用
用OpenSSL與JAVA(JSSE)通信一文中所生成的CA證書及keystore就可以在JAVA和OpenSSL之間通信了,下面以Perl代碼為例:(Perl實際使用了OpenSSL)
下面的CLIENT端可以與前文提到的JAVA服務端通信:
#use?strict;
use?IO::Socket::SSL(debug4);
my?($v_mode,?$sock,?$buf);
if($ARGV[0]?eq?"DEBUG")?{?$IO::Socket::SSL::DEBUG?=?1;?}
#?Check?to?make?sure?that?we?were?not?accidentally?run?in?the?wrong
#?directory:
unless?(-d?"certs")?{
????if?(-d?"../certs")?{
????chdir?"..";
????}?else?{
#????die?"Please?run?this?example?from?the?IO::Socket::SSL?distribution?directory!\n";
????}
}
if(!($sock?=?IO::Socket::SSL->new(?PeerAddr?=>?'172.19.149.52',
???????????????????PeerPort?=>?'5555',
???????????????????Proto????=>?'tcp',
???????????????????SSL_verify_mode?=>?0x01,
???????????????????SSL_ca_file?=>?'mycerts/cacert.pem',
?????????????????)))?{
????warn?"unable?to?create?socket:?",?&IO::Socket::SSL::errstr,?"\n";
????exit(0);
}?else?{
????warn?"connect?($sock).\n"?if?($IO::Socket::SSL::DEBUG);
}
#?check?server?cert.
my?($subject_name,?$issuer_name,?$cipher);
if(?ref($sock)?eq?"IO::Socket::SSL")?{
????$subject_name?=?$sock->peer_certificate("subject");
????$issuer_name?=?$sock->peer_certificate("issuer");
????$cipher?=?$sock->get_cipher();
}
warn?"cipher:?$cipher.\n",?"server?cert:\n",?
????"\t?'$subject_name'?\n\t?'$issuer_name'.\n\n";
print?$sock?"Knock,?knock.\n";
my?($buf)?=?$sock->getlines;
$sock->close();
print?"read:?'$buf'.\n";
另外,也給出一個PERL的SVR端示例:
#use?strict;
use?IO::Socket::SSL(debug4);
my?($sock,?$s,?$v_mode);
if($ARGV[0]?eq?"DEBUG")?{?$IO::Socket::SSL::DEBUG?=?1;?}
#?Check?to?make?sure?that?we?were?not?accidentally?run?in?the?wrong
#?directory:
unless?(-d?"certs")?{
????if?(-d?"../certs")?{
????chdir?"..";
????}?else?{
#????die?"Please?run?this?example?from?the?IO::Socket::SSL?distribution?directory!\n";
????}
}
if(!($sock?=?IO::Socket::SSL->new(?Listen?=>?5,
???????????????????LocalAddr?=>?'10.56.28.35',
???????????????????LocalPort?=>?9000,
???????????????????Proto?????=>?'tcp',
???????????????????Reuse?????=>?1,
???????????????????SSL_use_cert?=>?1,
???????????????????SSL_verify_mode?=>?0x00,
???????????????????SSL_cert_file?=>?'mycerts/cert.pem',
???????????????????SSL_key_file?=>?'mycerts/key.pem'???????????????????
?????????????????))?)?{
????warn?"unable?to?create?socket:?",?&IO::Socket::SSL::errstr,?"\n";
????exit(0);
}
warn?"socket?created:?$sock.\n";
while?(1)?{
??warn?"waiting?for?next?connection.\n";
??
??while(($s?=?$sock->accept()))?{
??????my?($peer_cert,?$subject_name,?$issuer_name,?$date,?$str);
??????
??????if(?!?$s?)?{
??????warn?"error:?",?$sock->errstr,?"\n";
??????next;
??????}
??????
??????warn?"connection?opened?($s).\n";
??????
??????if(?ref($sock)?eq?"IO::Socket::SSL")?{
??????$subject_name?=?$s->peer_certificate("subject");
??????$issuer_name?=?$s->peer_certificate("issuer");
??????}
??????
??????warn?"\t?subject:?'$subject_name'.\n";
??????warn?"\t?issuer:?'$issuer_name'.\n";
??
??????my?$date?=?localtime();
??????print?$s?"my?date?command?says?it's:?'$date'";
??????close($s);
??????warn?"\t?connection?closed.\n";
??}
}
$sock->close();
warn?"loop?exited.\n"; 在PERL中寫SSL的SOCKET,要注意:
SVR端中:
?????? SSL_use_cert => 1,
?????? SSL_verify_mode => 0x00,
?????? SSL_cert_file => 'mycerts/cert.pem',
?????? SSL_key_file => 'mycerts/key.pem'
CLI端是:
?????? SSL_verify_mode => 0x01,
?????? SSL_ca_file => 'mycerts/cacert.pem',
mode是0表示,不認證對端,是1表示要認證對方。
posted on 2006-12-04 15:20
我愛佳娃 閱讀(2637)
評論(2) 編輯 收藏 所屬分類:
SSL