SSL在ActionScript 3中接受自签名证书

时间:2013-05-22 12:54:04

标签: actionscript-3 flash flex ssl flash-builder

我正在尝试使用SecureSocket连接到服务器。我正在使用已实现SecureSocket类的FlashBuilder 4.6。问题是在创建SecureSocket对象并调用connect函数后,我得到ioError - 输入2031,对serverCertificateStatus“无效”。服务器端的证书是自签名的。有没有办法让flash使用自签名证书?

2 个答案:

答案 0 :(得分:1)

您可以改为使用as3crypto TLSSocket(我建议使用我的patched版本,它有几个关键issues的补丁),它还包含新方法{{1在您的情况下可能有所帮助(只需添加* .der格式的证书,在任何情况下都会被接受(自签名,错误的域等)。

addTrustedCertificate

理论上package { import com.hurlant.crypto.tls.SSLSecurityParameters; import com.hurlant.crypto.tls.TLSConfig; import com.hurlant.crypto.tls.TLSEngine; import com.hurlant.crypto.tls.TLSSocket; import com.hurlant.util.der.PEM; import com.kamagames.core.util.log.Logger; import com.kamagames.core.util.log.TraceTarget; import flash.display.Sprite; import flash.events.Event; import flash.events.IOErrorEvent; import flash.events.ProgressEvent; import flash.events.SecurityErrorEvent; import flash.net.SecureSocket; import flash.utils.ByteArray; public class sockettest extends Sprite { [Embed(source="cert.pem", mimeType="application/octet-stream")] private static const cert_pem:Class; private var tlssocket:TLSSocket; private var secsocket:SecureSocket; public function sockettest() { var cert_pem_bytes:ByteArray = new cert_pem(); var cert_der:ByteArray = PEM.readCertIntoArray(cert_pem_bytes.readUTFBytes(cert_pem_bytes.bytesAvailable)); var config:TLSConfig = new TLSConfig(TLSEngine.CLIENT, null, null, null, null, null, SSLSecurityParameters.PROTOCOL_VERSION); config.ignoreCommonNameMismatch = true; config.addTrustedCertificate(cert_der); var socket:Object = new TLSSocket(null, 0, config); socket.addEventListener(Event.CONNECT, log); socket.addEventListener(ProgressEvent.SOCKET_DATA, log); socket.addEventListener(Event.CLOSE, log); socket.addEventListener(IOErrorEvent.IO_ERROR, log); socket.addEventListener(SecurityErrorEvent.SECURITY_ERROR, log); socket.connect("google.com", 443); } private function log(event:Event):void { trace(event.type); } } } 方法也可以帮助你,但我不确定它,可能只适用于链式证书。

一般来说,修补SecureSocket.addBinaryChainBuildingCertificateTLSSocket更适合应用程序,因为它开源并获得对通信过程的更多整体控制,但SecureSocket对于系统是原生的,如@ Reboog711所述(它使用系统证书,例如SecureSocket不能)

答案 1 :(得分:0)

tlssocket.addEventListener(ProgressEvent.SOCKET_DATA, ESecureSocketData);
private function ESecureSocketData( evt:ProgressEvent ):void
{
    StartTimer();

    ReadResponse();
    ParseMessage();
}
private function ReadResponse():void
{
    var o_Bytes:ByteArray = new ByteArray();

    tlssocket.readBytes( o_Bytes, 0, tlssocket.bytesAvailable );

    for ( var i:uint = 0; i < o_Bytes.length; i ++ ) {
        o_Bytes.position    = i;
        str_Response        += String.fromCharCode( o_Bytes.readByte() );
    }
}
相关问题
最新问题