Perl与Java的SSL通信示例

Perl与Java的SSL通信示例

用 用OpenSSL与JAVA(JSSE)通信一文中所生成的CA证书及keystore就可以在JAVA和OpenSSL之间通信了，下面以Perl代码为例：（Perl实际使用了OpenSSL)

下面的CLIENT端可以与前文提到的JAVA服务端通信：

# use strict;
use  IO :: Socket :: SSL(debug4);

my  ( $v_mode ,   $sock ,   $buf );

if ( $ARGV [ 0 ] eq  " DEBUG " ) {  $IO :: Socket :: SSL :: DEBUG  =   1 ; }

#  Check to make sure that we were not accidentally run in the wrong
# directory:
unless  ( - d  " certs " ) {
     if  ( - d  " ../certs " ) {
     chdir   " .. " ;
    }  else  {
#     die "Please run this example from the IO::Socket::SSL distribution directory!\n";
    }
}

if ( ! ( $sock   =  IO :: Socket :: SSL -> new( PeerAddr  =>   ' 172.19.149.52 ' ,
                   PeerPort  =>   ' 5555 ' ,
                   Proto     =>   ' tcp ' ,
                   SSL_verify_mode  =>   0x01 ,
                   SSL_ca_file  =>   ' mycerts/cacert.pem ' ,
                 ))) {
     warn   " unable to create socket:  " ,   & IO :: Socket :: SSL :: errstr ,   " \n " ;
     exit ( 0 );
}  else  {
     warn   " connect ($sock).\n "   if  ( $IO :: Socket :: SSL :: DEBUG);
}

#  check server cert.
my  ( $subject_name ,   $issuer_name ,   $cipher );
if (  ref ( $sock ) eq  " IO::Socket::SSL " ) {
     $subject_name   =   $sock -> peer_certificate( " subject " );
     $issuer_name   =   $sock -> peer_certificate( " issuer " );
     $cipher   =   $sock -> get_cipher();
}
warn   " cipher: $cipher.\n " ,   " server cert:\n " ,  
     " \t '$subject_name' \n\t '$issuer_name'.\n\n " ;

print   $sock   " Knock, knock.\n " ;

my  ( $buf )  =   $sock -> getlines;

$sock -> close ();

print   " read: '$buf'.\n " ;

另外，也给出一个PERL的SVR端示例：

# use strict;
use  IO :: Socket :: SSL(debug4);


my  ( $sock ,   $s ,   $v_mode );

if ( $ARGV [ 0 ] eq  " DEBUG " ) {  $IO :: Socket :: SSL :: DEBUG  =   1 ; }

#  Check to make sure that we were not accidentally run in the wrong
# directory:
unless  ( - d  " certs " ) {
     if  ( - d  " ../certs " ) {
     chdir   " .. " ;
    }  else  {
#     die "Please run this example from the IO::Socket::SSL distribution directory!\n";
    }
}

if ( ! ( $sock   =  IO :: Socket :: SSL -> new(  Listen   =>   5 ,
                   LocalAddr  =>   ' 10.56.28.35 ' ,
                   LocalPort  =>   9000 ,
                   Proto      =>   ' tcp ' ,
                   Reuse      =>   1 ,
                   SSL_use_cert  =>   1 ,
                   SSL_verify_mode  =>   0x00 ,
                   SSL_cert_file  =>   ' mycerts/cert.pem ' ,
                   SSL_key_file  =>   ' mycerts/key.pem '                    
                 )) ) {
     warn   " unable to create socket:  " ,   & IO :: Socket :: SSL :: errstr ,   " \n " ;
     exit ( 0 );
}
warn   " socket created: $sock.\n " ;

while  ( 1 ) {
   warn   " waiting for next connection.\n " ;
  
   while (( $s   =   $sock -> accept ())) {
       my  ( $peer_cert ,   $subject_name ,   $issuer_name ,   $date ,   $str );
      
       if (  !   $s  ) {
       warn   " error:  " ,   $sock -> errstr ,   " \n " ;
       next ;
      }
      
       warn   " connection opened ($s).\n " ;
      
       if (  ref ( $sock ) eq  " IO::Socket::SSL " ) {
       $subject_name   =   $s -> peer_certificate( " subject " );
       $issuer_name   =   $s -> peer_certificate( " issuer " );
      }
      
       warn   " \t subject: '$subject_name'.\n " ;
       warn   " \t issuer: '$issuer_name'.\n " ;
  
       my   $date   =   localtime ();
       print   $s   " my date command says it's: '$date' " ;
       close ( $s );
       warn   " \t connection closed.\n " ;
  }
}


$sock -> close ();

warn   " loop exited.\n " ;

在PERL中写SSL的SOCKET，要注意：
SVR端中：
       SSL_use_cert => 1,
       SSL_verify_mode => 0x00,
       SSL_cert_file => 'mycerts/cert.pem',
       SSL_key_file => 'mycerts/key.pem'
CLI端是：
       SSL_verify_mode => 0x01,
       SSL_ca_file => 'mycerts/cacert.pem',
mode是0表示，不认证对端，是1表示要认证对方。


有兴趣可以访问下我的生活博客： qqmovie.qzone.com