用用OpenSSL与JAVA(JSSE)通信一文中所生成的CA证书及keystore就可以在JAVA和OpenSSL之间通信了,下面以Perl代码为例:(Perl实际使用了OpenSSL)
下面的CLIENT端可以与前文提到的JAVA服务端通信:
- #use strict;
- use IO::Socket::SSL(debug4);
- my ($v_mode, $sock, $buf);
- if($ARGV[0] eq "DEBUG") { $IO::Socket::SSL::DEBUG = 1; }
- # Check to make sure that we were not accidentally run in the wrong
- # directory:
- unless (-d "certs") {
- if (-d "../certs") {
- chdir "..";
- } else {
- # die "Please run this example from the IO::Socket::SSL distribution directory!/n";
- }
- }
- if(!($sock = IO::Socket::SSL->new( PeerAddr => '172.19.149.52',
- PeerPort => '5555',
- Proto => 'tcp',
- SSL_verify_mode => 0x01,
- SSL_ca_file => 'mycerts/cacert.pem',
- ))) {
- warn "unable to create socket: ", &IO::Socket::SSL::errstr, "/n";
- exit(0);
- } else {
- warn "connect ($sock)./n" if ($IO::Socket::SSL::DEBUG);
- }
- # check server cert.
- my ($subject_name, $issuer_name, $cipher);
- if( ref($sock) eq "IO::Socket::SSL") {
- $subject_name = $sock->peer_certificate("subject");
- $issuer_name = $sock->peer_certificate("issuer");
- $cipher = $sock->get_cipher();
- }
- warn "cipher: $cipher./n", "server cert:/n",
- "/t '$subject_name' /n/t '$issuer_name'./n/n";
- print $sock "Knock, knock./n";
- my ($buf) = $sock->getlines;
- $sock->close();
- print "read: '$buf'./n";
另外,也给出一个PERL的SVR端示例
- #use strict;
- use IO::Socket::SSL(debug4);
- my ($sock, $s, $v_mode);
- if($ARGV[0] eq "DEBUG") { $IO::Socket::SSL::DEBUG = 1; }
- # Check to make sure that we were not accidentally run in the wrong
- # directory:
- unless (-d "certs") {
- if (-d "../certs") {
- chdir "..";
- } else {
- # die "Please run this example from the IO::Socket::SSL distribution directory!/n";
- }
- }
- if(!($sock = IO::Socket::SSL->new( Listen => 5,
- LocalAddr => '10.56.28.35',
- LocalPort => 9000,
- Proto => 'tcp',
- Reuse => 1,
- SSL_use_cert => 1,
- SSL_verify_mode => 0x00,
- SSL_cert_file => 'mycerts/cert.pem',
- SSL_key_file => 'mycerts/key.pem'
- )) ) {
- warn "unable to create socket: ", &IO::Socket::SSL::errstr, "/n";
- exit(0);
- }
- warn "socket created: $sock./n";
- while (1) {
- warn "waiting for next connection./n";
- while(($s = $sock->accept())) {
- my ($peer_cert, $subject_name, $issuer_name, $date, $str);
- if( ! $s ) {
- warn "error: ", $sock->errstr, "/n";
- next;
- }
- warn "connection opened ($s)./n";
- if( ref($sock) eq "IO::Socket::SSL") {
- $subject_name = $s->peer_certificate("subject");
- $issuer_name = $s->peer_certificate("issuer");
- }
- warn "/t subject: '$subject_name'./n";
- warn "/t issuer: '$issuer_name'./n";
- my $date = localtime();
- print $s "my date command says it's: '$date'";
- close($s);
- warn "/t connection closed./n";
- }
- }
- $sock->close();
- warn "loop exited./n";
在PERL中写SSL的SOCKET,要注意:
SVR端中:
SSL_use_cert => 1,
SSL_verify_mode => 0x00,
SSL_cert_file => 'mycerts/cert.pem',
SSL_key_file => 'mycerts/key.pem'
CLI端是:
SSL_verify_mode => 0x01,
SSL_ca_file => 'mycerts/cacert.pem',
mode是0表示,不认证对端,是1表示要认证对方。
原文:http://www.blogjava.net/alwayscy/archive/2006/12/04/85368.html