需要帮助java到C++的ssl套接字
Need help java to C++ ssl sockets
Hello SSL套接字向导,
我正在尝试用C++在java服务器和应用程序之间实现SSL套接字。我正在寻求帮助来解决以下问题,即C++服务器在第一次交互后关闭连接。
流是这样的:在单个ssl连接中,从Java服务器发送请求1-->从C++应用程序接收成功-->从Java服务器接收请求2-->从C++服务器接收最终响应
工作原理:
- 初始握手
- 从java服务器发送request1
- 从C++服务器接收成功
故障在哪里:从java服务器发送request2
异常是什么:不确定,但C++服务器正在关闭连接。以下是java服务器中的异常快照。
java.net.SocketException: Connection closed by remote host
at sun.security.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1490)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1335)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
启动期间的JAVA_OPTS:
-Djavax.net.ssl.trustStore=/usr/java/jdk1.7.0_25/jre/lib/security/cacerts
-Djavax.net.ssl.trustStorePassword=<store Password>
-Dhttps.protocols=SSLv3
-Dcom.sun.net.ssl.rsaPreMasterSecretFix=true
-Dcom.sun.net.ssl.enableECC=false
-Djsse.enableSNIExtension=false -Djavax.net.debug=all
这是我的ssl连接的java代码
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.net.SocketException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
try {
SSLSocket socket= (SSLSocket) SSLSocketFactory.getDefault().createSocket(hostname, port)
DataOutputStream outStream = new DataOutputStream(socket.getOutputStream());
outStream.write(request1.bytes, 0, request.length);
DataInputStream in = new DataInputStream(socket.getInputStream());
response = new byte[1024];
int bytesRead;
while ((bytesRead = in.read(response)) > 0) {
// do nothing
}
if (response == success) {
// trying to re-negotiate the connection
socket.startHandshake();
outStream.write(request2);
response = new byte[1024];
int bytesRead;
while ((bytesRead = in.read(final_response)) > 0) {
// do nothing
}
}
} catch (exception e) {
//Handle exception
}
C++服务器协议详细信息:
Protocol : SSLv3
Cipher : AES256-SHA
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
C++代码
int MyClass::show(SSL* ssl)
{ X509 *cert;
char *line;
if(ssl == NULL)
{
cerr << "Invalid input " << endl ;
return -1 ;
}
cert = SSL_get_peer_certificate(ssl); /* Get certificates (if available) */
if ( cert != NULL )
{
cerr << "Server certificates:" << endl ;
line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
if(line != NULL)
{
cerr << "Subject : " << line << endl ;
free(line);
line = NULL ;
}
line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
if(line != NULL)
{
cerr << "Issuer : " << line << endl ;
free(line);
line = NULL ;
}
X509_free(cert);
}
else
{
cerr << "No Certificate" << endl ;
}
return 0 ;
}
SSL *MyClass::setupSession(SSL_CTX *ctx, int fd, int inc)
{
if(fd == -1 || ctx == NULL)
{
cerr << "Invalid argument " << endl ;
return NULL ;
}
SSL *ssl = SSL_new(ctx) ;
if(ssl == NULL)
{
cerr << "Unable to create session! SSL_new() - failed!" << endl ;
return NULL ;
}
SSL_set_fd(ssl, fd) ;
show(ssl) ;
if(SSL_accept(ssl) == -1)
{
cerr << "Accept Failed!" << endl ;
SSL_shutdown(ssl) ;
SSL_free(ssl) ;
return NULL ;
}
return ssl ;
}
SSL *MyClass::handleConnection(SSL_CTX *ctx, int fd,int inc)
{
memset(request1 buffer);
memset(request2 buffer);
SSL *ssl = setupSession(ctx, fd, inc) ;
if(ssl == NULL)
{
cerr << "Unable to establish session" << endl ;
uclose(fd) ;
SSL_CTX_free(ctx) ;
return -1 ;
}
if( uisreadable(fd, 5000) > 0 && (readb = SSL_read(ssl, message, 200)) > 0)
{
cerr << "Read : " << readb << " Bytes" << endl ;
ss << message;
request1Size = readb ;
cerr << "request1:: " << message << endl ;
} else {
memset(buf,0x00,sizeof(buf)) ;
SSL_write(ssl, failure, strlen(failure)) ;
SSL_shutdown(ssl) ;
SSL_free(ssl) ;
uclose(fd) ;
exit(EXIT_SUCCESS) ;
}
cerr << "Writing : response" << success << endl ;
nbytes = SSL_write(ssl, success, strlen(success)) ;
cerr << "Wrote " << nbytes << endl ;
if(nbytes <= 0)
{
ERR_print_errors_fp(stderr) ;
SSL_shutdown(ssl) ;
SSL_free(ssl) ;
uclose(fd) ;
exit(EXIT_SUCCESS) ;
}
util::hex2byte(message, request1, request1Size) ;
util::hexprint(request1,request1Size) ;
int total = 0 ;
while( total <= request2_max_size && uisreadable(fd, 2000) > 0 && (readb = SSL_read(ssl, buf, sizeof(buf))) > 0)
{
cerr << "Read : " << readb << " Bytes" << endl ;
memcpy(request2+total, buf, readb) ;
total += readb ;
}
....
