我的POCO SSL客户端对内部服务器不断崩溃,但对于" https://www.google.com,https://amazon.com"它工作正常。
对于我的项目,我创建了一个POCO客户端(使用了POCO示例代码)。最初我在证书上几乎没有问题,但现在他们都解决了,我可以在Chrome中打开我的服务器(没有任何证书错误)。
如何解决此问题/崩溃?
代码:
#include "Poco/URIStreamOpener.h"
#include "Poco/StreamCopier.h"
#include "Poco/Path.h"
#include "Poco/URI.h"
#include "Poco/SharedPtr.h"
#include "Poco/Exception.h"
#include "Poco/Net/HTTPStreamFactory.h"
#include "Poco/Net/HTTPSStreamFactory.h"
#include "Poco/Net/FTPStreamFactory.h"
#include "Poco/Net/SSLManager.h"
#include "Poco/Net/KeyConsoleHandler.h"
#include "Poco/Net/ConsoleCertificateHandler.h"
#include <memory>
#include <iostream>
using Poco::URIStreamOpener;
using Poco::StreamCopier;
using Poco::Path;
using Poco::URI;
using Poco::SharedPtr;
using Poco::Exception;
using Poco::Net::HTTPStreamFactory;
using Poco::Net::HTTPSStreamFactory;
using Poco::Net::FTPStreamFactory;
using Poco::Net::SSLManager;
using Poco::Net::Context;
using Poco::Net::KeyConsoleHandler;
using Poco::Net::PrivateKeyPassphraseHandler;
using Poco::Net::InvalidCertificateHandler;
using Poco::Net::ConsoleCertificateHandler;
class SSLInitializer
{
public:
SSLInitializer()
{
Poco::Net::initializeSSL();
}
~SSLInitializer()
{
Poco::Net::uninitializeSSL();
}
};
int main(int argc, char** argv)
{
SSLInitializer sslInitializer;
HTTPStreamFactory::registerFactory();
HTTPSStreamFactory::registerFactory();
FTPStreamFactory::registerFactory();
// Note: we must create the passphrase handler prior Context
SharedPtr<InvalidCertificateHandler> ptrCert = new ConsoleCertificateHandler(false); // ask the user via console
Context::Ptr ptrContext = new Context(Context::CLIENT_USE, "", "", "rootcert.pem", Context::VERIFY_RELAXED, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
SSLManager::instance().initializeClient(0, ptrCert, ptrContext);
try
{
URI uri(argv[1]);
std::auto_ptr<std::istream> pStr(URIStreamOpener::defaultOpener().open(uri));
StreamCopier::copyStream(*pStr.get(), std::cout);
}
catch (Exception& exc)
{
std::cerr << exc.displayText() << std::endl;
return 1;
}
return 0;
}
Python服务器(在不同的机器上运行):
import BaseHTTPServer, SimpleHTTPServer
import ssl
httpd = BaseHTTPServer.HTTPServer(('10.8.80.11', 4443), SimpleHTTPServer.SimpleHTTPRequestHandler)
httpd.socket = ssl.wrap_socket (httpd.socket, certfile='./server.pem', server_side=True)
httpd.serve_forever()
崩溃BT:
Loaded symbols for /libexec/ld-elf.so.1
#0 0x0000000047806a8f in deflateSetDictionary () from /usr/lib/libz.so
[New Thread 47406400 (LWP 100085/ssl_client)]
(gdb) bt
#0 0x0000000047806a8f in deflateSetDictionary () from /usr/lib/libz.so
#1 0x0000000047809035 in deflateCopy () from /usr/lib/libz.so
#2 0x0000000047807d52 in deflate () from /usr/lib/libz.so
#3 0x0000000046ac5139 in zlib_stateful_compress_block () from /usr/local/lib/libcrypto.so.8
#4 0x0000000046ac42e9 in COMP_compress_block () from /usr/local/lib/libcrypto.so.8
#5 0x000000004671829b in do_ssl3_write () from /usr/local/lib/libssl.so.8
#6 0x0000000046717ec4 in ssl3_write_bytes () from /usr/local/lib/libssl.so.8
#7 0x0000000046719ba9 in ssl3_do_write () from /usr/local/lib/libssl.so.8
#8 0x000000004670f227 in ssl3_connect () from /usr/local/lib/libssl.so.8
#9 0x000000004671d8dd in ssl23_connect () from /usr/local/lib/libssl.so.8
