|
用
用OpenSSL与JAVA(JSSE)通信
一文中所生成的CA证书及keystore就可以在JAVA和OpenSSL之间通信了,下面以Perl代码为例:(Perl实际使用了OpenSSL)
下面的CLIENT端可以与前文提到的JAVA服务端通信:
#
use?strict;
use
?IO
::
Socket
SSL(debug4);
my
?(
$v_mode
,
?
$sock
$buf
);
if
(
$ARGV
[
0
]?eq?
"
DEBUG
)?{?
$IO
SSL
DEBUG?
=
1
;?}
?Check?to?make?sure?that?we?were?not?accidentally?run?in?the?wrong
#?directory:
unless
?(
-
d?
certs
)?{
????
../certs
chdir
?
..
;
????}?
else
?{
????die?"Please?run?this?example?from?the?IO::Socket::SSL?distribution?directory!n";
????}
}
(
!
->
new(?PeerAddr?
=>
'
172.19.149.52
???????????????????PeerPort?
5555
???????????????????Proto????
tcp
???????????????????SSL_verify_mode?
0x01
???????????????????SSL_ca_file?
mycerts/cacert.pem
?????????????????)))?{
????
warn
unable?to?create?socket:?
&
IO
errstr
n
;
????
exit
);
}?
?{
????
connect?($sock).n
DEBUG);
}
?check?server?cert.
$subject_name
$issuer_name
$cipher
);
(?
ref
)?eq?
IO::Socket::SSL
)?{
????
peer_certificate(
subject
);
????
issuer
get_cipher();
}
cipher:?$cipher.n
server?cert:n
?
????
t?'$subject_name'?nt?'$issuer_name'.nn
;
print
Knock,?knock.n
)?
getlines;
close
();
read:?'$buf'.n
;
另外,也给出一个PERL的SVR端示例:
SSL(debug4);
$s
new(?
Listen
5
???????????????????LocalAddr?
10.56.28.35
???????????????????LocalPort?
9000
???????????????????Proto?????
???????????????????Reuse?????
???????????????????SSL_use_cert?
0x00
???????????????????SSL_cert_file?
mycerts/cert.pem
???????????????????SSL_key_file?
mycerts/key.pem
???????????????????
?????????????????))?)?{
????
);
}
socket?created:?$sock.n
while
)?{
??
waiting?for?next?connection.n
;
??
??
((
accept
()))?{
??????
$peer_cert
$date
$str
);
??????
??????
?)?{
??????
error:?
;
??????
next
;
??????}
??????
??????
connection?opened?($s).n
;
??????
??????
)?{
??????
);
??????
);
??????}
??????
??????
t?subject:?'$subject_name'.n
t?issuer:?'$issuer_name'.n
;
??
??????
localtime
();
??????
my?date?command?says?it's:?'$date'
);
??????
t?connection?closed.n
;
??}
}
loop?exited.n
;
在PERL中写SSL的SOCKET,要注意:
SVR端中:
?????? SSL_use_cert => 1,
?????? SSL_verify_mode => 0x00,sans-serif; font-size:13px; line-height:19.5px">?????? SSL_cert_file => 'mycerts/cert.pem',sans-serif; font-size:13px; line-height:19.5px">?????? SSL_key_file => 'mycerts/key.pem'
CLI端是:
?????? SSL_verify_mode => 0x01,sans-serif; font-size:13px; line-height:19.5px">?????? SSL_ca_file => 'mycerts/cacert.pem',sans-serif; font-size:13px; line-height:19.5px">mode是0表示,不认证对端,是1表示要认证对方。
(编辑:李大同)
【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
|
