我這是怎麼產生我的SSL證書,密鑰等:SSL證書,而不是通過節儉驗證,但是OK通過瀏覽器
openssl genrsa -out server.key 1024
openssl rsa -in server.key -out new_key.pem
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 10000 -in server.csr -signkey new_key.pem -out server.crt
這工作,我可以在Chrome中看到輸出,雖然我得到一個警告我要先獲取病毒。
openssl s_server -cert server.crt -www -key new_key.pem
這是服務器的一個片段。我會說實話,我不知道到底是什麼每一行正在做,但我有一個好主意:
socketFactory->server(true); // this is the server
socketFactory->authenticate(false); // no auth?
socketFactory->loadCertificate("server.crt");
socketFactory->loadPrivateKey("new_key.pem");
客戶端:
socketFactory->loadTrustedCertificates("server.crt");
socketFactory->authenticate(true); //auth? wierd, right? This guy does this:[1]
[1] http://permalink.gmane.org/gmane.comp.lib.thrift.user/1651
如果我在客戶端註釋掉loadTrustedCertificates
,然後我得到一個SSL未驗證的證書異常。 留下這條線,我得到一個auth失敗異常。
這裏有2個更長的代碼片段,這些代碼片段可以更好地展示上面的代碼片斷。
服務器:
shared_ptr<SkullduggeryHandler> handler(new SkullduggeryHandler());
shared_ptr<TBufferedTransportFactory> transportFactory =
shared_ptr<TBufferedTransportFactory>(new TBufferedTransportFactory());
shared_ptr<TProtocolFactory> protocolFactory(new TBinaryProtocolFactory());
shared_ptr<TProcessor> processor(new SkullduggeryProcessor(handler));
shared_ptr<TSSLSocketFactory> socketFactory =
shared_ptr<TSSLSocketFactory>(new TSSLSocketFactory());
socketFactory->server(true);
socketFactory->authenticate(false);
socketFactory->loadCertificate("server.crt");
socketFactory->loadPrivateKey("new_key.pem");
shared_ptr<TSSLServerSocket> socket(new TSSLServerSocket(port, socketFactory));
TThreadedServer server(processor,
socket,
transportFactory,
protocolFactory);
server.serve();
客戶端:
shared_ptr <TSSLSocketFactory> socketFactory = shared_ptr<TSSLSocketFactory>(new TSSLSocketFactory());
socketFactory->loadTrustedCertificates("server.crt");
socketFactory->authenticate(false);
shared_ptr <TSSLSocket>socket = socketFactory->createSocket(configuration.ip, configuration.port);
shared_ptr<TBufferedTransport> transport(new TBufferedTransport(socket));
shared_ptr<TProtocol> protocol(new TBinaryProtocol(transport));
SkullduggeryClient client(protocol);
transport->open();
感謝您抽出寶貴的時間來閱讀。如果有明顯的錯誤,我會很高興聽到它。這一直是我現在已經很久的詛咒。太長。