英文:
Reading and writing over a tls.Server connection
问题
我正在使用Go语言编写一个SMTP服务器。实现STARTTLS命令需要使用crypto/tls包。在这里,我应该能够将net.Conn对象“转换”为tls.Conn对象,然后我就可以无缝地使用TLS提供的加密进行读写操作。
然而,即使我能够完成上述的第一部分,当我尝试读取或写入TLS保护的连接时,调用的Read()和Write()函数并不是tls.Conn对象的函数,而是底层的net.Conn对象的函数。
我目前的做法如下:
type Handler struct {Conn net.Conn}//...client := Handler{Conn: /*socket*/}client.Conn.Write([]byte("Hello!")) //普通写入//已接收到STARTTLS命令,切换到tls.Conn并进行握手client.Conn = tls.Server(client.Conn, &TlsConfig) //client.Conn现在应该是tls.Conn类型//无论是进行类型转换还是不进行类型转换,结果都是一样的client.Conn.Handshake() //不是必需的,因为默认情况下会在第一次Read()或Write()时调用//...client.Conn.Write([]byte("Hello again!")) //写入明文、未加密的文本//...rdr := bufio.NewReader(client.Conn) //这可能是问题所在吗?我认为不是,因为它只是包装了常规函数line, err := rdr.ReadString/*or Line*/('\n')//...//line = 类似于"�'�9����"和其他客户端加密文本我看到很多人,包括标准的`net/smtp`包,使用`text/proto`包来解析客户端命令。然而,我想使用自己的解析器(并且也想解决这个问题)。正如前面的注释所说,我认为问题不在这里,因为它只是包装了函数,不是吗?可能是`client.Conn = tls.Server(client.Conn, &TlsConfig)`这个对象切换的问题吗?我正在使用自签名的SSL密钥和证书,使用OpenSSL生成。为了测试,我使用了上面链接的StackOverflow问题中提到的两种方法:`openssl s_client -starttls smtp -crlf [-tls1] -connect localhost:25`和简单的`net/smtp.SendMail()`调用。我正在使用Go 1.2.1 (linux/amd64)进行编译。我还尝试使用Wireshark进行抓包,确实发现了我上面说的情况。此外,调用Handshake()似乎并没有实际进行握手。我做错了什么?<details><summary>英文:</summary>I'm writing an SMTP server in Go. Implementing the STARTTLS command requires usage of the `crypto/tls` package.[Here](https://stackoverflow.com/questions/13110713/upgrade-a-connection-to-tls-in-go) seems like I should be able to "convert" the net.Conn object to a tls.Conn one, and then I'd be able to seamlessly read and write using the encryption TLS provides.However, even if I'm able to do the first part of the above, when I try to read or write to the TLS-protected connection, the Read() and Write() functions called are not the ones of the tls.Conn object, but of the underlying net.Conn one.What I'm currently doing looks like this:<!-- language: go -->type Handler struct {Conn net.Conn}//...client := Handler{Conn: /*socket*/}client.Conn.Write([]byte("Hello!")) //regular write//the STARTTLS command has been received, switch to tls.Conn and handshakeclient.Conn = tls.Server(client.Conn, &TlsConfig) //client.Conn should be now of type tls.Conn//either casting or not give me the same resultsclient.Conn.Handshake() //not necessary, it is called on the first Read() or Write() by default//...client.Conn.Write([]byte("Hello again!")) //writes clear, unencrypted text//...rdr := bufio.NewReader(client.Conn) //might this be the culprit? I don't think it is, since it should just wrap the regular functionsline, err := rdr.ReadString/*or Line*/('\n')//...//line = something like À"À!27ÀÀ9ÀÀÀÀ and other client-encrypted textI've seen that numerous people, including the standard `net/smtp` package, use the `text/proto` package to parse client commands. However, I want to use my own (and also want to sort this out). As in the comment earlier, I don't think the culprit lies here, since it should just wrap functions, shouldn't it?Might it be the `client.Conn = tls.Server(client.Conn, &TlsConfig)` object switch?The SSL key and certificate I'm using are selfsigned, generated with OpenSSL.To test, I'm using the two methods suggested in the StackOverflow question linked above: `openssl s_client -starttls smtp -crlf [-tls1] -connect localhost:25` and a simple `net/smtp.SendMail()` call. I'm compiling against Go 1.2.1 (linux/amd64).I've also tried sniffing with Wireshark, and indeed it led me to know what I said above. Also, calling Handshake() doesn't apparently actually handshake.What am I doing wrong?</details># 答案1**得分**: 0尝试将你的TLS连接存储在一个新的类型为`*tls.Conn`的变量中。发起握手并检查`ConnectionState()`返回的内容。<details><summary>英文:</summary>Try storing your TLS connection in a new variable of type `*tls.Conn`. Initiate a handshake and check what `ConnectionState()` tells.</details>
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论