SSL_read 没有收到
SSL_read not receiving
我正在尝试通过 SSL 连接到安全服务,但是在下面的代码中,SSL_read 永远不会 return,如果服务器没有 return,这当然是正常行为 return 任何消息,我尝试连接的服务器应该 return 某种消息。下面有什么不允许阅读的吗?
//Initialize SSL library
OpenSSL_add_ssl_algorithms();
//Initialize Crypto algorithms
OpenSSL_add_all_algorithms();
//Create new SSL context accepting SSL V2, V3 or TLS V1.0, V1.1 and V1.2
const SSL_METHOD *method = SSLv23_client_method();
SSL_CTX *ctx = SSL_CTX_new(method);
if (ctx == NULL)
{
printf("Error initializing SSL context.\n");
return 0;
}
SSL *ssl = SSL_new(ctx);
//Create socket descriptor
int sd = 0;
//Create hints for connection
struct addrinfo hints;
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;//Can be both IPv4 or IPv6
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
struct addrinfo * result;
//Get address info, this could potentially return multiple
int err = getaddrinfo("api.okcoin.com", "9880", &hints, &result);
if (err != 0)
{
printf("Could not get addr info.\n");
return 0;
}
//Try connecting to any of the returned addresses
struct addrinfo * res;
for (res = result; res != NULL; res = res->ai_next)
{
sd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
if (sd == -1)
{
printf("Could not connect to host.\n");
return 0;
}
if (connect(sd, res->ai_addr, res->ai_addrlen) == 0)
{
//Socket is now connected, free addrinfo results
freeaddrinfo(result);
//Assign socket descriptor to SSL
if (SSL_set_fd(ssl, sd) == 0)
{
printf("Could not assign socket descriptor.\n");
return 0;
}
//Begin SSL-handshake
if(SSL_connect(ssl) == 0)
{
printf("Could not perform handshake.\n");
return 0;
}
break;
}
}
//Could not connect socket, free addrinfo results and return error
if (res == NULL)
{
printf("Could no connect to to any host.\n");
freeaddrinfo(result);
return 0;
}
printf("Connected.\n");
SSL_write(ssl, "HELLO\x01", 6);
char * m = malloc(8192);
SSL_read(ssl, m, 8192);
由于没有错误检查,您无法知道 SSL_write() 是否成功,更不用说 SSL_read() 阻塞的原因了。任何时候都不能写这样的代码,更不用说处理网络或 SSL 了。
我 使用等效的 Java 程序得到的是不受信任的服务器证书错误。当我解决这个问题时,我会在 60 秒后收到读取超时。
我的结论是这里的错误不是您的代码而是请求格式。
我正在尝试通过 SSL 连接到安全服务,但是在下面的代码中,SSL_read 永远不会 return,如果服务器没有 return,这当然是正常行为 return 任何消息,我尝试连接的服务器应该 return 某种消息。下面有什么不允许阅读的吗?
//Initialize SSL library
OpenSSL_add_ssl_algorithms();
//Initialize Crypto algorithms
OpenSSL_add_all_algorithms();
//Create new SSL context accepting SSL V2, V3 or TLS V1.0, V1.1 and V1.2
const SSL_METHOD *method = SSLv23_client_method();
SSL_CTX *ctx = SSL_CTX_new(method);
if (ctx == NULL)
{
printf("Error initializing SSL context.\n");
return 0;
}
SSL *ssl = SSL_new(ctx);
//Create socket descriptor
int sd = 0;
//Create hints for connection
struct addrinfo hints;
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;//Can be both IPv4 or IPv6
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
struct addrinfo * result;
//Get address info, this could potentially return multiple
int err = getaddrinfo("api.okcoin.com", "9880", &hints, &result);
if (err != 0)
{
printf("Could not get addr info.\n");
return 0;
}
//Try connecting to any of the returned addresses
struct addrinfo * res;
for (res = result; res != NULL; res = res->ai_next)
{
sd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
if (sd == -1)
{
printf("Could not connect to host.\n");
return 0;
}
if (connect(sd, res->ai_addr, res->ai_addrlen) == 0)
{
//Socket is now connected, free addrinfo results
freeaddrinfo(result);
//Assign socket descriptor to SSL
if (SSL_set_fd(ssl, sd) == 0)
{
printf("Could not assign socket descriptor.\n");
return 0;
}
//Begin SSL-handshake
if(SSL_connect(ssl) == 0)
{
printf("Could not perform handshake.\n");
return 0;
}
break;
}
}
//Could not connect socket, free addrinfo results and return error
if (res == NULL)
{
printf("Could no connect to to any host.\n");
freeaddrinfo(result);
return 0;
}
printf("Connected.\n");
SSL_write(ssl, "HELLO\x01", 6);
char * m = malloc(8192);
SSL_read(ssl, m, 8192);
由于没有错误检查,您无法知道 SSL_write() 是否成功,更不用说 SSL_read() 阻塞的原因了。任何时候都不能写这样的代码,更不用说处理网络或 SSL 了。
我 使用等效的 Java 程序得到的是不受信任的服务器证书错误。当我解决这个问题时,我会在 60 秒后收到读取超时。
我的结论是这里的错误不是您的代码而是请求格式。