Ruby Powershell SSL套接字客户端_Ruby_Sockets_Powershell_Ssl

Ruby Powershell SSL套接字客户端

ruby sockets powershell ssl

Ruby Powershell SSL套接字客户端,ruby,sockets,powershell,ssl,Ruby,Sockets,Powershell,Ssl,我在使用powershell连接到具有自签名证书的ssl套接字时遇到问题。我有一个连接良好的ruby客户端，我还使用--ssl交换机测试了ncat，并确认它连接良好$sslStream.AuthenticateAsClient是代码失败的地方，我从powershell“异常调用”AuthenticateAsClient“并使用“1”参数得到以下错误：“调用SSPI失败，请参阅内部异常”。非常感谢您的帮助 Powershell客户端 $socket = New-Object Net.Sockets

我在使用powershell连接到具有自签名证书的ssl套接字时遇到问题。我有一个连接良好的ruby客户端，我还使用--ssl交换机测试了ncat，并确认它连接良好$sslStream.AuthenticateAsClient是代码失败的地方，我从powershell“异常调用”AuthenticateAsClient“并使用“1”参数得到以下错误：“调用SSPI失败，请参阅内部异常”。非常感谢您的帮助

Powershell客户端

$socket = New-Object Net.Sockets.TcpClient('172.26.4.38', 8080)
$stream = $socket.GetStream()
$sslStream = New-Object System.Net.Security.SslStream($stream,$false,({$True} -as [Net.Security.RemoteCertificateValidationCallback]))
$sslStream.AuthenticateAsClient('172.26.4.38')
$writer = new-object System.IO.StreamWriter($sslStream)
$writer.WriteLine('hello world')
$writer.flush()
$socket.close()

$socket = New-Object Net.Sockets.TcpClient('172.26.4.38', 8080)
$stream = $socket.GetStream()
$sslStream = New-Object System.Net.Security.SslStream($stream,$false,({$True} -as [Net.Security.RemoteCertificateValidationCallback]))
$sslStream.AuthenticateAsClient('172.26.4.38')
$writer = new-object System. IO.StreamWriter($sslStream)
$writer.WriteLine('Hello World')
$writer.flush()
$socket.close()

Ruby服务器

#!/usr/bin/env ruby
require 'openssl'
require 'socket'
tcp_server = TCPServer.new('172.26.4.38', 8080)
ctx = OpenSSL::SSL::SSLContext.new
ctx.ssl_version = :SSLv23
ctx.key = OpenSSL::PKey::RSA.new 2048
ctx.cert = OpenSSL::X509::Certificate.new
ctx.cert.subject = OpenSSL::X509::Name.new [['CN', '172.26.4.38']]
ctx.cert.issuer = ctx.cert.subject
ctx.cert.public_key = ctx.key
ctx.cert.not_before = Time.now
ctx.cert.not_after = Time.now + 60 * 60 * 24
ctx.cert.sign ctx.key, OpenSSL::Digest::SHA1.new
server = OpenSSL::SSL::SSLServer.new tcp_server, ctx
socket = server.accept
puts 'client connected'
puts socket.gets

#!/usr/bin/env ruby
require 'openssl'
require 'socket'
tcp_server = TCPServer.new('172.26.4.38', 8080)
ctx = OpenSSL::SSL::SSLContext.new
ctx.cert = OpenSSL::X509::Certificate.new(File.open('server.crt'))
ctx.key = OpenSSL::PKey::RSA.new(File.open('server.key'))
server = OpenSSL::SSL::SSLServer.new tcp_server, ctx 
socket = server.accept
puts 'client connected'
puts socket.gets

无论发生什么情况，您都可以通过强制回调返回true来让powershell忽略任何证书问题

[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

beaware，这将绕过powershell会话中的任何ssl验证。

这是ruby代码创建自签名证书时出现的问题。使用openssl和openssl req-x509-nodes-days 365-newkey rsa:2048-keyout server.key-out server.crt，以下powershell代码工作正常

客户端

$socket = New-Object Net.Sockets.TcpClient('172.26.4.38', 8080)
$stream = $socket.GetStream()
$sslStream = New-Object System.Net.Security.SslStream($stream,$false,({$True} -as [Net.Security.RemoteCertificateValidationCallback]))
$sslStream.AuthenticateAsClient('172.26.4.38')
$writer = new-object System.IO.StreamWriter($sslStream)
$writer.WriteLine('hello world')
$writer.flush()
$socket.close()

$socket = New-Object Net.Sockets.TcpClient('172.26.4.38', 8080)
$stream = $socket.GetStream()
$sslStream = New-Object System.Net.Security.SslStream($stream,$false,({$True} -as [Net.Security.RemoteCertificateValidationCallback]))
$sslStream.AuthenticateAsClient('172.26.4.38')
$writer = new-object System. IO.StreamWriter($sslStream)
$writer.WriteLine('Hello World')
$writer.flush()
$socket.close()

服务器

#!/usr/bin/env ruby
require 'openssl'
require 'socket'
tcp_server = TCPServer.new('172.26.4.38', 8080)
ctx = OpenSSL::SSL::SSLContext.new
ctx.ssl_version = :SSLv23
ctx.key = OpenSSL::PKey::RSA.new 2048
ctx.cert = OpenSSL::X509::Certificate.new
ctx.cert.subject = OpenSSL::X509::Name.new [['CN', '172.26.4.38']]
ctx.cert.issuer = ctx.cert.subject
ctx.cert.public_key = ctx.key
ctx.cert.not_before = Time.now
ctx.cert.not_after = Time.now + 60 * 60 * 24
ctx.cert.sign ctx.key, OpenSSL::Digest::SHA1.new
server = OpenSSL::SSL::SSLServer.new tcp_server, ctx
socket = server.accept
puts 'client connected'
puts socket.gets

#!/usr/bin/env ruby
require 'openssl'
require 'socket'
tcp_server = TCPServer.new('172.26.4.38', 8080)
ctx = OpenSSL::SSL::SSLContext.new
ctx.cert = OpenSSL::X509::Certificate.new(File.open('server.crt'))
ctx.key = OpenSSL::PKey::RSA.new(File.open('server.key'))
server = OpenSSL::SSL::SSLServer.new tcp_server, ctx 
socket = server.accept
puts 'client connected'
puts socket.gets

我已经试过了，我也试过了$sslStream=newobjectsystem.Net.Security.sslStream（$socket.GetStream（），$false，（{$True}-as[Net.Security.RemoteCertificateValidationCallback]））但由于某些原因，这也不起作用。它在证书上不断失败。我要指出的是，如果您为每个连接生成自签名证书，客户端将无法将其作为受信任的锚，因此您必须始终以这种方式忽略无效证书，这也将使您的连接变为vul不受MITM攻击。