首先需要准备好服务器端的证书和key
其次需要准备好客户端的证书和key
所有服务器客户端的证书和key都需要是同一个ca签署的。
首先请看服务器代码:
require 'socket'
require 'openssl'
$cacrtf="ca.crt"
$crtf="server.crt"
$keyf="server.key"
server = TCPServer.new('127.0.0.1', 2400)
ctx = OpenSSL::SSL::SSLContext.new()
ctx.cert= OpenSSL::X509::Certificate.new(File.open($crtf))
ctx.key = OpenSSL::PKey::RSA.new(File.open($keyf))
ctx.ca_file =$cacrtf
ssl_server = OpenSSL::SSL::SSLServer.new(server, ctx)
sa = ssl_server.accept
p sa.gets
sa.puts "server Time: #{Time.now}"
sa.close
ssl_server.close
请看客户端代码
require 'socket'
require 'openssl'
$cacrtf="ca.crt"
$crtf="client.cer"
$keyf="client.key"
socket = TCPSocket.new('127.0.0.1', 2400)
context = OpenSSL::SSL::SSLContext.new
context.cert= OpenSSL::X509::Certificate.new(File.open($crtf)) # $cacrtf or $crtf
context.key = OpenSSL::PKey::RSA.new(File.open($keyf),'password')
context.ca_file =$cacrtf
ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, context)
ssl_socket.sync_close = true
ssl_socket.connect
p ssl_socket.ssl_version
ssl_socket.puts "client Time: #{Time.now}"
p ssl_socket.gets
ssl_socket.close
请各位参考。