Kitura
BlueSSLService client cannot connect to stunnel server on windows
I want to connect to stunnel server on windows by using this BlueSSLService client. But I get an error when I create Socket with SSLService Delegate and connect to stunnel. This is my function for creating client tls socket.
func createStealthSocket() -> Socket?{
var myConfig = SSLService.Configuration(withChainFilePath: self.cert, withPassword: "wjfeoqlalf1912", usingSelfSignedCerts: true, clientAllowsSelfSignedCertificates: true)
myConfig.cipherSuite = "ALL"
do {
let socket = try Socket.create(family: .inet)
socket.delegate = try SSLService(usingConfiguration: myConfig)
try socket.connect(to: self.tunnelHost, port: Int32(self.tunnelPort))
return socket
} catch let error {
guard error is Socket.Error else {
print("Unexpected error...")
return nil
}
}
return nil
}
When i run this function, i get a normal return value without error.
But if i capture a network packet with wireshark, i get an encrypted alert (21).
Below is the log taken from wireshark.
You're getting a TLS Record with content type "Alert" (21), right?
This "alert" is used in SSL/TLS for notifying to close the connection. So it's quit normal to see "Encrypted Alert" at the end of a SSL/TLS session. Normally when there is no more data to send, the sender sends this TLS Alert.
What are you doing after you come back from creating the socket?
Thanks for your reply and Sorry for late responding. I have debugged that when I connect to stunnel (SSLService.onconnect function- SSLService.swift), This function run SSLHandshake based on mac OS and proceed to "cipher spec exchange" through SSLCopyPeerTrust. After a some time, encrypted alert (21) notification is displayed. So socket is closed before the write function is executed to send the data. However, the stunnel client (mac os) and the stunnel server (windows) do not show such a notice when examining the handshake packet at the time of connection. The certificates used are in pem format for stunnel, p12 and pfx for SSLService, and self-signed for p12 and pfx files from cer and key files in pem format. Do I have to create an ssl socket each time I transfer data and then transfer the data after realizing the connection? Or, I want to know the details of whether the data can be transmitted continuously once it is connected. The communication between Android ssldroid (javax.net.ssl) and stunnel is very good with SSLSocket, but the operation mechanism of SSLService is not well understood.
My developing code is displayed below in detail.
`func run(){ let queue = DispatchQueue(label: "com.shsdfye..macos", qos: .background)
queue.async {
do {
try self.listenSocket = Socket.create(family: .inet)
guard let socket = self.listenSocket else {
return
}
try socket.listen(on: self.listenPort)
if self.is_last {
TcpProxyService.started = true
}
repeat {
let newSocket = try socket.acceptClientConnection()
let tunnelSocket = self.createStealthSocket()
self.session_id += 1
self.localConnection(from: newSocket, to: tunnelSocket!)
print("Accepted connection from: \(newSocket.remoteHostname) on port \(newSocket.remotePort)")
} while true
} catch let error {
guard let socketError = error as? Socket.Error else {
return
}
}
}
}`
`func createStealthSocket() -> Socket?{
var myConfig = SSLService.Configuration(withChainFilePath: self.cert, withPassword: "wjsdfsd1912", usingSelfSignedCerts: true, clientAllowsSelfSignedCertificates: true)
myConfig.cipherSuite = "ALL"
do {
let socket = try Socket.create(family: .inet)
socket.delegate = try SSLService(usingConfiguration: myConfig)
try socket.connect(to: self.tunnelHost, port: Int32(self.tunnelPort))
return socket
} catch let error {
guard error is Socket.Error else {
print("Unexpected error...")
return nil
}
}
return nil
}`
`func localConnection(from: Socket, to: Socket){
socketLockQueue.sync { [unowned self, from] in
self.connectedSockets[from.socketfd] = from
}
let queue = DispatchQueue.global(qos: .default)
queue.async { [unowned self, from] in
var readData = Data(capacity: TcpProxyThread.bufferSize)
do {
repeat {
let bytesRead = try from.read(into: &readData)
if bytesRead > 0 {
try to.write(from: readData)
} else {
self.shouldKeepRunning = false
break
}
readData.count = 0
} while self.shouldKeepRunning
if !self.shouldKeepRunning {
//from.close()
//to.close()
self.socketLockQueue.sync { [unowned self, from] in
self.connectedSockets[from.socketfd] = nil
}
}
}
catch let error {
guard let socketError = error as? Socket.Error else {
print("Unexpected error by connection at \(from.remoteHostname):\(from.remotePort)...")
return
}
if self.continueRunning {
print("Error reported by connection at is_client: \(is_client) \(from.remoteHostname):\(from.remotePort):\n \(socketError.description)")
}
}
}
}`
I have questions for you.
- On Linux, SSLService use the openssl library to communicate with sslsocket, why do not use openssl on mac os instead system based ssl?
- And does my problem come from differences in ssl version between stunnel and SSLService?
I would be grateful if you can help me out urgently. Thank you!