通过ip地址测试SNI https服务
我正在编写一个perl脚本,以便在从旧服务器切换DNS之前测试服务器(用于支持服务器迁移)。我不想为了测试而破解/etc/hosts来覆盖DNS,而是让脚本munge来工作。
对于非SSL连接来说,这很容易,但我在使用SSL时遇到了麻烦--它适用于大多数站点,因为大多数站点仍然将站点绑定到ip地址,但是某个特定客户的站点对于自身来说太智能了(这就是事情应该朝的方向发展),我需要告诉LWP::UserAgent连接到IP地址,但在请求中使用servername (SSL SNI和HTTP Host:)。
我使用ssl_opts设置SNI主机名( SSLeay跟踪显示设置正确),并强制将Host HTTP报头设置为服务器名(输出请求显示应该设置正确),但LWP使用url来决定要连接到哪个主机,以及该url将进入不应该到达的位置(我希望实际的"GET“只是"GET /",因此请求"as_string”在这里并不完全准确),从而导致错误:
#!/usr/bin/perl
#
# ht
#
# https test
# see if I can force a Host: header
# while using an ip address to connect
#
use strict;
use Net::SSLeay;
use LWP::UserAgent;
$Net::SSLeay::trace = 2;
my $ip = '1.2.3.4';
my $server_name = 'server.name';
my $url = "https://$ip/";
#my $url = "https://$server_name/";
print "connecting to $ip for $server_name\n";
my $h = HTTP::Headers->new;
$h->header('Host' => $server_name);
my %options = (
'ssl_opts' => { SSL_hostname => $server_name }
);
my $ua = LWP::UserAgent->new(%options);
$ua->agent("perl-mpchk/0.1 ");
# Create a request
my $req;
$req = HTTP::Request->new('GET', $url, $h);
print $req->as_string, "\n";
# Send request to the user agent and get a response back
my $res = $ua->request($req);
if (!defined($res)) {
die "connect to $url failed\n";
}
print $res->status_line, "\n";
exit 0;使用主机名:
connecting to 1.2.3.4 for server.name
GET https://server.name/
Host: server.name
DEBUG: .../IO/Socket/SSL.pm:562: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:564: socket connected
DEBUG: .../IO/Socket/SSL.pm:586: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:619: using SNI with hostname server.name
DEBUG: .../IO/Socket/SSL.pm:654: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:673: set socket to non-blocking to enforce timeout=180
DEBUG: .../IO/Socket/SSL.pm:699: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:709: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:729: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:744: ssl handshake done
200 OK使用ip地址
connecting to 1.2.3.4 for server.name
GET https://1.2.3.4/
Host: server.name
DEBUG: .../IO/Socket/SSL.pm:562: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:564: socket connected
DEBUG: .../IO/Socket/SSL.pm:586: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:619: using SNI with hostname server.name
DEBUG: .../IO/Socket/SSL.pm:654: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:673: set socket to non-blocking to enforce timeout=180
DEBUG: .../IO/Socket/SSL.pm:699: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:709: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:729: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:744: ssl handshake done
500 Unknown Domain回答 2
Stack Overflow用户
发布于 2017-01-28 14:39:14
您可以跳过LWP,直接使用套接字:
use IO::Socket::SSL;
my $ip_address = ...;
my $server_name = ...;
my $cl = IO::Socket::SSL->new(
PeerAddr => $ip_address,
PeerPort => 443,
SSL_hostname => $server_name,
SSL_verifycn_name => $server_name,
SSL_verifycn_scheme => 'http',
);
print $cl "GET / HTTP/1.0\r\nHost: $server_name\r\n\r\n";
print scalar(<$cl>); # status lineStack Overflow用户
发布于 2017-01-31 07:40:25
问题原来是中间的一个代理,它正在转换为IP地址url表单。已更正以正确使用该名称,并开始工作。
https://stackoverflow.com/questions/41905483
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号