Пример кода клиента SSL POCO падает после получения сертификата

Question

Мой клиент POCO SSL продолжает сбой для внутреннего сервера, но для "https://www.google.com, https://amazon.com" он работает нормально.

Для своего проекта я создал клиент POCO (использовал пример кода POCO). Изначально у меня было несколько проблем с сертификатом, но теперь все они решены, и я могу открыть свой сервер в Chrome (без какой-либо ошибки).

Как я могу решить эту проблему / сбой?

Код:

#include "Poco/URIStreamOpener.h"
#include "Poco/StreamCopier.h"
#include "Poco/Path.h"
#include "Poco/URI.h"
#include "Poco/SharedPtr.h"
#include "Poco/Exception.h"
#include "Poco/Net/HTTPStreamFactory.h"
#include "Poco/Net/HTTPSStreamFactory.h"
#include "Poco/Net/FTPStreamFactory.h"
#include "Poco/Net/SSLManager.h"
#include "Poco/Net/KeyConsoleHandler.h"
#include "Poco/Net/ConsoleCertificateHandler.h"
#include <memory>
#include <iostream>


using Poco::URIStreamOpener;
using Poco::StreamCopier;
using Poco::Path;
using Poco::URI;
using Poco::SharedPtr;
using Poco::Exception;
using Poco::Net::HTTPStreamFactory;
using Poco::Net::HTTPSStreamFactory;
using Poco::Net::FTPStreamFactory;
using Poco::Net::SSLManager;
using Poco::Net::Context;
using Poco::Net::KeyConsoleHandler;
using Poco::Net::PrivateKeyPassphraseHandler;
using Poco::Net::InvalidCertificateHandler;
using Poco::Net::ConsoleCertificateHandler;


class SSLInitializer
{
public:
    SSLInitializer()
    {
        Poco::Net::initializeSSL();
    }

    ~SSLInitializer()
    {
        Poco::Net::uninitializeSSL();
    }
};


int main(int argc, char** argv)
{
    SSLInitializer sslInitializer;
    HTTPStreamFactory::registerFactory();
    HTTPSStreamFactory::registerFactory();
    FTPStreamFactory::registerFactory();

    // Note: we must create the passphrase handler prior Context 
    SharedPtr<InvalidCertificateHandler> ptrCert = new ConsoleCertificateHandler(false); // ask the user via console
    Context::Ptr ptrContext = new Context(Context::CLIENT_USE, "", "", "rootcert.pem", Context::VERIFY_RELAXED, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
    SSLManager::instance().initializeClient(0, ptrCert, ptrContext);

    try
    {

        URI uri(argv[1]);
        std::auto_ptr<std::istream> pStr(URIStreamOpener::defaultOpener().open(uri));
        StreamCopier::copyStream(*pStr.get(), std::cout);
    }
    catch (Exception& exc)
    {
        std::cerr << exc.displayText() << std::endl;
        return 1;
    }

    return 0;
}

Сервер Python (работает на другом компьютере):

import BaseHTTPServer, SimpleHTTPServer
import ssl

httpd = BaseHTTPServer.HTTPServer(('10.8.80.11', 4443), SimpleHTTPServer.SimpleHTTPRequestHandler)
httpd.socket = ssl.wrap_socket (httpd.socket, certfile='./server.pem', server_side=True)
httpd.serve_forever()

сбой BT:

Loaded symbols for /libexec/ld-elf.so.1
#0  0x0000000047806a8f in deflateSetDictionary () from /usr/lib/libz.so
[New Thread 47406400 (LWP 100085/ssl_client)]
(gdb) bt
#0  0x0000000047806a8f in deflateSetDictionary () from /usr/lib/libz.so
#1  0x0000000047809035 in deflateCopy () from /usr/lib/libz.so
#2  0x0000000047807d52 in deflate () from /usr/lib/libz.so
#3  0x0000000046ac5139 in zlib_stateful_compress_block () from /usr/local/lib/libcrypto.so.8
#4  0x0000000046ac42e9 in COMP_compress_block () from /usr/local/lib/libcrypto.so.8
#5  0x000000004671829b in do_ssl3_write () from /usr/local/lib/libssl.so.8
#6  0x0000000046717ec4 in ssl3_write_bytes () from /usr/local/lib/libssl.so.8
#7  0x0000000046719ba9 in ssl3_do_write () from /usr/local/lib/libssl.so.8
#8  0x000000004670f227 in ssl3_connect () from /usr/local/lib/libssl.so.8
#9  0x000000004671d8dd in ssl23_connect () from /usr/local/lib/libssl.so.8
#10 0x000000004538f471 in Poco::Net::SecureSocketImpl::connectSSL () from /usr/local/lib/libPocoNetSSL.so.12
#11 0x00000000453922dd in Poco::Net::SecureStreamSocketImpl::connect () from /usr/local/lib/libPocoNetSSL.so.12
#12 0x0000000044b3937a in Poco::Net::HTTPSession::connect () from /usr/local/lib/libPocoNet.so.12
#13 0x0000000045388c86 in Poco::Net::HTTPSClientSession::connect () from /usr/local/lib/libPocoNetSSL.so.12
#14 0x0000000044b22a93 in Poco::Net::HTTPClientSession::reconnect () from /usr/local/lib/libPocoNet.so.12
#15 0x0000000044b224f1 in Poco::Net::HTTPClientSession::sendRequest () from /usr/local/lib/libPocoNet.so.12
#16 0x000000004538974c in Poco::Net::HTTPSStreamFactory::open () from /usr/local/lib/libPocoNetSSL.so.12
#17 0x0000000044ea0465 in Poco::URIStreamOpener::openURI () from /usr/local/lib/libPocoFoundation.so.12
#18 0x0000000044ea0206 in Poco::URIStreamOpener::open () from /usr/local/lib/libPocoFoundation.so.12
#19 0x00000000004022e7 in main ()

