如何解决支持 TLS 的 C 语言 Solace 客户端
我正在尝试实现 C 客户端来连接和发布消息到特定主题。我在实施 ssl 时遇到以下错误。
ERROR:
SDK WARNING Fri Feb 05 13:59:36.412 2021 solClientSession.c:3609 (7fb51ccfe740) Session '(c0,s1)_vpn-poc-d1': Client Certificate Authentication is not supported on unsecured sessions
ERROR:: Error in craeting session sol client.
以下是实现 POC 代码。
#include "os.h"
#include "../inc/solclient/solClient.h"
#include "../inc/solclient/solClientMsg.h"
/*****************************************************************************
* sessionMessageReceiveCallback
*
* The message receive callback function is mandatory for session creation.
*****************************************************************************/
solClient_rxmsgCallback_returnCode_t
sessionMessageReceiveCallback(solClient_opaqueSession_pt opaqueSession_p,solClient_opaqueMsg_pt msg_p,void* user_p)
{
return SOLCLIENT_CALLBACK_OK;
}
/*****************************************************************************
* sessionEventCallback
*
* The event callback function is mandatory for session creation.
*****************************************************************************/
void
sessionEventCallback(solClient_opaqueSession_pt opaqueSession_p,solClient_session_eventCallbackInfo_pt eventInfo_p,void* user_p)
{
}
/*****************************************************************************
* main
*
* The entry point to the application.
*****************************************************************************/
int main(int argc,char* argv[])
{
/*if (argc > 1) {
printf("Usage: Topicpublisher\n");
return -1;
}
*/
/* Context */
solClient_opaqueContext_pt context_p;
solClient_context_createFuncInfo_t contextFuncInfo = SOLCLIENT_CONTEXT_CREATEFUNC_INITIALIZER;
/* Session */
solClient_opaqueSession_pt session_p;
solClient_session_createFuncInfo_t sessionFuncInfo = SOLCLIENT_SESSION_CREATEFUNC_INITIALIZER;
/* Session Properties */
const char* sessionProps[40] = { 0,};
int propIndex = 0;
/* Message */
solClient_opaqueMsg_pt msg_p = NULL;
solClient_destination_t destination;
solClient_returnCode_t solReturnStatus = SOLCLIENT_OK;
const char* text_p = "Hello World!!";
/*************************************************************************
* Initialize the API (and setup logging level)
*************************************************************************/
/* solClient needs to be initialized before any other API calls. */
solReturnStatus = solClient_initialize(SOLCLIENT_LOG_DEFAULT_FILTER,NULL);
if (solReturnStatus != SOLCLIENT_OK)
{
printf("ERROR:: Error in initiailizing sol client.\n");
return -1;
}
printf("Topicpublisher initializing...\n");
/*************************************************************************
* Create a Context
*************************************************************************/
/*
* Create a Context,and specify that the Context thread be created
* automatically instead of having the application create its own
* Context thread.
*/
solReturnStatus = solClient_context_create(SOLCLIENT_CONTEXT_PROPS_DEFAULT_WITH_CREATE_THREAD,&context_p,&contextFuncInfo,sizeof(contextFuncInfo));
if (solReturnStatus != SOLCLIENT_OK)
{
printf("ERROR:: Error in creating context sol client.\n");
return -1;
}
/*************************************************************************
* Create and connect a Session
*************************************************************************/
/*
* Message receive callback function and the Session event function
* are both mandatory. In this sample,default functions are used.
