All geek questions in one place

Response to browser request with IO :: Socket :: SSL

The question formulated at the end, the first detailed description of the problem and what I already tested

I am writing code to demonstrate some basic principles to others. The code will never be productive, and simplification is assumed.

My goal (appart from others) is to write a simple application that uses a Web certificate to encrypt network traffic.

The starting point is an application that does not encrypt :

#!/usr/bin/env perl
use strict;
use warnings;
use IO::Socket::INET;

# auto-flush on socket
$| = 1;

# creating a listening socket
my $socket = new IO::Socket::INET (
    LocalAddr     => '0.0.0.0',     # local server address
    LocalPort     => '7777',        # local server port
    Listen        => 5,             # queue size for connections
    Proto         => 'tcp',         # protocol used
);
die "cannot create socket $!\n" unless $socket;
print "server waiting for client connection on port 7777\n";

while(1)
{
    # waiting for a new client connection
    my $client_socket = $socket->accept() or die "socket accept failed $!";

    # get information about a newly connected client
    my $client_address = $client_socket->peerhost();
    my $client_port    = $client_socket->peerport();
    print "connection from $client_address:$client_port\n";

    # read up to 1024 characters from the connected client
    my $client_data = '';
    sysread( $client_socket, $client_data, 1024);
    print "received data: $client_data\n";

    # write response data to the connected client
    print $client_socket "Hey $client_data!";

    # notify client that response has been sent
    shutdown($client_socket, 1);
}

END {
    $socket->close();
}

This application server can be called using this client:

#!/usr/bin/env perl
use IO::Socket::INET;

# auto-flush on socket
$| = 1;

# create a connecting socket
my $socket = new IO::Socket::INET (
    PeerHost    => '127.0.0.1',
    PeerPort    => '7777',
    Proto       => 'tcp',
);
die "cannot connect to the server $!\n" unless $socket;
print "connected to the server\n";

# data to send to a server
my $req = $ARGV[0] . '';
print $socket $req;

# notify server that request has been sent
shutdown($socket, 1);

# receive a response of up to 1024 characters from server
my $response = '';
sysread( $socket, $response,1024);
print "received response: $response\n";

$socket->close();

Client and server interaction might look like this:

inet$ perl server.pl server waiting for client connection on port 7777
connection from 127.0.0.1:40028
received data: Herbert

inet$ perl client.pl "Herbert"
connected to the server
received response: Hey Herbert!

Most interesting: the server can also be called from the browser:

Access TCP Server with Firefox

So, the first conclusion: the code works and is good for demonstrating the basic functions of simple Client-Server interaction.

SSL

, SSL- :

$ diff inet/server.pl ssl/server.pl 
7c7
< use IO::Socket::INET;
---
> use IO::Socket::SSL 'inet4';
13c13
< my $socket = new IO::Socket::INET (
---
> my $socket = IO::Socket::SSL->new (
17a18,19
>     SSL_cert_file => 'cert.pem',    # SSL certificate   
>     SSL_key_file  => 'key.pem',     # SSL certificate key

$ diff inet/client.pl ssl/client.pl 
5c5
< use IO::Socket::INET;
---
> use IO::Socket::SSL 'inet4';
11c11
< my $socket = new IO::Socket::INET (
---
> my $socket = new IO::Socket::SSL (
14a15
>     SSL_ca_file => 'cert.pem',

, SSL:

#!/usr/bin/env perl
use strict;
use warnings;
use IO::Socket::SSL 'inet4';

# auto-flush on socket
$| = 1;

# creating a listening socket
my $socket = IO::Socket::SSL->new (
    LocalAddr     => '0.0.0.0',     # local server address
    LocalPort     => '7777',        # local server port
    Listen        => 5,             # queue size for connections
    Proto         => 'tcp',         # protocol used
    SSL_cert_file => 'cert.pem',    # SSL certificate   
    SSL_key_file  => 'key.pem',     # SSL certificate key
);
die "cannot create socket $!\n" unless $socket;
print "server waiting for client connection on port 7777\n";

while(1)
{
    # waiting for a new client connection
    my $client_socket = $socket->accept() or die "socket accept failed $!";

    # get information about a newly connected client
    my $client_address = $client_socket->peerhost();
    my $client_port    = $client_socket->peerport();
    print "connection from $client_address:$client_port\n";

    # read up to 1024 characters from the connected client
    my $client_data = '';
    sysread( $client_socket, $client_data, 1024);
    print "received data: $client_data\n";

    # write response data to the connected client
    print $client_socket "Hey $client_data!";

    # notify client that response has been sent
    shutdown($client_socket, 1);
}

END {
    $socket->close();
}


#!/usr/bin/env perl
use IO::Socket::SSL 'inet4';

