各种编程语言忽略http的SSL证书认证
前言
我们内部测试的http服务器很多时候证书都是没有经过第三方认证的,我们发送http请求基本上都是忽略证书认证。
我总结了一下常用编程语言使用http请求时忽略证书认证的代码片段,记录一下下。
代码
go语言
func httpPost(url, body string) ([]byte, error) {
req, err := http.NewRequest(http.MethodPost, urlPre+url, strings.NewReader(body))
if err != nil {
return nil, err
}
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
client := &http.Client{ // 忽略证书验证
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
},
}
resp, err := client.Do(req)
if resp != nil {
defer resp.Body.Close()
}
if err != nil {
return nil, err
}
data, err := ioutil.ReadAll(resp.Body)
if err != nil {
return nil, err
}
return data, nil
}
Python语言
import json
import requests
try:
# verify = False 表示忽略证书
response = requests.post("http://www.baidu.com/",verify = False, headers = header, data = "")
data = json.loads(response.text)
print(data)
except Exception as e:
print('error:', e)
Ruby语言
require 'rest-client'
require 'json'
begin
# :verify_ssl => OpenSSL::SSL::VERIFY_NONE 表示忽略证书
resp = RestClient::Request.execute(method: :post, url: "http://www.baidu.com/", payload: "", headers: headers, :verify_ssl => OpenSSL::SSL::VERIFY_NONE)
data = JSON.parse(resp.body)
puts(data)
rescue => e
puts("#{e.class}, #{e.message}")
end
Java语言
package iotp;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class janbar {
public static void main(String[] args) {
trustAllHosts(); // 只在开头执行一次即可
String data = httpPost("http://www.baidu.com/", "");
System.out.println(data);
}
public static String httpPost(String httpUrl, String param) {
HttpsURLConnection connection = null;
InputStream is = null;
OutputStream os = null;
BufferedReader br = null;
String result = null;
try {
// 通过远程url连接对象打开连接
connection = (HttpsURLConnection) new URL(urlPre + httpUrl).openConnection();
// 忽略证书认证
connection.setHostnameVerifier(DO_NOT_VERIFY);
// 设置连接请求方式
connection.setRequestMethod("POST");
// 设置连接主机服务器超时时间:15000毫秒
connection.setConnectTimeout(15000);
// 设置读取主机服务器返回数据超时时间:60000毫秒
connection.setReadTimeout(60000);
// 默认值为:false,当向远程服务器传送数据/写数据时,需要设置为true
connection.setDoOutput(true);
// 默认值为:true,当前向远程服务读取数据时,设置为true,该参数可有可无
connection.setDoInput(true);
// 设置传入参数的格式:请求参数应该是 name1=value1&name2=value2 的形式。
connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
// 通过连接对象获取一个输出流
os = connection.getOutputStream();
// 通过输出流对象将参数写出去/传输出去,它是通过字节数组写出的
os.write(param.getBytes());
// 通过连接对象获取一个输入流,向远程读取
if (connection.getResponseCode() == 200) {
is = connection.getInputStream();
// 对输入流对象进行包装:charset根据工作项目组的要求来设置
br = new BufferedReader(new InputStreamReader(is, "UTF-8"));
StringBuffer sbf = new StringBuffer();
String temp = null;
// 循环遍历一行一行读取数据
while ((temp = br.readLine()) != null) {
sbf.append(temp);
sbf.append("\r\n");
}
result = sbf.toString();
}
} catch (MalformedURLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} finally {
// 关闭资源
if (null != br) {
try {
br.close();
} catch (IOException e) {
e.printStackTrace();
}
}
if (null != os) {
try {
os.close();
} catch (IOException e) {
e.printStackTrace();
}
}
if (null != is) {
try {
is.close();
} catch (IOException e) {
e.printStackTrace();
}
}
// 断开与远程地址url的连接
connection.disconnect();
}
return result;
}
private static void trustAllHosts() {
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[] {};
}
public void checkClientTrusted(X509Certificate[] chain, String authType) {
}
public void checkServerTrusted(X509Certificate[] chain, String authType) {
}
} };
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
e.printStackTrace();
}
}
private final static HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
}
PHP语言
<?php
function httpPost($url, $content) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // 跳过证书检查
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); // 从证书中检查SSL加密算法是否存在