Информация о сертификате:

1. Я создал сертификат и ключ CA.
2. затем создал server.csr и ключ.
3. подписал CSR с CA.
4. добавил этот CA в файл rootcert.pem кода C ++.

Сертификат:

-- Server Certificate --

openssl x509 -in rrrrserver.crt -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=IN, ST=RAJ, L=JAI, O=VJ, OU=Dev, CN=RRR/emailAddress=rrr@xyz.com
        Validity
            Not Before: May  2 20:51:48 2018 GMT
            Not After : May  2 20:51:48 2019 GMT
        Subject: C=PT, ST=Lisboa, O=Oats In The Water, CN=<MY-machine name>com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:8b:8b:04:5b:0f:ac:51:70:67:8c:ac:7f:37:28:
                    09:9a:9a:7f:06:45:7c:90:65:d0:e7:92:53:08:69:
                    08:2c:b5:f7:35:f6:d2:bf:98:5a:26:33:2c:b0:d0:
                    26:1d:b7:7f:86:9a:f2:35:a5:9f:a2:8b:d9:f0:3e:
                    7c:01:a5:d8:d8:e8:f6:04:13:80:b4:f8:57:69:a8:
                    fa:d2:d0:09:09:98:f0:ce:94:b2:21:a4:65:02:01:
                    4e:2a:7c:e8:eb:88:c1:66:64:fb:dc:b5:55:4b:ae:
                    2b:49:ab:f2:19:6c:42:46:21:17:da:9f:5e:30:db:
                    f9:0b:18:52:3e:e0:3f:f0:5d:14:71:7f:a7:ab:cb:
                    16:98:51:88:ab:47:36:dc:84:90:ce:12:8f:52:a1:
                    11:b4:b8:a2:c1:4d:51:bc:40:8a:ff:6a:1e:69:2d:
                    56:6a:4d:ec:93:85:0b:69:0c:e8:17:42:78:87:01:
                    d7:88:91:21:84:7c:63:ce:5a:8a:23:84:18:9d:ed:
                    db:23:ac:41:3a:3f:5c:70:ab:d9:76:59:2a:a8:43:
                    aa:c4:e2:f1:b4:af:3b:2e:15:bf:00:68:9b:ab:ad:
                    ab:2f:c2:58:18:93:b1:64:63:48:1e:c1:81:ca:1b:
                    63:39:f7:5e:1a:08:45:d7:94:10:b0:c8:98:01:d1:
                    cc:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Alternative Name: 
                DNS:<my machine name>.com
            X509v3 Subject Key Identifier: 
                FD:1A:AF:45:00:89:25:FC:BE:98:49:70:98:B5:FB:E1:9D:28:AF:AB
    Signature Algorithm: sha256WithRSAEncryption
         b7:05:1b:f6:96:0b:b9:55:9b:99:a0:d8:c3:67:5c:e6:25:e9:
         00:e5:cb:47:c5:8b:df:a0:c9:16:23:7e:be:c0:27:4f:1c:6b:
         4b:65:e8:3f:ba:21:0a:76:4a:d0:35:97:44:8b:63:8e:2a:6e:
         10:1d:8b:3a:cb:8d:ab:d2:97:a4:6a:49:17:e4:00:01:36:0f:
         32:5c:d7:9a:14:55:a8:28:a8:c7:cd:25:47:94:ae:93:67:7b:
         11:10:1b:ee:1a:c7:51:2b:2f:f1:93:eb:a0:8c:86:5b:d8:0a:
         e9:17:9f:45:82:4f:a4:6f:fc:9e:16:1d:53:0a:94:2a:8e:77:
         f9:7a:a3:9a:c5:f0:8f:fe:ad:8c:38:58:c4:9f:86:3a:1d:00:
         03:05:f3:74:ea:3c:40:7e:86:c1:84:5c:87:91:00:ae:6e:a1:
         db:e4:49:50:52:e8:0e:4f:0a:63:4b:32:92:64:41:56:d1:9b:
         04:45:ee:e8:95:2b:98:26:49:44:38:bc:2d:bb:cb:5f:f1:e2:
         61:4e:c1:4a:bd:60:f6:a8:b8:1e:3f:73:b1:4a:4c:71:1b:e0:
         84:2d:69:c0:f9:38:18:aa:04:58:d9:4c:e8:f2:0f:63:89:36:
         35:3c:08:23:dd:d7:ff:68:24:b6:58:70:0f:d4:f3:c5:8a:42:
         fd:7d:9d:fe

Информация о настройке:

Клиент: FreeBSD-10 + POCO + OpenSSL
Сервер: FreeBSD-10 + Python 2.7

Answer 1

Эта проблема решена путем обновления версии библиотеки poco до последней (1.9.0).