SORU
26 ŞUBAT 2011, CUMARTESİ


Neden bu kod ile TLS, TLS el sıkışması çalıştırmayı denerken bir hata var mı?

TLS twisted.protocols.tls, bir arabirim kullanarak TLS çalışan bir kuralı uygulamak için hafıza BİO kullanarak OpenSSL etmeye çalıştım.

Çoğunlukla normal bir TCP ulaşım gibi görünen, ama startTLS stopTLS ve TLS bir katman ekleme ve çıkarma yöntemleri sırasıyla hangi protokolü bir sarıcı olarak uygulanmaktadır. Bu TLS ilk katman için gayet iyi çalışıyor. Ben bir "" Çarpık TLS taşıma. yerli yerinde çalıştırmak da gayet iyi çalışıyor Eğer ikinci bir katman TLS startTLS yöntemi bu sarıcı tarafından sağlanan kullanarak eklemek için çalışırsanız, ancak, hemen bir el sıkışma bir hata var ve Bağlantı bilinmeyen kullanılamaz durumda biter.

Sarıcı ve çalışalım iki yardımcıları bu gibi görünüyor:

from twisted.python.components import proxyForInterface
from twisted.internet.error import ConnectionDone
from twisted.internet.interfaces import ITCPTransport, IProtocol
from twisted.protocols.tls import TLSMemoryBIOFactory, TLSMemoryBIOProtocol
from twisted.protocols.policies import ProtocolWrapper, WrappingFactory

class TransportWithoutDisconnection(proxyForInterface(ITCPTransport)):
    """
    A proxy for a normal transport that disables actually closing the connection.
    This is necessary so that when TLSMemoryBIOProtocol notices the SSL EOF it
    doesn't actually close the underlying connection.

    All methods except loseConnection are proxied directly to the real transport.
    """
    def loseConnection(self):
        pass


class ProtocolWithoutConnectionLost(proxyForInterface(IProtocol)):
    """
    A proxy for a normal protocol which captures clean connection shutdown
    notification and sends it to the TLS stacking code instead of the protocol.
    When TLS is shutdown cleanly, this notification will arrive.  Instead of telling
    the protocol that the entire connection is gone, the notification is used to
    unstack the TLS code in OnionProtocol and hidden from the wrapped protocol.  Any
    other kind of connection shutdown (SSL handshake error, network hiccups, etc) are
    treated as real problems and propagated to the wrapped protocol.
    """
    def connectionLost(self, reason):
        if reason.check(ConnectionDone):
            self.onion._stopped()
        else:
            super(ProtocolWithoutConnectionLost, self).connectionLost(reason)


class OnionProtocol(ProtocolWrapper):
    """
    OnionProtocol is both a transport and a protocol.  As a protocol, it can run over
    any other ITransport.  As a transport, it implements stackable TLS.  That is,
    whatever application traffic is generated by the protocol running on top of
    OnionProtocol can be encapsulated in a TLS conversation.  Or, that TLS conversation
    can be encapsulated in another TLS conversation.  Or **that** TLS conversation can
    be encapsulated in yet *another* TLS conversation.

    Each layer of TLS can use different connection parameters, such as keys, ciphers,
    certificate requirements, etc.  At the remote end of this connection, each has to
    be decrypted separately, starting at the outermost and working in.  OnionProtocol
    can do this itself, of course, just as it can encrypt each layer starting with the
    innermost.
    """
    def makeConnection(self, transport):
        self._tlsStack = []
        ProtocolWrapper.makeConnection(self, transport)


    def startTLS(self, contextFactory, client, bytes=None):
        """
        Add a layer of TLS, with SSL parameters defined by the given contextFactory.

        If *client* is True, this side of the connection will be an SSL client.
        Otherwise it will be an SSL server.

        If extra bytes which may be (or almost certainly are) part of the SSL handshake
        were received by the protocol running on top of OnionProtocol, they must be
        passed here as the **bytes** parameter.
        """
        # First, create a wrapper around the application-level protocol
        # (wrappedProtocol) which can catch connectionLost and tell this OnionProtocol 
        # about it.  This is necessary to pop from _tlsStack when the outermost TLS
        # layer stops.
        connLost = ProtocolWithoutConnectionLost(self.wrappedProtocol)
        connLost.onion = self
        # Construct a new TLS layer, delivering events and application data to the
        # wrapper just created.
        tlsProtocol = TLSMemoryBIOProtocol(None, connLost, False)
        tlsProtocol.factory = TLSMemoryBIOFactory(contextFactory, client, None)

        # Push the previous transport and protocol onto the stack so they can be
        # retrieved when this new TLS layer stops.
        self._tlsStack.append((self.transport, self.wrappedProtocol))

        # Create a transport for the new TLS layer to talk to.  This is a passthrough
        # to the OnionProtocol's current transport, except for capturing loseConnection
        # to avoid really closing the underlying connection.
        transport = TransportWithoutDisconnection(self.transport)

        # Make the new TLS layer the current protocol and transport.
        self.wrappedProtocol = self.transport = tlsProtocol

        # And connect the new TLS layer to the previous outermost transport.
        self.transport.makeConnection(transport)

        # If the application accidentally got some bytes from the TLS handshake, deliver
        # them to the new TLS layer.
        if bytes is not None:
            self.wrappedProtocol.dataReceived(bytes)


    def stopTLS(self):
        """
        Remove a layer of TLS.
        """
        # Just tell the current TLS layer to shut down.  When it has done so, we'll get
        # notification in *_stopped*.
        self.transport.loseConnection()


    def _stopped(self):
        # A TLS layer has completely shut down.  Throw it away and move back to the
        # TLS layer it was wrapping (or possibly back to the original non-TLS
        # transport).
        self.transport, self.wrappedProtocol = self._tlsStack.pop()

Bu egzersiz için basit bir istemci ve sunucu programları, launchpad kullanılabilir (bzr branch lp:~exarkun/ junk/onion) var. startTLS yukarıdaki yöntemi çağırmak için iki kez kullandığımda, stopTLS, Bu OpenSSL hata için hiçbir müdahale çağrısı ile geliyor:

OpenSSL.SSL.Error: [('SSL routines', 'SSL23_GET_SERVER_HELLO', 'unknown protocol')]

Neden her şey ters gitmek zorunda?

CEVAP
1 Aralık 2013, Pazar


ileti günlüğünü yararlı olacaktır. Sanırım eğer sizin config böyle bir şey gerekir:

<source name ="System.ServiceModel.MessageLogging" 
      switchValue="Verbose, ActivityTracing">        
<listeners>
  <add name="xml" />
</listeners>

Lütfen kaynak adı buraya dikkat edin 'Sistemi.ServiceModel.'Ve 'Sistem değil.MessageLogging'. ServiceModel

Tam örnek için lütfen bu makaleye bakın: http://msdn.microsoft.com/en-us/library/dd788183.aspx

Bu size yardımcı olacağını umuyoruz.

Bunu Paylaş:
  • Google+
  • E-Posta
Etiketler:

YORUMLAR

SPONSOR VİDEO

Rastgele Yazarlar

  • Nickcidious

    Nickcidious

    6 HAZİRAN 2011
  • Roger Huffman

    Roger Huffma

    4 ŞUBAT 2007
  • wwjoshdu

    wwjoshdu

    18 ŞUBAT 2011