验证。 我总是收到SSL Exception: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed after 893ms,我确定它是有效的,试图通过这种方式获取google.com并失败。我正在使用RejectCertificateHandler,因为文档状态如下:无法通过Poco验证服务器证书
A RejectCertificateHandler is invoked whenever an error occurs verifying the certificate. It always rejects the certificate.
A AcceptCertificateHandler is invoked whenever an error occurs verifying the certificate. It always accepts the certificate. Should be using for testing purposes only.
我在做什么错?这里是我的代码:
Poco::SharedPtr<Poco::Net::InvalidCertificateHandler> pAcceptCertHandler = new Poco::Net::RejectCertificateHandler(true);
Poco::Net::Context::Ptr pContext = new Poco::Net::Context(Poco::Net::Context::CLIENT_USE, "", "", "", Poco::Net::Context::VERIFY_RELAXED, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
Poco::Net::SSLManager::instance().initializeClient(NULL, pAcceptCertHandler, pContext);
Poco::Net::HTTPSClientSession session(uri.getHost(), uri.getPort(), pContext);
std::string path(uri.getPathAndQuery());
Poco::Net::HTTPRequest request(Poco::Net::HTTPRequest::HTTP_GET, path, Poco::Net::HTTPMessage::HTTP_1_1);
initializeHttpGetRequest(request);
session.sendRequest(request);
session.setKeepAlive(true);
Poco::Timespan timespan(0, 0, 10, 0, 0);
session.setKeepAliveTimeout(timespan);
Poco::Net::HTTPResponse res;
std::istream & is = session.receiveResponse(res);
responseCode = res.getStatus();
我建议,要么inhering'InvalidCertificateHandler'向我们展示的输出,或使用'ConsoleCertificateHandler'向我们展示了输出。这会帮助我们回答你的问题。无论哪种方式,问题在于验证,它可能是您使用的密码列表。 – kobigurk
'警告:证书验证失败 ---------------------------------------- 颁发者名称:/ C = IE/O = Baltimore/OU = CyberTrust/CN = Baltimore CyberTrust Root 使用者名称:/ C = US/O = DigiCert Inc/OU = www.digicert.com/CN = DigiCert High Assurance EV Root CA ' 证书产生错误:无法获取本地发行者证书 – Thunder
您可能没有将Digicert作为您计算机中的可信根权限。如果它是我们正在讨论的Windows,请查看'certmgr.msc'。我相信这是你的问题。 – kobigurk