Powershell SSL套接字客户端

时间:2013-10-08 16:13:54

标签: ruby sockets powershell ssl

我在使用PowerShell连接到带有自签名证书的ssl套接字时遇到问题。我有一个连接很好的ruby客户端,我也用-ssl开关测试了ncat,并确认它连接正常。 $ sslStream.AuthenticateAsClient是代码失败的地方,我从powershell“异常调用”AuthenticateAsClient“带有”1“参数得到以下错误:”对SSPI的调用失败,请参阅内部异常。“。非常感谢任何帮助。

Powershell客户端 

$socket = New-Object Net.Sockets.TcpClient('172.26.4.38', 8080)
$stream = $socket.GetStream()
$sslStream = New-Object System.Net.Security.SslStream($stream,$false,({$True} -as [Net.Security.RemoteCertificateValidationCallback]))
$sslStream.AuthenticateAsClient('172.26.4.38')
$writer = new-object System.IO.StreamWriter($sslStream)
$writer.WriteLine('hello world')
$writer.flush()
$socket.close()

Ruby服务器 

#!/usr/bin/env ruby
require 'openssl'
require 'socket'
tcp_server = TCPServer.new('172.26.4.38', 8080)
ctx = OpenSSL::SSL::SSLContext.new
ctx.ssl_version = :SSLv23
ctx.key = OpenSSL::PKey::RSA.new 2048
ctx.cert = OpenSSL::X509::Certificate.new
ctx.cert.subject = OpenSSL::X509::Name.new [['CN', '172.26.4.38']]
ctx.cert.issuer = ctx.cert.subject
ctx.cert.public_key = ctx.key
ctx.cert.not_before = Time.now
ctx.cert.not_after = Time.now + 60 * 60 * 24
ctx.cert.sign ctx.key, OpenSSL::Digest::SHA1.new
server = OpenSSL::SSL::SSLServer.new tcp_server, ctx
socket = server.accept
puts 'client connected'
puts socket.gets

2 个答案:

答案 0 :(得分:0)

你可以通过强制回调无论如何都返回true来让powershell忽略任何证书问题。

[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

要知道这会绕过PowerShell会话中的任何ssl验证。

答案 1 :(得分:0)

这是ruby代码创建自签名证书的问题。使用openssl和openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt以下powershell代码正常工作。

<强>客户端 

$socket = New-Object Net.Sockets.TcpClient('172.26.4.38', 8080)
$stream = $socket.GetStream()
$sslStream = New-Object System.Net.Security.SslStream($stream,$false,({$True} -as [Net.Security.RemoteCertificateValidationCallback]))
$sslStream.AuthenticateAsClient('172.26.4.38')
$writer = new-object System. IO.StreamWriter($sslStream)
$writer.WriteLine('Hello World')
$writer.flush()
$socket.close()

服务器 

#!/usr/bin/env ruby
require 'openssl'
require 'socket'
tcp_server = TCPServer.new('172.26.4.38', 8080)
ctx = OpenSSL::SSL::SSLContext.new
ctx.cert = OpenSSL::X509::Certificate.new(File.open('server.crt'))
ctx.key = OpenSSL::PKey::RSA.new(File.open('server.key'))
server = OpenSSL::SSL::SSLServer.new tcp_server, ctx 
socket = server.accept
puts 'client connected'
puts socket.gets
相关问题
最新问题