#10 0x000000004538f471 in Poco::Net::SecureSocketImpl::connectSSL () from /usr/local/lib/libPocoNetSSL.so.12
#11 0x00000000453922dd in Poco::Net::SecureStreamSocketImpl::connect () from /usr/local/lib/libPocoNetSSL.so.12
#12 0x0000000044b3937a in Poco::Net::HTTPSession::connect () from /usr/local/lib/libPocoNet.so.12
#13 0x0000000045388c86 in Poco::Net::HTTPSClientSession::connect () from /usr/local/lib/libPocoNetSSL.so.12
#14 0x0000000044b22a93 in Poco::Net::HTTPClientSession::reconnect () from /usr/local/lib/libPocoNet.so.12
#15 0x0000000044b224f1 in Poco::Net::HTTPClientSession::sendRequest () from /usr/local/lib/libPocoNet.so.12
#16 0x000000004538974c in Poco::Net::HTTPSStreamFactory::open () from /usr/local/lib/libPocoNetSSL.so.12
#17 0x0000000044ea0465 in Poco::URIStreamOpener::openURI () from /usr/local/lib/libPocoFoundation.so.12
#18 0x0000000044ea0206 in Poco::URIStreamOpener::open () from /usr/local/lib/libPocoFoundation.so.12
#19 0x00000000004022e7 in main ()
证书信息:
证书:
-- Server Certificate --
openssl x509 -in rrrrserver.crt -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=IN, ST=RAJ, L=JAI, O=VJ, OU=Dev, CN=RRR/emailAddress=rrr@xyz.com
Validity
Not Before: May 2 20:51:48 2018 GMT
Not After : May 2 20:51:48 2019 GMT
Subject: C=PT, ST=Lisboa, O=Oats In The Water, CN=<MY-machine name>com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:8b:8b:04:5b:0f:ac:51:70:67:8c:ac:7f:37:28:
09:9a:9a:7f:06:45:7c:90:65:d0:e7:92:53:08:69:
08:2c:b5:f7:35:f6:d2:bf:98:5a:26:33:2c:b0:d0:
26:1d:b7:7f:86:9a:f2:35:a5:9f:a2:8b:d9:f0:3e:
7c:01:a5:d8:d8:e8:f6:04:13:80:b4:f8:57:69:a8:
fa:d2:d0:09:09:98:f0:ce:94:b2:21:a4:65:02:01:
4e:2a:7c:e8:eb:88:c1:66:64:fb:dc:b5:55:4b:ae:
2b:49:ab:f2:19:6c:42:46:21:17:da:9f:5e:30:db:
f9:0b:18:52:3e:e0:3f:f0:5d:14:71:7f:a7:ab:cb:
16:98:51:88:ab:47:36:dc:84:90:ce:12:8f:52:a1:
11:b4:b8:a2:c1:4d:51:bc:40:8a:ff:6a:1e:69:2d:
56:6a:4d:ec:93:85:0b:69:0c:e8:17:42:78:87:01:
d7:88:91:21:84:7c:63:ce:5a:8a:23:84:18:9d:ed:
db:23:ac:41:3a:3f:5c:70:ab:d9:76:59:2a:a8:43:
aa:c4:e2:f1:b4:af:3b:2e:15:bf:00:68:9b:ab:ad:
ab:2f:c2:58:18:93:b1:64:63:48:1e:c1:81:ca:1b:
63:39:f7:5e:1a:08:45:d7:94:10:b0:c8:98:01:d1:
cc:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Alternative Name:
DNS:<my machine name>.com
X509v3 Subject Key Identifier:
FD:1A:AF:45:00:89:25:FC:BE:98:49:70:98:B5:FB:E1:9D:28:AF:AB
Signature Algorithm: sha256WithRSAEncryption
b7:05:1b:f6:96:0b:b9:55:9b:99:a0:d8:c3:67:5c:e6:25:e9:
00:e5:cb:47:c5:8b:df:a0:c9:16:23:7e:be:c0:27:4f:1c:6b:
4b:65:e8:3f:ba:21:0a:76:4a:d0:35:97:44:8b:63:8e:2a:6e:
10:1d:8b:3a:cb:8d:ab:d2:97:a4:6a:49:17:e4:00:01:36:0f:
32:5c:d7:9a:14:55:a8:28:a8:c7:cd:25:47:94:ae:93:67:7b:
11:10:1b:ee:1a:c7:51:2b:2f:f1:93:eb:a0:8c:86:5b:d8:0a:
e9:17:9f:45:82:4f:a4:6f:fc:9e:16:1d:53:0a:94:2a:8e:77:
f9:7a:a3:9a:c5:f0:8f:fe:ad:8c:38:58:c4:9f:86:3a:1d:00:
03:05:f3:74:ea:3c:40:7e:86:c1:84:5c:87:91:00:ae:6e:a1:
db:e4:49:50:52:e8:0e:4f:0a:63:4b:32:92:64:41:56:d1:9b:
04:45:ee:e8:95:2b:98:26:49:44:38:bc:2d:bb:cb:5f:f1:e2:
61:4e:c1:4a:bd:60:f6:a8:b8:1e:3f:73:b1:4a:4c:71:1b:e0:
84:2d:69:c0:f9:38:18:aa:04:58:d9:4c:e8:f2:0f:63:89:36:
35:3c:08:23:dd:d7:ff:68:24:b6:58:70:0f:d4:f3:c5:8a:42:
fd:7d:9d:fe
设置信息:
客户:FreeBSD-10 + POCO + OpenSSL
服务器:FreeBSD-10 + Python 2.7
答案 0 :(得分:0)
通过将poco库的版本升级到最新版本(1.9.0)来解决此问题。