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type','application/x-www-form-urlencoded'));
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $content);
$response = curl_exec($ch);
if($error=curl_error($ch)){
die($error);
}
curl_close($ch);
return $response;
}
$data = httpPost("http://www.baidu.com/", "");
$data = json_decode($data, true);
var_dump($data);
C#语言
using System;
using System.Collections.Generic;
using System.Text;
using System.Net;
using System.IO;
namespace SundrayApi
{
class Program
{
static void Main(string[] args)
{
string data = apiPost("http://www.baidu.com/", "");
Console.WriteLine(data);
Console.ReadLine();
}
static string apiPost(string url, string body)
{
string content = string.Empty;
try
{
/* 跳过ssl验证 */
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true;
HttpWebRequest request = HttpWebRequest.Create(preUrl + url) as HttpWebRequest;
request.Method = "POST";
request.ContentType = "application/x-www-form-urlencoded";
byte[] data = Encoding.UTF8.GetBytes(body);
Stream newStream = request.GetRequestStream();
newStream.Write(data, 0, data.Length);
newStream.Close();
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
Stream stream = response.GetResponseStream();
StreamReader reader = new StreamReader(stream, Encoding.UTF8);
content = reader.ReadToEnd();
reader.Close();
response.Close();
}
catch (Exception ex)
{
content = ex.ToString();
}
return content;
}
}
}
C/C++语言
c语言需要编译一下下,如下流程即可。
wget https://curl.haxx.se/download/curl-7.73.0.tar.gz
./configure
make
gcc test.c -l curl -L /root/c/curl/curl-7.73.0/lib/.libs -I /root/c/curl/curl-7.73.0/include
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <curl/curl.h>
typedef struct {
char *memory;
size_t size;
} MemoryStruct;
static size_t WriteMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp)
{
size_t realsize = size * nmemb;
MemoryStruct *mem = (MemoryStruct *)userp;
char *ptr = realloc(mem->memory, mem->size + realsize + 1);
if(ptr == NULL) { /* out of memory! */
printf("not enough memory (realloc returned NULL)\n");
return 0;
}
mem->memory = ptr;
memcpy(&(mem->memory[mem->size]), contents, realsize);
mem->size += realsize;
mem->memory[mem->size] = 0;
return realsize;
}
int httpPost(const char *url, char *data, int size)
{
int ret = -1;
if(url == NULL || data == NULL){
return ret;
}
CURL *curl = curl_easy_init();
struct curl_slist* headers;
long retcode = 0;
MemoryStruct chunk;
chunk.size = 0;
chunk.memory = malloc(1);
headers = curl_slist_append(headers, "Content-Type: application/x-www-form-urlencoded");
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
curl_easy_setopt(curl, CURLOPT_POST, 1);
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data);
curl_easy_setopt(curl, CURLOPT_URL, url);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, WriteMemoryCallback);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&chunk);
CURLcode res = curl_easy_perform(curl);
curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &retcode);
if (res == CURLE_OK && retcode == 200) {
ret = 0;
if (chunk.size > 0) {
if (chunk.size > size)
chunk.size = size - 1; /* 超出限制,不拷贝 */
memcpy(data, chunk.memory, chunk.size);
}
data[chunk.size] = 0; /* 结束符 */
} else {
ret = -2;
}
curl_easy_cleanup(curl);
free(chunk.memory);
return ret;
}
int main(int argc, char *argv[])
{
int url_len = 128, data_len = 2048;
char *url = (char *)malloc(sizeof(char) * url_len);
char *data = (char *)malloc(sizeof(char) * data_len);
strcpy(url, "http://www.baidu.com/");
strcpy(data, "");
int ret = httpPost(url, data, data_len);
if (ret != 0) {
return ret;
}
printf("[%s]\n\n",data);
return 0;
}
shell语言
#!/bin/bash
# 使用 -k 参数忽略证书
data=$(curl -s -k "http://www.baidu.com/" -d "")
echo "$data"
总结
把常用编程语言的http忽略证书代码做个笔记,方便以后再来查看。本来想写写lua的,但是lua连socket都得编译个库来搞,还是以后有需求再搞搞吧。
另外再附上【https跳过证书校验底层原理】
