SSL_read错误,SSL_ERROR_SSL错误
SSL_read fails with SSL_ERROR_SSL
我正在写一个https服务器。我已经创建了csr,并使用测试域的根证书对其进行了签名。当客户端连接时,SSL_accept()成功完成。我正在使用非阻塞IO。因此,我将首先使用WSARecv()和IOCP在窗口中异步地接收字符缓冲区中的数据。从该字符缓冲区中,我将其写入BIO (BIO_write返回写入的字节数),并且在尝试使用SSL_read()解密该BIO的内容时,它返回ssl_error_ssl和错误字符串为error:00000001:lib(0):func(0):reason(1)。
我在这里添加了我的代码结构。
const SSL_METHOD *method;
SSL_CTX *ctx;
method = SSLv23_method(); /* create new server-method instance */
ctx = SSL_CTX_new(method); /* create new context from method */
if ( ctx == NULL )
{
printf("SSL Context Creation failedn");
}
//create bio
BIO *bioIn = BIO_new(BIO_s_mem());
BIO *bioOut = BIO_new(BIO_s_mem());
/* get new SSL state with context */
SSL *clientSSL = SSL_new(ctx);
SSL_set_bio(clientSSL, bioIn , bioOut);
/* set connection socket to SSL state */
SSL_set_fd(clientSSL, mClientSocket);
/* serverNameCallBack will set ctx with certificate created for this domain */
SSL_CTX_set_tlsext_servername_callback(ctx, serverNameCallback);
/* accept ssl connection */
SSL_accept(clientSSL);
//Using WSARecv() here to get encrypted request to a buffer
//read from buffer
//bridge->getBuffer() returns the buffer with encrypted data received
int retBio = BIO_write(bioIn, bridge->getBuffer(), bytesTransfered);
char *buffer = (char *)malloc(sizeof(char) * 1024);
ZeroMemory(buffer, sizeof(buffer));
int retSSL = SSL_read(clientSSL, (void*)buffer, 1023);
retSSL == -1且SSL_get_error(clientSSL, retSSL)返回SSL_ERROR_SSL
我修复了这个问题,感谢一些博客。正确的顺序是,在调用ssl_accept之后创建BIO并将其与ssl对象相关联。如果您在ssl_accept之前关联它,那么您必须以不同的方式处理它。您应该在调用ssl_accept之前设置SSL_set_accept_state。
以下是正确的代码序列const SSL_METHOD *method;
SSL_CTX *ctx;
method = SSLv23_method(); /* create new server-method instance */
ctx = SSL_CTX_new(method); /* create new context from method */
if ( ctx == NULL )
{
printf("SSL Context Creation failedn");
}
/* get new SSL state with context */
SSL *clientSSL = SSL_new(ctx);
/* set connection socket to SSL state */
SSL_set_fd(clientSSL, mClientSocket);
/* serverNameCallBack will set ctx with certificate created for this domain */
SSL_CTX_set_tlsext_servername_callback(ctx, serverNameCallback);
/* set ssl handle to be used as a server */
SSL_set_accept_state(clientSSL);
/* accept ssl connection */
SSL_accept(clientSSL);
//Using WSARecv() here to get encrypted request to a buffer
//create bio
BIO *bioIn = BIO_new(BIO_s_mem());
BIO *bioOut = BIO_new(BIO_s_mem());
SSL_set_bio(clientSSL, bioIn , bioOut);
//read from buffer
//bridge->getBuffer() returns the buffer with encrypted data received
int retBio = BIO_write(bioIn, bridge->getBuffer(), bytesTransfered);
char *buffer = (char *)malloc(sizeof(char) * 1024);
ZeroMemory(buffer, sizeof(buffer));
int retSSL = SSL_read(clientSSL, (void*)buffer, 1023);
相关文章:
- 如何使用QWebEngineView忽略SSL证书错误
- CPPRestSdk给出错误SSL错误:WINHTTP_CALLBACK_STATUS_FLAG_INVALID_CA
- 成功完成TLS握手后,服务器关闭时出现错误的SSL例程:SSL3_GET_RECORD:错误的版本号
- Qt 错误消息"qt.network.ssl: QSslSocket::connectToHostEncrypted: TLS initialization failed"
- 使用 Boost ASIO 和 SSL 时出现"Wrong Version Number"错误 (C++)
- CMAKE 目标链接打开 SSL 错误
- 尝试关闭 SSL 套接字时使用升压 asio 1.64 的分段错误 (SIGSEGV)
- 致命错误:openssl/ssl.h:没有这样的文件或目录
- Arduino ESP8266HTTPClient:握手失败(SSL 错误 40)
- QnetWorkAccessManager在ARCH上给出了SSL错误
- libgit2:git_clone() 失败并出现"failed to create ssl object"错误
- 为什么这C++ASIO,当执行HTTP / SSL请求时,BEAST服务器会进入错误状态
- Linux/QT-错误创建SSL上下文(错误:140A90C4 ..)
- vcpkg 安装失败,并显示"SSL 连接错误"
- 提升/ASIO/SSL 抛出"undefined reference"错误
- c++ Http 请求 SSL 错误
- 运行使用gSOAP创建的web服务客户端时发生SSL错误
- 应用程序中C++ SSL 错误SSL_ERROR_SYSCALL
- 无法从QNetworkAccessManager访问Ssl错误列表
- Qt SSl错误(QSslSocket:无法解析TLSv1_1_client_method)