根据Linux 上的 TLS 1.3 和 OpenSSL 1.1.1,我可以在我的“控制台应用程序(.NET Core)”项目中使用 linux 下的 TLS 1.3。
我的代码
using System;
using System.IO;
using System.Net.Security;
using System.Net.Sockets;
using System.Reflection;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;
namespace TestTlsServer {
class Program {
static void Main(string[] args) {
string curdir = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location);
Console.WriteLine($"my assembly dir====>{curdir}");
SslProtocols protocol = SslProtocols.Tls13;
int port = 5555;
RemoteCertificateValidationCallback certificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => {
return (true);
};
X509Certificate2 serverCert = new X509Certificate2("server.pfx", "testpass123");
TcpListener server = TcpListener.Create(port);
server.Server.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.KeepAlive, true);
server.Server.NoDelay = true;
server.Server.SetSocketOption(SocketOptionLevel.IPv6, SocketOptionName.IPv6Only, false);
server.Start();
Task taskServer = Task.Run(() => {
Console.WriteLine("Server started");
while(true) {
TcpClient romoteClient = server.AcceptTcpClient();
Task.Run(() => {
Console.WriteLine($"==============>New Connection from {romoteClient.Client.RemoteEndPoint}");
using(romoteClient) {
using(SslStream sslStreamRomoteClient = new SslStream(romoteClient.GetStream(), false, certificateValidationCallback)) {
try {
sslStreamRomoteClient.AuthenticateAsServer(serverCert, true, protocol, true);
byte[] buf = new byte[1000];
int len = sslStreamRomoteClient.Read(buf, 0, buf.Length);
string receive = Encoding.UTF8.GetString(buf, 0, len);
Console.WriteLine($"server receive:{receive}");
string send = "Hi, this message is from server";
sslStreamRomoteClient.Write(Encoding.UTF8.GetBytes(send));
Console.WriteLine($"server send:{send}");
} catch(Exception ex) {
Console.WriteLine("======Server Exception==========================");
Console.WriteLine(ex);
}
}
}
});
}
});
taskServer.Wait();
}
}
}
我在centos7下编译openssl-1.1.1h.tar.gz得到了libssl.so.1.1和libcrypto.so.1.1,然后我在我的项目中添加了这两个库作为“内容”
将此项目发布到单个文件
现在我在centos下运行这个程序(注意:没有安装openssl1.1.1),当我尝试连接到这个服务器时出现以下异常。
my assembly dir====>/var/tmp/.net/root/TestTlsServer/unsorm3j.o1q
Server started
==============>New Connection from [::ffff:192.168.18.44]:58131
======Server Exception==========================
System.Security.Authentication.AuthenticationException: Authentication failed, s ee inner exception.
---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SS L_ERROR_SSL.
---> Interop+Crypto+OpenSslCryptographicException: error:1408A0C1:SSL routines: ssl3_get_client_hello:no shared cipher
--- End of inner exception stack trace ---
at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, Byte[] recvBuf, Int3 2 recvOffset, Int32 recvCount, Byte[]& sendBuf, Int32& sendCount)
at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials cre dential, SafeDeleteContext& context, ArraySegment`1 inputBuffer, Byte[]& outputB uffer, SslAuthenticationOptions sslAuthenticationOptions)
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken messa ge, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolTok en message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 cou nt, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readByte s, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtoco lRequest asyncRequest)
at System.Net.Security.SslStream.ForceAuthentication(Boolean receiveFirst, By te[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessAuthentication(LazyAsyncResult lazyRe sult, CancellationToken cancellationToken)
at System.Net.Security.SslStream.AuthenticateAsServer(SslServerAuthentication Options sslServerAuthenticationOptions)
at System.Net.Security.SslStream.AuthenticateAsServer(X509Certificate serverC ertificate, Boolean clientCertificateRequired, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at TestTlsServer.Program.<>c__DisplayClass0_1.<Main>b__2()
我认为这是因为程序无法加载这些库
/var/tmp/.net/root/TestTlsServer/unsorm3j.o1q/libcrypto.so.1.1
/var/tmp/.net/root/TestTlsServer/unsorm3j.o1q/libssl.so.1.1
然后我将此路径添加到 LD_LIBRARY_PATH
export LD_LIBRARY_PATH=/var/tmp/.net/root/TestTlsServer/unsorm3j.o1q:$LD_LIBRARY_PATH
现在它可以正常工作了!!
my assembly dir====>/var/tmp/.net/root/TestTlsServer/unsorm3j.o1q
Server started
==============>New Connection from [::ffff:192.168.18.44]:58172
server receive:Hi, this message is from client (C++)
server send:Hi, this message is from server
因为某些特殊原因,我不应该在我的目标 Centos PC 上安装 openssl1.1.1 并更改 LD_LIBRARY_PATH。这就是我在我的程序中打包 libssl.so.1.1 和 libcrypto.so.1.1 的原因。
程序如何在不更改“LD_LIBRARY_PATH”的情况下找到库?
或者
程序如何只为自己更改 LD_LIBRARY_PATH?
请给我一些建议!帮我!