[英]SSL Socket Connection working even though client is not sending certificate?
我是使用Java进行密码学的新手。 我必须构建一个程序,在进行任何数据通信之前交换证书。 我正在使用sslSockets构建基本的客户端 - 服务器程序,我没有使用HTTP / S,这只是为了获得额外的安全性。 (想知道Socket和SSLSocket之间的区别..它是否意味着一切都是自动加密的?)
这是我更新的服务器代码:
public class SSLServerExample {
final static String pathToStores = "C:/Users/XXX/Desktop/sslserverclientprogram";
final static String keyStoreFile = "keystore.jks";
final static String passwd = "changeit";
final static int theServerPort = 8443;
static boolean debug = false;
public static void main(String args[]) throws Exception {
String trustFilename = pathToStores + "/" + keyStoreFile;
// System.out.println("Verifying KeyStore File of Client..");
System.setProperty("javax.net.ssl.keyStore", trustFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
if (debug)
System.setProperty("javax.net.debug", "all");
System.out.println("Setting up SSL parameters");
// Initialize socket connection
SSLServerSocketFactory sslssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
SSLServerSocket sslServerSocket = (SSLServerSocket)sslssf.createServerSocket(theServerPort);
System.out.println("Server Started..Waiting for clients");
sslServerSocket.setNeedClientAuth(true);
SSLSocket sslSocket = (SSLSocket)sslServerSocket.accept();
//sslSocket.startHandshake();
System.out.println("Client Connected!");
InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream();
sslServerSocket.setNeedClientAuth(true);
final int RSAKeySize = 1024;
final String newline = "\n";
Key pubKey = null;
Key privKey = null;
boolean flag = sslSocket.getNeedClientAuth();
System.out.println("Flag value: "+ flag);
该标志导致False,即使我将其设置为true并且客户端发送由服务器解密而未相互验证的数据。
我错过了什么吗?
请帮忙。
PS:我的客户代码:
public class SSLClientExample {
final static String pathToStores = "C:/Users/XXX/Desktop/sslserverclientprogram";
final static String trustStoreFile = "cacerts.jks";
final static String passwd = "changeit";
final static String INPUT_FILE = "E:/workspace/input.txt";
final static String theServerName = "localhost";
final static int theServerPort = 8443;
static boolean debug = false;
public static void main(String args[]) throws Exception {
String trustFilename = pathToStores + "/" + trustStoreFile;
System.out.println("Validating KeyStore file of Server..");
System.setProperty("javax.net.ssl.trustStore", trustFilename);
System.setProperty("javax.net.ssl.trustStorePassword", passwd);
if (debug)
System.setProperty("javax.net.debug", "all");
SSLSocketFactory sslssf = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslSocket = (SSLSocket)sslssf.createSocket(theServerName, 8443);
System.out.println("Connected to Server!");
你必须调用sslServerSocket.setNeedClientAuth(true); 在接受传入的客户端连接之前。 您已在建立连接后修改服务器套接字的配置。
SSL客户端身份验证-即使我的客户端证书与“证书颁发机构”中的列表匹配,也找不到合适的证书
[英]SSL Client Authentiction - no suitable certificate found even though my client certificate matches to the list in 'Cert Authorities'
即使网络连接断开,发送消息时TCP套接字也不会引发任何异常
[英]TCP socket doesn't throw any exception when sending messages even though network connection is dropped
Java和神秘的SSL证书问题,即使证书路径有效
[英]Java and mysterious SSL certificate issue even though certification path is valid
Weblogic/Java 在与 IIS 的相互 SSL 集成中不发送客户端证书
[英]Weblogic/Java not sending Client Certificate in Mutual SSL Integration with IIS
使用SSL进行服务器端身份验证:从客户端发送证书文件
[英]server-side authentication with ssl: sending certificate file from client
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.