gSOAP SSL - 将现有代码转换为ssl

时间:2016-10-24 13:27:27

标签: c++ ssl wsdl gsoap

这个问题的早期版本没有响应,所以我更新了整个事情:

我的计算机上有一个测试gSOAP客户端和服务器。客户端将各种文件的MTOM上载到服务器。 尝试将代码转换为ssl时,我收到以下错误:

服务器报告:

"SSL_ERROR_SSL
error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher"

客户报告:

An SSL error occured
SOAP 1.2 fault SOAP-ENV:Receiver [no subcode]
"SSL_ERROR_SSL
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure"
Detail: SSL_connect error in tcp_connect()

它没有" SSL"选项。有人可以告诉我我做错了什么吗?

适用的客户代码 -

if(fSSL)
    soap_ssl_init();
. . .
soap_init1(&my_soap, SOAP_ENC_MTOM);  /* Enable MTOM */
. . .
if(fSSL)
{
    if (soap_ssl_client_context(&my_soap,
        SOAP_SSL_NO_AUTHENTICATION + SOAP_TLSv1_2,
        NULL, // client keyfile
        NULL, // passphrase for keyfile
        NULL, // certified authority certificate
        NULL, // directory for trusted certificates
        NULL))// random data for seed
        {
            soap_print_fault(&my_soap, stderr);
            ...
        }
}
...
long gsoap_status = soap_call___ns1__upload(&my_soap, endpoint.c_str(), NULL, &upload_parms, &upload_response);

适用的服务器代码 -

if(fSSL)
    soap_ssl_init();
. . .
soap_init1(&my_soap, SOAP_ENC_MTOM);  /* Enable MTOM */
. . .
if(fSSL)
{
    if (soap_ssl_server_context(&my_soap,
        SOAP_SSL_NO_AUTHENTICATION + SOAP_TLSv1_2, // per EMAIL - option 1
        NULL,    // Keyfile - required for authentication
        NULL,    // passphrase
        NULL,    // password to read Keyfile
        NULL,    // optional cacert file
        NULL,    // DH Filename or DH key len bits
        NULL,    // Randfile
        NULL))   // optional server identification (enable SSL session cache)
        {
            soap_print_fault(&my_soap, stderr);
            exit(0);
        }
}
. . .
my_soap.connect_timeout = 20; 
my_soap.send_timeout = 60; 
my_soap.recv_timeout = 60; 
if(!soap_valid_socket(soap_bind(&my_soap, NULL, port, 100)))
{
    soap_print_fault(&my_soap, stderr);
    exit(1);
}
fprintf(stderr, "Bind to port %d successful\n", port);

// server loop starts
for (;;)
    printf("server loop sta\n");
    int t_socket = soap_accept(&my_soap);
    struct soap* t_soap = 0;   
    t_soap = soap_copy(&my_soap);       
    if(fSSL)
    {
        if(soap_ssl_accept(&my_soap))   <------ FAILS HERE
        {
            printf("NOT Accepting (ssl) socket=%d connection from IP: %d.%d.%d.%d ...", t_socket, 
                        (int)my_soap.ip>>24&0xFF,
                        (int)my_soap.ip>>16&0xFF,
                        (int)my_soap.ip>>8&0xFF,
                        (int)my_soap.ip&0xFF);            
            soap_print_fault(&my_soap, stderr);
            soap_destroy(&my_soap);
            soap_end(&my_soap);
            continue;
        }
    }
    . . .
    if(soap_serve(&my_soap))
        ...

服务器控制台输出:

Bind to port 8080 successful
server loop sta
NOT Accepting (ssl) socket=364 connection from IP: 127.0.0.1 ...Error 30 fault is internal [no subcode]
"SSL_ERROR_SSL
error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher"
Detail: SSL_accept() failed in soap_ssl_accept()

1 个答案:

答案 0 :(得分:1)

我现在正在研究这个问题。我认为您看到的错误是因为openSSL的大多数/所有发行版不再支持匿名身份验证,因为中间人攻击。服务器端的自签名证书可能是使这些示例有效的唯一方法。