do some processing
....
nbytes = SSL_write(ssl, final_response, final_response_size) ;
cerr << "Generated Size: " << final_response_size << endl;
cerr << "Write Size: " << nbytes << endl ;
if(nbytes <= 0)
{
ERR_print_errors_fp(stderr) ;
}
SSL_shutdown(ssl) ;
SSL_free(ssl) ;
uclose(fd) ;
exit(EXIT_SUCCESS) ;
}
// utility functions
int uisreadable(int fd, int ms)
{
USOCK_VERIFY(fd,-1) ;
fd_set recvfds ;
FD_ZERO(&recvfds) ;
FD_SET(fd, &recvfds) ;
struct timeval to = { ms/1000, 1000000 * ((int)ms%1000) } ;
int ret = select(1+fd, &recvfds,0,0,(ms > 0 ? &to : NULL) ) ;
return ret ;
}
int uiswritable(int fd, int ms)
{
USOCK_VERIFY(fd,-1) ;
fd_set wrfds ;
FD_ZERO(&wrfds) ;
FD_SET(fd, &wrfds) ;
struct timeval to = { ms/1000, 1000000 * ((int)ms%1000) } ;
return select(1+fd, 0,&wrfds,0,(ms > 0 ? &to : NULL) ) ;
}
好吧,我用一个方法调用在JNI中重写了所有内容,并将C服务器业务逻辑加载为库,从而解决了这个问题。
这样我可以减少很多开销,而且现在速度更快,而且没有麻烦。
相关文章:
- 当套接字连接断开时检测C/C++Unix
- 通过套接字[TCP]传输数据 如何在C / C ++中打包多个整数并使用send() recv()传输数据
- 如何通过套接字将文本文件的内容从服务器发送到客户端
- 如何在C/C++中用FD_set Unix设置套接字文件描述符
- 套接字读取后,我在缓冲区中看到意外输入
- 如何在CPP中创建应该在Windows和Linux上运行的套接字?
- 我可以与 python 服务器而不是 c++ 客户端建立 tcp/ip 套接字吗?
- 如何从 boost::asio::ssl::stream<boost::asio::ip::tcp::socket> 获取本机套接字文件描述器?
- C++ 关闭Boost ASIO SSL套接字的最佳方法是什么?
- 尝试关闭 SSL 套接字时使用升压 asio 1.64 的分段错误 (SIGSEGV)
- 使用C++提升SSL套接字进行必发API证书登录
- 将当前套接字服务器设计适应SSL(C ,GSK,SPAWNP())
- C++、Windows中的简单SSL套接字
- C++Builder XE原始SSL套接字
- 在STARTTLS之后无法写入ssl(openssl)套接字
- 在Windows上创建一个SSL套接字,该套接字使用WinCrypt证书进行身份验证
- 需要帮助java到C++的ssl套接字
- 安全断开asio SSL套接字的正确方法是什么?
- SSL与加密套接字
- 如何检查 SSL 套接字是否关闭(异步)