# auto-flush on socket
$| = 1;

# create a connecting socket
my $socket = new IO::Socket::SSL (
    PeerHost    => '127.0.0.1',
    PeerPort    => '7777',
    Proto       => 'tcp',
    SSL_ca_file => 'cert.pem',
);
die "cannot connect to the server $!\n" unless $socket;
print "connected to the server\n";

# data to send to a server
my $req = $ARGV[0] . '';
print $socket $req;

# notify server that request has been sent
shutdown($socket, 1);

# receive a response of up to 1024 characters from server
my $response = '';
sysread( $socket, $response,1024);
print "received response: $response\n";

$socket->close();

:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

:

ssl$ perl server.pl 
Enter PEM pass phrase:
server waiting for client connection on port 7777
connection from 127.0.0.1:40041
received data: Sabine

ssl$ perl client.pl "Sabine"
connected to the server
received response: Hey Sabine!

, , - , Firefox Chrome, , :

openssl pkcs12 -export -in cert.pem -inkey key.pem -out webcert.p12

.

. $socket->accept() - .
UPDATE: $SSL_ERROR :

SSL accept attempt failed error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request

ssl

p5-ssl-tools-master$ perl analyze-ssl.pl --show-chain --all-ciphers -v3 127.0.0.1:7777
+ checking host=127.0.0.1(127.0.0.1) port=7777
* version SSLv23 no verification, ciphers= -> TLSv1_2,ECDHE-RSA-AES128-GCM-SHA256
* version SSLv23 no verification, ciphers=HIGH:ALL -> TLSv1_2,ECDHE-RSA-AES128-GCM-SHA256
* version TLSv1_2 no verification, ciphers= -> TLSv1_2,ECDHE-RSA-AES128-GCM-SHA256
* version TLSv1_2 no verification, ciphers=HIGH:ALL -> TLSv1_2,ECDHE-RSA-AES128-GCM-SHA256
* version TLSv1_1 no verification, ciphers= -> TLSv1_1,ECDHE-RSA-AES256-SHA
* version TLSv1_1 no verification, ciphers=HIGH:ALL -> TLSv1_1,ECDHE-RSA-AES256-SHA
* version TLSv1 no verification, ciphers= -> TLSv1,ECDHE-RSA-AES256-SHA
* version TLSv1 no verification, ciphers=HIGH:ALL -> TLSv1,ECDHE-RSA-AES256-SHA
* version SSLv3, no verification, ciphers= -> FAIL! SSL connect attempt failed because of handshake problems error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
+ 127.0.0.1 failed permanently 'tcp connect: Verbindungsaufbau abgelehnt', no more IP to try
tcp connect: Verbindungsaufbau abgelehnt

, , , , , ?

ssl$ perl server.pl 
Enter PEM pass phrase:
server waiting for client connection on port 7777
connection from 127.0.0.1:40042
received data: 
connection from 127.0.0.1:40043
received data: 
connection from 127.0.0.1:40044
received data: 
connection from 127.0.0.1:40045
received data: 
connection from 127.0.0.1:40046
received data: 
connection from 127.0.0.1:40047
received data: 
connection from 127.0.0.1:40048
received data: 
connection from 127.0.0.1:40049
received data: 
socket accept failed  at server.pl line 27.

? , SSL. , SSL-Perl-Client . , ? - ?

UPDATE: "SSL23" $SSL_ERROR "SSL3", , SSL? , ? ( , Client-Test "SSL23", , ...)

.

UPDATE: $IO::Socket::SSL::DEBUG = 3;

ssl$ perl server.pl 
Enter PEM pass phrase:
DEBUG: .../IO/Socket/SSL.pm:2554: new ctx 42708208
server waiting for client connection on port 7777
DEBUG: .../IO/Socket/SSL.pm:799: no socket yet
DEBUG: .../IO/Socket/SSL.pm:801: accept created normal socket IO::Socket::SSL=GLOB(0x28ac158)
DEBUG: .../IO/Socket/SSL.pm:829: starting sslifying
DEBUG: .../IO/Socket/SSL.pm:873: Net::SSLeay::accept -> -1
DEBUG: .../IO/Socket/SSL.pm:1779: SSL accept attempt failed

DEBUG: .../IO/Socket/SSL.pm:1784: SSL accept attempt failed error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
socket accept failed: SSL accept attempt failed error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request at server.pl line 28.
DEBUG: .../IO/Socket/SSL.pm:2587: free ctx 42708208 open=42708208
DEBUG: .../IO/Socket/SSL.pm:2599: OK free ctx 42708208
+4
1

... SSL-: 1407609C: SSL: SSL23_GET_CLIENT_HELLO: http-

, URL http:// , URL https://. , HTTP- , TLS HTTP- .

, , HTTP 0.9, HTTP-. .

+2

Source: https://habr.com/ru/post/1665129/

More articles:


All Articles