可编译的 C++使用 MS SSPI 实现安全 SLL/TLS 客户端的代码

发布于 2024-08-17 15:22:32 字数 929 浏览 11 评论 0原文

如此处所述 http://www.ddj.com/cpp/184401688

我没有时间写这从头开始。

问过但没有回答 https://stackoverflow.com/questions/434961/implementing-ssl

问题是:

我正在寻找一些可编译的工作源代码来实现MS SSPI(如上面的线程中提到的),首选过程而不是OOP。

我在这里查看了代码项目示例:

http://www.codeproject.com/ KB/IP/sslclasses.aspx

但这是 C# OOP。将其转换为 C++ 代码并不简单。

OpenSSL

SChannel 调用遵循 GSS API 标准。当然,还有一些替代方案——例如 OpenSSL。这个包是该协议的完整而彻底的实现,对于非常熟悉 UNIX 的人来说无疑是最好的选择。该软件包最初针对 UNIX 社区,并依赖 Perl 运行时对其进行编译,因此对于从未使用过 UNIX 类型系统的 Windows 开发人员来说需要一些学习曲线。

除此之外,OpenSLL 还做了一些非常不标准的事情

Nikolai, 贡献了大量可编译的源代码 (www.coastrd.com) 我希望找到一个愿意做同样事情的人。

As described here
http://www.ddj.com/cpp/184401688

I do not have time to write this from scratch.

Asked and not answered
https://stackoverflow.com/questions/434961/implementing-ssl

THE QUESTION IS:

I am looking for some compilable working source code that implements MS SSPI (as alluded to in the thread above), procedural not OOP preferred.

I have looked at the code projects sample here:

http://www.codeproject.com/KB/IP/sslclasses.aspx

But this is C# OOP. Converting this to C++ code is not trivial.

OpenSSL

SChannel calls follow GSS API standards. There are, of course, some alternatives -- OpenSSL for example. This package is a complete and thorough implementation of the protocol and for someone all too familiar with UNIX is undoubtedly the best choice. The package originally targeted the UNIX community and to compile it relies on the Perl runtime, so some learning curve is required for Windows developers who never worked with UNIX-type systems.

Apart from that, OpenSLL does some very non-standard things

Nikolai,
Having contibuted a lot of COMPILABLE source code
(www.coastrd.com)
I was hoping to find someone willing to do the same.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

请远离我 2024-08-24 15:22:32

此 SSPI SChannel SMTPS 示例应在 Visual Studio 2008 中编译并运行,如下所示

http://www.coastrd.com/c-schannel-smtp(原始站点似乎已死;幸运的是 WaybackMachine 已将其存档)

SChannel 是 GSS API 的 Microsoft 实现,它包装了SSL/TLS 协议。

利用 SChannel 的优点:

  • SSPI 向开发人员屏蔽了血腥细节。
  • 运行最终应用程序不需要额外的设置:
  • SChannel 是操作系统的组成部分
  • 在 Windows ME/2000/XP/... 平台上,默认情况下安装和配置 SChannel
  • SChannel 调用遵循 GSS API 标准。
  • 您不需要创建/安装任何证书,
  • 无需第三方 dll(1MB 或更大)即可传送和安装

代码应生成如下所示的会话:

----- SSPI 已初始化
----- WinSock 已初始化
----- 凭证已初始化
----- 已连接到服务器
发送70字节握手数据
收到974字节握手数据
发送182字节握手数据
收到43字节握手数据
握手成功
----- 执行客户端握手
----- 服务器凭据经过身份验证的

服务器主题:C=US、S=加利福尼亚、L=山景城、O=Google Inc、CN=smtp.gmail.com
服务器颁发者:C=ZA、S=西开普、L=开普敦、O=Thawte Consulting cc、OU=认证服务部门、CN=Thawte Premium Server CA、[email protected]

----- 显示证书链
----- 服务器证书已验证
----- 服务器证书上下文发布

协议:TLS1
密码:RC4
密码强度:128
哈希值:MD5
哈希强度:128
密钥交换:RSA
密钥交换强度:1024
----- 安全连接信息
收到 64 字节(加密)应用程序数据
解密数据:43字节
220 mx.google.com ESMTP 6sm17740567yxg.66

