Hi Guys,
I’m having a weird (to me, at least) problem trying to connect to an SSL
socket using a custom protocol and read and send some data. Any help
would be greatly appreciated.
I’m getting the error:
/usr/lib/ruby/1.8/openssl/buffering.rb:35:in sysread': Connection reset by peer (Errno::ECONNRESET) from /usr/lib/ruby/1.8/openssl/buffering.rb:35:in
fill_rbuff’
from /usr/lib/ruby/1.8/openssl/buffering.rb:67:in read' from ./display_pusher.rb:23:in
update_display’
from ./display_pusher.rb:44
My code is as follows:
#!/usr/bin/ruby
require ‘openssl’
require ‘socket’
require ‘resolv’
class DisplayUpdater
def self.update_display(address, port, data)
sslCtx = OpenSSL::SSL::SSLContext.new()
sslCtx.ca_file = ‘cacert.pem’
sslCtx.cert = OpenSSL::X509::Certificate.new(File.read(“cert.pem”))
sslCtx.key = OpenSSL::PKey::RSA.new(File.read(“key.pem”))
sslCtx.verify_mode = OpenSSL::SSL::VERIFY_PEER
tcpSock = TCPSocket::new(address, port)
sslSock = OpenSSL::SSL::SSLSocket.new(tcpSock, sslCtx)
sslSock.sync_close = true
sslSock.connect
success = false
sslSock.write(data + "\n")
response = sslSock.read #**ERROR OCCURS HERE
#do some stuff with response here
puts "Success!"
sslSock.close
sslCtx.flush_sessions
return success
end
end
DisplayUpdater::update_display(‘127.0.0.1’, 23, ‘–’)
The server is running xinetd -> stunnel -> a custom c++ app, and I can
connect to it flawlessly from the same computer that’s running ruby with
openssl s_client.
Any ideas what I’m doing wrong?
Thanks!
Mike Vastola wrote:
DisplayUpdater::update_display(‘127.0.0.1’, 23, ‘–’)
You’re really running an SSL server on the telnet port on your local
computer?
I can
connect to it flawlessly from the same computer that’s running ruby with
openssl s_client.
Can you show the full command line you use for openssl s_client ? And
the certificate validation result when you run it?
Also, have you tried:
sslSock.write(data + “\r\n”)
Brian C. wrote:
Mike Vastola wrote:
DisplayUpdater::update_display(‘127.0.0.1’, 23, ‘–’)
You’re really running an SSL server on the telnet port on your local
computer?
Haha. No. I change the port/hostname to mask what it really was.
I can
connect to it flawlessly from the same computer that’s running ruby with
openssl s_client.
Can you show the full command line you use for openssl s_client ? And
the certificate validation result when you run it?
openssl s_client -connect {non-localhost-host}:{non-telnet-port} -cert
cert.pem -key key.pem -CAfile cacert.pem
CONNECTED(00000003)
depth=1 {INSERT_CA_SUBJECT_HERE}
verify return:1
depth=0 {INSERT_SERVER_SUBJECT_HERE}
verify return:1
Certificate chain
0 s: {INSERT_SERVER_SUBJECT_HERE}
i: {INSERT_CA_SUBJECT_HERE}
1 s: {INSERT_CA_SUBJECT_HERE}
i: {INSERT_CA_SUBJECT_HERE}
Server certificate
-----BEGIN CERTIFICATE-----
{INSERT_CERTIFICATE_HERE}
-----END CERTIFICATE-----
subject= {INSERT_SERVER_SUBJECT_HERE}
issuer= {INSERT_CA_SUBJECT_HERE}
Acceptable client certificate CA names
{INSERT_CA_SUBJECT_HERE}
SSL handshake has read 4252 bytes and written 5147 bytes
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 4096 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
1BE2DD87165574CD6F2D99720007FDCA811C63546FB449A72B0293C54177A5E5
Session-ID-ctx:
Master-Key:
BCCAE579F3AF185BDAFF1D30D6F058573EC8266DE2877CE73E30ED7ED2BE819DD15B7098304F59529BAF6BE12FD18EED
Key-Arg : None
Start Time: 1284991918
Timeout : 300 (sec)
Verify return code: 0 (ok)
%%% Starting Here Is the actual Custom Protocol Communications %%%
OK
*** Setting display 00 to value ‘–’ via /dev/ttyUSB0.
DONE
%%% End Custom Protocol Communications %%%
closed
Also, have you tried:
sslSock.write(data + “\r\n”)
No… will try though…
Whoa. Just got it working when I changed the code to:
sslSock.write(data + "\n")
while line = sslSock.gets
puts line
success = true if line.chop == "DONE"
end
No idea why/how that fixed it, but thanks a ton!!!