*/
sessionFuncInfo.rxmsgInfo.callback_p = sessionMessageReceiveCallback;
sessionFuncInfo.rxmsgInfo.user_p = NULL;
sessionFuncInfo.eventInfo.callback_p = sessionEventCallback;
sessionFuncInfo.eventInfo.user_p = NULL;
/* Configure the Session properties. */
propIndex = 0;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_HOST;
sessionProps[propIndex++] = argv[1];
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_VPN_NAME;
sessionProps[propIndex++] = argv[2];
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_USERNAME;
sessionProps[propIndex++] = argv[3];
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_PASSWORD;
sessionProps[propIndex++] = argv[4];
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_SSL_VALIDATE_CERTIFICATE;
sessionProps[propIndex++] = SOLCLIENT_PROP_ENABLE_VAL;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_AUTHENTICATION_SCHEME;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_SSL_CLIENT_CERTIFICATE_FILE;
sessionProps[propIndex++] = argv[5];
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_SSL_CLIENT_PRIVATE_KEY_FILE;
sessionProps[propIndex++] = argv[6];
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_SSL_CLIENT_PRIVATE_KEY_FILE_PASSWORD;
sessionProps[propIndex++] = argv[7];
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_REAPPLY_SUBSCRIPTIONS;
sessionProps[propIndex++] = SOLCLIENT_PROP_ENABLE_VAL;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_SSL_VALIDATE_CERTIFICATE;
sessionProps[propIndex++] = SOLCLIENT_PROP_disABLE_VAL;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_SSL_EXCLUDED_PROTOCOLS;
sessionProps[propIndex++] = "TLSv1.1";
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_RECONNECT_RETRIES;
sessionProps[propIndex++] = "3";
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_CONNECT_RETRIES_PER_HOST;
sessionProps[propIndex++] = "3";
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_SSL_VALIDATE_CERTIFICATE_DATE;
sessionProps[propIndex++] = SOLCLIENT_PROP_disABLE_VAL;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_SSL_TRUST_STORE_DIR;
sessionProps[propIndex++] = argv[8];
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_SSL_CIPHER_SUITES;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_SSL_CIPHER_TLS_RSA_WITH_AES_128_CBC_SHA;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_SSL_TRUSTED_COMMON_NAME_LIST;
sessionProps[propIndex++] = "TEST";
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_SSL_CONNECTION_DOWNGRADE_TO;
sessionProps[propIndex++] = "PLAIN_TEXT";
sessionProps[propIndex] = NULL;
printf("Total Properties set = %d\n",propIndex);
/* Create the Session. */
solReturnStatus = solClient_session_create((char**)sessionProps,context_p,&session_p,&sessionFuncInfo,sizeof(sessionFuncInfo));
if (solReturnStatus != SOLCLIENT_OK)
{
printf("ERROR:: Error in craeting session sol client.\n");
return -1;
}
/* Connect the Session. */
solReturnStatus = solClient_session_connect(session_p);
if (solReturnStatus != SOLCLIENT_OK)
{
printf("ERROR:: Error in connecting to session sol client.\n");
return -1;
}
printf("Connected.\n");
/*************************************************************************
* Publish
*************************************************************************/
/* Allocate memory for the message that is to be sent. */
solClient_msg_alloc(&msg_p);
/* Set the message delivery mode. */
solClient_msg_setDeliveryMode(msg_p,SOLCLIENT_DELIVERY_MODE_DIRECT);
/* Set the destination. */
destination.destType = SOLCLIENT_TOPIC_DESTINATION;
destination.dest = argv[9];
solClient_msg_setDestination(msg_p,&destination,sizeof(destination));
/* Add some content to the message. */
solClient_msg_setBinaryAttachment(msg_p,text_p,(solClient_uint32_t)strlen((char*)text_p));
/* Send the message. */
printf("About to send message '%s' to topic '%s'...\n",(char*)text_p,argv[9]);
solReturnStatus = solClient_session_sendMsg(session_p,msg_p);
if (solReturnStatus != SOLCLIENT_OK)
{
printf("ERROR:: Error in sending data to topic.\n");
}
/* Free the message. */
printf("Message sent. Exiting.\n");
solReturnStatus = solClient_msg_free(&msg_p);
if (solReturnStatus != SOLCLIENT_OK)
{
printf("ERROR:: Error in msg free sol client.\n");
}
/*************************************************************************
* Cleanup
*************************************************************************/
/* Cleanup solClient. */
solReturnStatus = solClient_cleanup();
if (solReturnStatus != SOLCLIENT_OK)
{
printf("ERROR:: Error in cleanup sol client.\n");
}
return 0;
}
我可能使用了无效的证书,有什么办法可以从 pubsub+ solace 服务器获取正确的证书吗?
解决方法
错误“不安全会话不支持客户端证书身份验证”意味着您使用的是纯文本连接,但尝试使用不支持的客户端证书进行身份验证。
这可能是因为您试图连接到默认端口 55555,这是一个纯文本端口。要解决此问题,请改用 SSL 端口。默认情况下,SMF SSL 端口为 55443。您还必须确保启用此端口并在代理端配置服务器证书。您的代码片段中的所有其他配置看起来都正确。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。