macos - 弃用的 OpenSSL 功能

Question

作为通过外部 API 将我自己的代码与某些系统的编程接口(interface)集成的练习，我遇到了以下问题:Apple 已将大部分 OpenSSL API 标记为“已弃用”。 任何帮助将不胜感激!

我从 http://www.openssl.org/ 中获取了 OpenSSL 1.0.1i 2014 年 8 月 6 日版本.

尝试静态链接到“病马”是徒劳的:

g++ test.cc -o test -lssl -Bstatic -L/usr/local/ssl/include -lcrypto -lcurcl

我想补充一点，我被指示使用 G++ 编译器编译 C++ 代码，如下所示。

g++ test.cc -o test -lssl -lcrypto -lcurl

两个调用都以以下方式退出。

输出示例:

test.cc: In function ‘std::string encode_base64(const std::string&)’:
test.cc:104: warning: ‘BIO_new’ is deprecated (declared at /usr/include/openssl/bio.h:581)
test.cc:104: warning: ‘BIO_f_base64’ is deprecated (declared at /usr/include/openssl/evp.h:647)
test.cc:104: warning: ‘BIO_f_base64’ is deprecated (declared at /usr/include/openssl/evp.h:647)
test.cc:104: warning: ‘BIO_new’ is deprecated (declared at /usr/include/openssl/bio.h:581)
test.cc:105: warning: ‘BIO_new’ is deprecated (declared at /usr/include/openssl/bio.h:581)
test.cc:105: warning: ‘BIO_s_mem’ is deprecated (declared at /usr/include/openssl/bio.h:616)
test.cc:105: warning: ‘BIO_s_mem’ is deprecated (declared at /usr/include/openssl/bio.h:616)
test.cc:105: warning: ‘BIO_new’ is deprecated (declared at /usr/include/openssl/bio.h:581)
test.cc:106: warning: ‘BIO_push’ is deprecated (declared at /usr/include/openssl/bio.h:594)
test.cc:106: warning: ‘BIO_push’ is deprecated (declared at /usr/include/openssl/bio.h:594)
test.cc:107: warning: ‘BIO_write’ is deprecated (declared at /usr/include/openssl/bio.h:587)
test.cc:107: warning: ‘BIO_write’ is deprecated (declared at /usr/include/openssl/bio.h:587)
test.cc:108: warning: ‘BIO_ctrl’ is deprecated (declared at /usr/include/openssl/bio.h:590)
test.cc:108: warning: ‘BIO_ctrl’ is deprecated (declared at /usr/include/openssl/bio.h:590)
test.cc:109: warning: ‘BIO_ctrl’ is deprecated (declared at /usr/include/openssl/bio.h:590)
test.cc:109: warning: ‘BIO_ctrl’ is deprecated (declared at /usr/include/openssl/bio.h:590)
test.cc:113: warning: ‘BIO_free_all’ is deprecated (declared at /usr/include/openssl/bio.h:596)
test.cc:113: warning: ‘BIO_free_all’ is deprecated (declared at /usr/include/openssl/bio.h:596)
test.cc: In function ‘std::string encrypt(const std::string&)’:
test.cc:122: warning: ‘OPENSSL_add_all_algorithms_noconf’ is deprecated (declared at /usr/include/openssl/evp.h:828)
test.cc:122: warning: ‘OPENSSL_add_all_algorithms_noconf’ is deprecated (declared at /usr/include/openssl/evp.h:828)
test.cc:136: warning: ‘RSA_public_encrypt’ is deprecated (declared at /usr/include/openssl/rsa.h:275)
test.cc:140: warning: ‘RSA_public_encrypt’ is deprecated (declared at /usr/include/openssl/rsa.h:275)
test.cc:144: warning: ‘RSA_free’ is deprecated (declared at /usr/include/openssl/rsa.h:282)
test.cc:144: warning: ‘RSA_free’ is deprecated (declared at /usr/include/openssl/rsa.h:282)

源代码示例(test.cc):

