3
我已閱讀SSL TUNNELING INTERNET-DRAFT of December 1995並設置了一個HTTP透明代理,可與未加密的流量完美協作。如何通過透明代理實現SSL隧道?
看了上面的,還有GOOGLE了我的腦袋,被接受的方法是通過代理來創建安全流量的隧道似乎是:
連接請求的主機,然後讓代理髮送「HTTP 200 ...」確認消息返回給客戶端,然後從這一點簡單地傳遞客戶端和服務器之間所有進一步的數據流量。然而,當我嘗試這樣做時,客戶端(Chrome瀏覽器)使用三個wingdings字符來響應「HTTP 200 ...」消息,這些字符將轉發給遠程主機。此時沒有迴應,連接失敗。
這裏是我使用這個代碼,具有連接到主機後:
if((*request=='C')&&(*(request+1)=='O')&&(*(request+2)=='N')&&(*(request+3)=='N'))
{
int recvLen;
send(output,htok,strlen(htok),0); //htok looks like "HTTP/1.0 200 Connection Established\nProxy-Agent: this_proxy\r\n\r\n"
std::memset(buff,0,bSize);
int total;
int bytes;
int n;
char cdata[MAXDATA];
while ((recvLen = recv(output, buff, bSize-1,0)) > 0) //recving from client - here we get wingdings
{
memset(cdata,0, MAXDATA);
strcat(cdata, buff);
while(recvLen>=bSize-1)//just in case buff is too small
{
std::memset(buff,0,bSize);
recvLen=recv(output,buff,bSize-1,0);
strcat(cdata, buff);
}
total = 0;
bytes = strlen(cdata);
cout << cdata << endl;//how I see the wingdings
while (total < strlen(cdata))
{
n = send(requestSock, cdata + total, bytes,0);//forwarding to remote host
if(n == SOCKET_ERROR)
{
cout << "secure sending error" << endl;
break;
}
total += n;
bytes -= n;
}
std::memset(buff,0,bSize);
recvLen=recv(requestSock, buff, bSize,0);//get reply from remote host
if (recvLen > 0)
{
do
{
cout<<"Thread "<<threadid<<" [Connection:Secure]: "<<recvLen<<endl;
send(output, buff, recvLen,0);//forward all to client
recvLen= recv(requestSock, buff, bSize,0);
if(0==recvLen || SOCKET_ERROR==recvLen)
{
cout<<"finished secure receiving or socket error"<<endl;
break;
}
}while(true);
}
}//end while, loop checks again for client data
任何人能發現我的方式錯誤?
send()調用可以發送少於recvLen,並且您忽略這個事實。另一個問題是將SSL中的二進制數據作爲文本處理(您的代碼可以用於文本HTTP請求,但無論如何都會以二進制數據失敗)。 – 2012-03-06 07:02:44