OpenSSL SSL_read 故障
OpenSSL SSL_read malfunction
我正在尝试编写一个连接到带有 OpenSSL 的服务器的 C++ 应用程序。
我可以发送数据,它完好无损地到达服务器,但读取操作只读取 1 个字节。
代码:
char* dest_url = "147.87.116.74";
X509 *cert = NULL;
X509_name_st *certname = NULL;
const SSL_METHOD *method;
SSL_CTX *ctx;
SSL *ssl;
int server = 0;
int ret, i;
/* ---------------------------------------------------------- *
* These function calls initialize openssl for correct work. *
* ---------------------------------------------------------- */
OpenSSL_add_all_algorithms();
ERR_load_BIO_strings();
ERR_load_crypto_strings();
SSL_load_error_strings();
/* ---------------------------------------------------------- *
* initialize SSL library and register algorithms *
* ---------------------------------------------------------- */
SSL_library_init();
/* ---------------------------------------------------------- *
* Set SSLv2 client hello, also announce SSLv3 and TLSv1 *
* ---------------------------------------------------------- */
method = TLSv1_2_client_method();
/* ---------------------------------------------------------- *
* Try to create a new SSL context *
* ---------------------------------------------------------- */
ctx = SSL_CTX_new(method);
/* ---------------------------------------------------------- *
* SSL certificate checking AND MY STUFF
* thanks guys http://h71000.www7.hp.com/doc/83final/ba554_90007/ch05s03.html
* ---------------------------------------------------------- */
SSL_CTX_load_verify_locations(ctx, "ca.crt", nullptr);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
SSL_CTX_set_verify_depth(ctx, 1);
/* ---------------------------------------------------------- *
* Create new SSL connection state object *
* ---------------------------------------------------------- */
ssl = SSL_new(ctx);
/* ---------------------------------------------------------- *
* Make the underlying TCP socket connection *
* ---------------------------------------------------------- */
server = create_socket(dest_url);
/* ---------------------------------------------------------- *
* Attach the SSL session to the socket descriptor *
* ---------------------------------------------------------- */
SSL_set_fd(ssl, server);
/* ---------------------------------------------------------- *
* Try to SSL-connect here, returns 1 for success *
* ---------------------------------------------------------- */
SSL_connect(ssl);
/* ---------------------------------------------------------- *
* send some text *
* -----------------------------------------------------------*/
char* tSend = "testdata";
int sendSize = strlen(tSend);
int net_tSend = htonl(sendSize);
SSL_write(ssl, &net_tSend, 4);
SSL_write(ssl, tSend, sendSize);
long size = 0L;
int bytesread = SSL_read(ssl, &size, 4);
我的问题:
是否必须使用 BIO 对象?
为什么 read() 函数只读取 1 个字节?
我怎么会 retrieve/read 错误?
读取的字节数是任意的。如果您确切知道应该接收多少字节,则可以使用一个函数来准确读取该数字。
此函数是 SSL_read
的替代函数,它始终准确读取指定的字节数,除非出现错误。它 returns <0 出错(调用 SSL_get_error
)。如果连接关闭,它 returns 0。成功时,它 returns 读取的字节数,这将始终与请求的数字相同。
int SSL_read_all(SSL *ssl, void* buf, int num)
{
char* ptr = reinterpret_cast<char*>(buf);
int read_bytes = 0;
while (read_bytes < num)
{
int r = SSL_read(ssl, ptr + read_bytes, num - read_bytes);
if (r <= 0)
return r;
read_bytes += r;
}
return read_bytes;
}
如果 OpenSSL 直接与套接字对话,则无需显式使用 BIO。
我正在尝试编写一个连接到带有 OpenSSL 的服务器的 C++ 应用程序。 我可以发送数据,它完好无损地到达服务器,但读取操作只读取 1 个字节。
代码:
char* dest_url = "147.87.116.74";
X509 *cert = NULL;
X509_name_st *certname = NULL;
const SSL_METHOD *method;
SSL_CTX *ctx;
SSL *ssl;
int server = 0;
int ret, i;
/* ---------------------------------------------------------- *
* These function calls initialize openssl for correct work. *
* ---------------------------------------------------------- */
OpenSSL_add_all_algorithms();
ERR_load_BIO_strings();
ERR_load_crypto_strings();
SSL_load_error_strings();
/* ---------------------------------------------------------- *
* initialize SSL library and register algorithms *
* ---------------------------------------------------------- */
SSL_library_init();
/* ---------------------------------------------------------- *
* Set SSLv2 client hello, also announce SSLv3 and TLSv1 *
* ---------------------------------------------------------- */
method = TLSv1_2_client_method();
/* ---------------------------------------------------------- *
* Try to create a new SSL context *
* ---------------------------------------------------------- */
ctx = SSL_CTX_new(method);
/* ---------------------------------------------------------- *
* SSL certificate checking AND MY STUFF
* thanks guys http://h71000.www7.hp.com/doc/83final/ba554_90007/ch05s03.html
* ---------------------------------------------------------- */
SSL_CTX_load_verify_locations(ctx, "ca.crt", nullptr);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
SSL_CTX_set_verify_depth(ctx, 1);
/* ---------------------------------------------------------- *
* Create new SSL connection state object *
* ---------------------------------------------------------- */
ssl = SSL_new(ctx);
/* ---------------------------------------------------------- *
* Make the underlying TCP socket connection *
* ---------------------------------------------------------- */
server = create_socket(dest_url);
/* ---------------------------------------------------------- *
* Attach the SSL session to the socket descriptor *
* ---------------------------------------------------------- */
SSL_set_fd(ssl, server);
/* ---------------------------------------------------------- *
* Try to SSL-connect here, returns 1 for success *
* ---------------------------------------------------------- */
SSL_connect(ssl);
/* ---------------------------------------------------------- *
* send some text *
* -----------------------------------------------------------*/
char* tSend = "testdata";
int sendSize = strlen(tSend);
int net_tSend = htonl(sendSize);
SSL_write(ssl, &net_tSend, 4);
SSL_write(ssl, tSend, sendSize);
long size = 0L;
int bytesread = SSL_read(ssl, &size, 4);
我的问题: 是否必须使用 BIO 对象? 为什么 read() 函数只读取 1 个字节? 我怎么会 retrieve/read 错误?
读取的字节数是任意的。如果您确切知道应该接收多少字节,则可以使用一个函数来准确读取该数字。
此函数是 SSL_read
的替代函数,它始终准确读取指定的字节数,除非出现错误。它 returns <0 出错(调用 SSL_get_error
)。如果连接关闭,它 returns 0。成功时,它 returns 读取的字节数,这将始终与请求的数字相同。
int SSL_read_all(SSL *ssl, void* buf, int num)
{
char* ptr = reinterpret_cast<char*>(buf);
int read_bytes = 0;
while (read_bytes < num)
{
int r = SSL_read(ssl, ptr + read_bytes, num - read_bytes);
if (r <= 0)
return r;
read_bytes += r;
}
return read_bytes;
}
如果 OpenSSL 直接与套接字对话,则无需显式使用 BIO。