#include <string>
#include <iostream>
#include <sstream>
#include <ctime>
#include <openssl/sha.h>
#include <openssl/hmac.h>
#include <openssl/evp.h>
#include <openssl/bio.h>
#include <openssl/buffer.h>
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
#include <curl/curl.h>

using namespace std;

string create_blob(const string &username, const string &password);
string encode_base64(const string &s);
string url_encode(CURL *curl, const string &s);
string encrypt(const string &s);
string timestamp_in_ms();
void login(const string &username, const string &password);

template <typename T>
string to_string(const T &v) 
{ 
  stringstream ss;
  ss << v;
  return ss.str();
};

int main(int argc, const char* argv[])
{
  if (argc != 3) {
    cerr << "Usage: " << argv[0] << "<username> <password>";
    exit(1);
  }
  string username = string(argv[1]);
  string password = string(argv[2]);
  login(username, password);
};

void login(const string &username, const string &password) 
{
  CURL *curl;
  CURLcode res;

  curl_global_init(CURL_GLOBAL_ALL);

  curl = curl_easy_init();
  if (!curl) {
    cerr << "Error starting curl" << endl;
    exit(1);
  }

  struct curl_slist *header = NULL;
  header = curl_slist_append(header, "Accept-Language: sv");
  header = curl_slist_append(header, "Accept: application/json");

  string blob = create_blob(username, password);
  string postdata = "auth=" + url_encode(curl, blob) + "&service=NEXTAPI";

  curl_easy_setopt(curl, CURLOPT_URL, 
    "https://api.test.nordnet.se/next/1/login");
  curl_easy_setopt(curl, CURLOPT_POSTFIELDS, postdata.c_str());
  curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, postdata.length());
  curl_easy_setopt(curl, CURLOPT_HTTPHEADER, header);

  res = curl_easy_perform(curl);

  curl_slist_free_all(header);
  curl_easy_cleanup(curl);

}

string create_blob(const string &username, const string &password) 
{
  string encoded =
    encode_base64(username) + ":" +
    encode_base64(password) + ":" +
    encode_base64(timestamp_in_ms());
  return encode_base64(encrypt(encoded));
}

string timestamp_in_ms() 
{
  return to_string(std::time(0)) + "000";
}

string url_encode(CURL *curl, const string &s)
{
  char *url_encoded = curl_easy_escape(curl, s.c_str(), s.length());
  string url_encoded_str(url_encoded);
  curl_free(url_encoded);

  return url_encoded_str;
}

string encode_base64(const string &s) {
  BIO *bmem, *b64;
  BUF_MEM *bptr;

  b64 = BIO_new(BIO_f_base64());
  bmem = BIO_new(BIO_s_mem());
  b64 = BIO_push(b64, bmem);
  BIO_write(b64, s.c_str(), s.length());
  BIO_flush(b64);
  BIO_get_mem_ptr(b64, &bptr);

  string base64 = string(bptr->data,bptr->length-1);

  BIO_free_all(b64);

  return base64;
}

string encrypt(const string &s) {
  RSA *public_key;  
  FILE *fp;

  OpenSSL_add_all_algorithms();

  fp = fopen("NEXTAPI_TEST_public.pem","r");
  public_key = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL);
  fclose(fp);

  if (!public_key) {
    cerr << "Can't read public key" << endl;
    exit(1);
  }

  unsigned char encrypted[2560] = {0};

  int len = 
    RSA_public_encrypt(s.length(), 
               reinterpret_cast<unsigned char*>(const_cast<char *>(s.c_str())), 
               encrypted, 
               public_key, 
               RSA_PKCS1_PADDING);

  string result(reinterpret_cast<const char *>(encrypted), len);

  RSA_free(public_key);

  return result;
}

类似问题:

OpenSSL with gcc on OS X 10.7

'SHA1' is deprecated: first deprecated in OS X 10.7?

http://www.unix.com/programming/162567-linking-openssl-libcrypto-statically.html

Answer 1

警告表明您仍在针对 apple 提供的 openssl 库进行编译，因为该库中的 .h 文件装饰有弃用警告。

您需要编译代码以查找 /usr/local/ssl/include 中包含的 openssl(假设这是您安装库副本的位置:

-I/usr/local/ssl/include

其次，看起来 OSX 对 -static 选项没有做任何事情 - 无论您尝试什么，它都会链接到动态版本，因此您需要明确引用 路径中的完整 libcrypto.a 文件:

/usr/local/ssl/lib/libcrypto.a

所以你的编译行变成:

g++ -I/usr/local/ssl/include test.cc -o test /usr/local/ssl/lib/libssl.a /usr/local/ssl/lib/libcrypto.a -lcurl

(我猜它是 -lcurl，我以前从未见过 libcurcl)。