用
用OpenSSL与JAVA(JSSE)通信一文中所生成的CA证书及keystore就可以在JAVA和OpenSSL之间通信了,下面以Perl代码为例:(Perl实际使用了OpenSSL)
下面的CLIENT端可以与前文提到的JAVA服务端通信:
#use strict;
use IO::Socket::SSL(debug4);
my ($v_mode, $sock, $buf);
if($ARGV[0] eq "DEBUG") { $IO::Socket::SSL::DEBUG = 1; }
# Check to make sure that we were not accidentally run in the wrong
# directory:
unless (-d "certs") {
if (-d "../certs") {
chdir "..";
} else {
# die "Please run this example from the IO::Socket::SSL distribution directory!\n";
}
}
if(!($sock = IO::Socket::SSL->new( PeerAddr => '172.19.149.52',
PeerPort => '5555',
Proto => 'tcp',
SSL_verify_mode => 0x01,
SSL_ca_file => 'mycerts/cacert.pem',
))) {
warn "unable to create socket: ", &IO::Socket::SSL::errstr, "\n";
exit(0);
} else {
warn "connect ($sock).\n" if ($IO::Socket::SSL::DEBUG);
}
# check server cert.
my ($subject_name, $issuer_name, $cipher);
if( ref($sock) eq "IO::Socket::SSL") {
$subject_name = $sock->peer_certificate("subject");
$issuer_name = $sock->peer_certificate("issuer");
$cipher = $sock->get_cipher();
}
warn "cipher: $cipher.\n", "server cert:\n",
"\t '$subject_name' \n\t '$issuer_name'.\n\n";
print $sock "Knock, knock.\n";
my ($buf) = $sock->getlines;
$sock->close();
print "read: '$buf'.\n";
另外,也给出一个PERL的SVR端示例:
#use strict;
use IO::Socket::SSL(debug4);
my ($sock, $s, $v_mode);
if($ARGV[0] eq "DEBUG") { $IO::Socket::SSL::DEBUG = 1; }
# Check to make sure that we were not accidentally run in the wrong
# directory:
unless (-d "certs") {
if (-d "../certs") {
chdir "..";
} else {
# die "Please run this example from the IO::Socket::SSL distribution directory!\n";
}
}
if(!($sock = IO::Socket::SSL->new( Listen => 5,
LocalAddr => '10.56.28.35',
LocalPort => 9000,
Proto => 'tcp',
Reuse => 1,
SSL_use_cert => 1,
SSL_verify_mode => 0x00,
SSL_cert_file => 'mycerts/cert.pem',
SSL_key_file => 'mycerts/key.pem'
)) ) {
warn "unable to create socket: ", &IO::Socket::SSL::errstr, "\n";
exit(0);
}
warn "socket created: $sock.\n";
while (1) {
warn "waiting for next connection.\n";
while(($s = $sock->accept())) {
my ($peer_cert, $subject_name, $issuer_name, $date, $str);
if( ! $s ) {
warn "error: ", $sock->errstr, "\n";
next;
}
warn "connection opened ($s).\n";
if( ref($sock) eq "IO::Socket::SSL") {
$subject_name = $s->peer_certificate("subject");
$issuer_name = $s->peer_certificate("issuer");
}
warn "\t subject: '$subject_name'.\n";
warn "\t issuer: '$issuer_name'.\n";
my $date = localtime();
print $s "my date command says it's: '$date'";
close($s);
warn "\t connection closed.\n";
}
}
$sock->close();
warn "loop exited.\n"; 在PERL中写SSL的SOCKET,要注意:
SVR端中:
SSL_use_cert => 1,
SSL_verify_mode => 0x00,
SSL_cert_file => 'mycerts/cert.pem',
SSL_key_file => 'mycerts/key.pem'
CLI端是:
SSL_verify_mode => 0x01,
SSL_ca_file => 'mycerts/cacert.pem',
mode是0表示,不认证对端,是1表示要认证对方。
posted on 2006-12-04 15:20
我爱佳娃 阅读(2621)
评论(2) 编辑 收藏 所属分类:
SSL