Windows下开发OpenSSL建议使用LibreSSL.
一句话快速生成SSL证书和Key文件
1 | openssl req -x509 -newkey rsa:4096 -keyout serverkey.pem -out servercert.pem -sha256 -days 365 -nodes |
其中-nodes
是不需要额外密码保护key的意思.
有关TLS安全Socket编程的实际使用, 参考我的 Kiritow/GSock2: General Socket Wrapper Version 2
参考
Verify errorcode = 20 : unable to get local issuer certificate
Confusion between using BIO and SSL functions on OpenSSL 我就觉得BIO_和SSL_系列函数共存而且名字都差不多就离谱.
Using OpenSSL TLS with or without BIO? 所以SSL_系函数是相对简单的一个系列.
Using OpenSSL with memory BIOs
Use OpenSSL with Asynchronous Sockets, I/O Completion Ports and Ceritificate Signing
另: 下面这两篇写的还行, 但用的是BIO, 而且实测是有bug的, 比较具有误导性
OpenSSL client and server from scratch, part 2 —— Server
OpenSSL client and server from scratch, part 3 & OpenSSL client and server from scratch, part 4 —— Client