个人中心
gpt4 book ai didi

perl - 通过 ip 地址测试 SNI https 服务

转载 作者:太空宇宙 更新时间:2023-11-03 13:23:20 24 4
gpt4 key购买 nike

我正在编写一个 perl 脚本来测试服务器,然后再从旧服务器切换 DNS(以支持服务器迁移)。我宁愿不破解/etc/hosts 来覆盖 DNS 进行测试,而是让脚本 munge 正常工作。

对于非 SSL 连接来说这很容易,但我在使用 SSL 时遇到了麻烦 - 它适用于大多数网站,因为大多数网站仍然将网站绑定(bind)到 IP 地址,但一个特定客户的网站太聪明了,不利于自身利益(无论如何,这就是事情的发展方向),我需要告诉 LWP::UserAgent 连接到一个 IP 地址,但在请求中使用服务器名(SSL SNI 和 HTTP 主机:)。

我正在使用 ssl_opts 设置 SNI 主机名(SSLeay 跟踪显示设置正确),并将 Host HTTP header 强制设置为服务器名(打印出请求显示应该设置正确),但是 LWP 使用 url 来决定要连接到哪个主机,并且该 url 正在到达它不应该到达的地方(我希望实际的“GET”只是“GET/”,所以请求“as_string”不是此处完全准确),导致错误:

#!/usr/bin/perl

#
#  ht
#
#  https test
#  see if I can force a Host: header
#  while using an ip address to connect
#

use strict;

use Net::SSLeay;
use LWP::UserAgent;
$Net::SSLeay::trace = 2;

my $ip = '1.2.3.4';
my $server_name = 'server.name';
my $url = "https://$ip/";
#my $url = "https://$server_name/";

print "connecting to $ip for $server_name\n";

my $h = HTTP::Headers->new;
$h->header('Host' => $server_name);

my %options = (
    'ssl_opts' => { SSL_hostname => $server_name }
);

my $ua = LWP::UserAgent->new(%options);
$ua->agent("perl-mpchk/0.1 ");

# Create a request
my $req;
$req = HTTP::Request->new('GET', $url, $h);
print $req->as_string, "\n";

# Send request to the user agent and get a response back
my $res = $ua->request($req);
if (!defined($res)) {
    die "connect to $url failed\n";
}

print $res->status_line, "\n";

exit 0;

主机名:

connecting to 1.2.3.4 for server.name
GET https://server.name/
Host: server.name

DEBUG: .../IO/Socket/SSL.pm:562: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:564: socket connected
DEBUG: .../IO/Socket/SSL.pm:586: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:619: using SNI with hostname server.name
DEBUG: .../IO/Socket/SSL.pm:654: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:673: set socket to non-blocking to enforce timeout=180
DEBUG: .../IO/Socket/SSL.pm:699: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:709: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:729: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:744: ssl handshake done
200 OK

有一个IP地址

connecting to 1.2.3.4 for server.name
GET https://1.2.3.4/
Host: server.name

DEBUG: .../IO/Socket/SSL.pm:562: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:564: socket connected
DEBUG: .../IO/Socket/SSL.pm:586: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:619: using SNI with hostname server.name
DEBUG: .../IO/Socket/SSL.pm:654: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:673: set socket to non-blocking to enforce timeout=180
DEBUG: .../IO/Socket/SSL.pm:699: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:709: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:729: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:744: ssl handshake done
500 Unknown Domain

最佳答案

您可以跳过 LWP 并直接使用套接字:

use IO::Socket::SSL;

my $ip_address = ...;
my $server_name = ...;

my $cl = IO::Socket::SSL->new(
    PeerAddr => $ip_address,
    PeerPort => 443,
    SSL_hostname => $server_name,
    SSL_verifycn_name => $server_name,
    SSL_verifycn_scheme => 'http',
);
print $cl "GET / HTTP/1.0\r\nHost: $server_name\r\n\r\n";
print scalar(<$cl>);  # status line

关于perl - 通过 ip 地址测试 SNI https 服务,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41905483/

24 4 0
文章推荐: c# - Wix:无法使用自定义操作设置属性
文章推荐: java - Android 应用程序如何充当桌面应用程序的远程 Controller ? (音乐)
文章推荐: android - 异常调度输入事件和 SwipeRefreshLayout 下拉空指针异常
文章推荐: ssl - Multi-Tenancy 应用-SSL证书
太空宇宙
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com