发送 7 字节的明文:
EHLO

已发送 28 字节加密数据
收到 169 字节(加密)应用程序数据
解密数据:148字节
250-mx.google.com 竭诚为您服务,[22.33.111.222]
250-尺寸 35651584
250-8BITMIME
250 个身份验证登录
250 个增强状态代码
250 PIPELINING

发送 7 个字节的明文:
退出

已发送的 28 字节加密数据
收到 69 字节(加密)应用程序数据
解密数据:48字节
221 2.0.0 关闭连接 6sm17740567yxg.66

----- SMTP 会话完成
发送关闭通知
发送23字节握手数据
----- 与服务器断开连接
----- 开始清理
----- 全部完成 -----

This SSPI SChannel SMTPS example should compile and run in Visual Studio 2008 as is

http://www.coastrd.com/c-schannel-smtp (the original site seems dead; fortunately WaybackMachine has it archived)

SChannel is the Microsoft implementation of the GSS API that wraps the SSL/TLS protocol.

Advantages of utilizing SChannel:

  • gory details are shielded from the developer by the SSPI.
  • No extra setup is required to run the final application:
  • SChannel is an integral part of the operating system
  • On Windows ME/2000/XP/... platforms, SChannel is installed and configured by default
  • SChannel calls follow GSS API standards.
  • You do not need to create/install any certificates
  • no third party dll's (1MB or larger) to ship and install

The code should produce a session that looks like this:

----- SSPI Initialized
----- WinSock Initialized
----- Credentials Initialized
----- Connectd To Server
70 bytes of handshake data sent
974 bytes of handshake data received
182 bytes of handshake data sent
43 bytes of handshake data received
Handshake was successful
----- Client Handshake Performed
----- Server Credentials Authenticated

Server subject: C=US, S=California, L=Mountain View, O=Google Inc, CN=smtp.gmail.com
Server issuer: C=ZA, S=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, [email protected]

----- Certificate Chain Displayed
----- Server Certificate Verified
----- Server certificate context released

Protocol: TLS1
Cipher: RC4
Cipher strength: 128
Hash: MD5
Hash strength: 128
Key exchange: RSA
Key exchange strength: 1024
----- Secure Connection Info
64 bytes of (encrypted) application data received
Decrypted data: 43 bytes
220 mx.google.com ESMTP 6sm17740567yxg.66

Sending 7 bytes of plaintext:
EHLO

28 bytes of encrypted data sent
169 bytes of (encrypted) application data received
Decrypted data: 148 bytes
250-mx.google.com at your service, [22.33.111.222]
250-SIZE 35651584
250-8BITMIME
250-AUTH LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250 PIPELINING

Sending 7 bytes of plaintext:
QUIT

28 bytes of encrypted data sent
69 bytes of (encrypted) application data received
Decrypted data: 48 bytes
221 2.0.0 closing connection 6sm17740567yxg.66

----- SMTP session Complete
Sending Close Notify
23 bytes of handshake data sent
----- Disconnected From Server
----- Begin Cleanup
----- All Done -----

破晓 2024-08-24 15:22:32

跟着我重复:“我想使用 OpenSSL”。

这个问题太严重了,太容易搞砸,以至于每次你想解决它时都得自己解决。如果您遇到 OpenSSL 问题,请尝试通过对话和 OpenSSL 补丁来解决该问题。

(没有人能避免搞砸,甚至是 Microsoft,甚至 OpenSSL。使用您可以查看源代码并且在出现问题时得到修补的东西。使用 OpenSSL。)

Repeat after me: "I want to use OpenSSL".

This problem is far too serious and far too easy to screw up to be rolling your own every time you want to solve it. If you have a problem with OpenSSL, then try to address that through dialogue and patches to OpenSSL.

(No one is immune to screwing it up, not even Microsoft, or indeed, OpenSSL. Use something whose source you can review and which gets patched when there are problems. Use OpenSSL.)

日裸衫吸 2024-08-24 15:22:32

您愿意为这种可编译的工作源代码支付多少钱?或者你期望有人把它给你吗? OpenSSL 的人已经这么做了。虽然很丑,但是价格合适。

How much would you be paying for such compilable working source code? Or did you expect somebody just give it to you? OpenSSL guys already did. It's god-ugly, but the price is right.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文