文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >SSL_read失败并返回SSL_ERROR_SSL

SSL_read失败并返回SSL_ERROR_SSL
EN

Stack Overflow用户
提问于 2014-05-27 19:42:25
回答 1查看 9.5K关注 0票数 6

我正在编写一个https服务器。我已经创建了csr,并使用测试域的根证书对其进行了签名。当客户端连接时,SSL_accept()成功完成。我使用的是非阻塞IO。因此,我将首先使用windows中的WSARecv()和IOCP异步地接收字符缓冲区中的数据。从该字符缓冲区,我将其写入BIO (BIO_write返回写入的字节数),并在尝试使用SSL_read()解密该BIO的内容时,它返回ssl_error_ssl和错误字符串作为error:00000001:lib(0):func(0):reason(1)。

我在这里添加了代码的结构。

代码语言:javascript
复制
const SSL_METHOD *method;
SSL_CTX *ctx;

method = SSLv23_method();    /* create new server-method instance */
ctx = SSL_CTX_new(method);   /* create new context from method */
if ( ctx == NULL )
{
    printf("SSL Context Creation failed\n");
}

//create bio
BIO *bioIn = BIO_new(BIO_s_mem());
BIO *bioOut = BIO_new(BIO_s_mem());

/* get new SSL state with context */
SSL *clientSSL = SSL_new(ctx);      
SSL_set_bio(clientSSL, bioIn , bioOut);

/* set connection socket to SSL state */        
SSL_set_fd(clientSSL, mClientSocket);      

/* serverNameCallBack will set ctx with certificate created for this domain */
SSL_CTX_set_tlsext_servername_callback(ctx, serverNameCallback);

/* accept ssl connection */
SSL_accept(clientSSL);

//Using WSARecv() here to get encrypted request to a buffer

//read from buffer
//bridge->getBuffer() returns the buffer with encrypted  data received
int retBio = BIO_write(bioIn, bridge->getBuffer(), bytesTransfered);

char *buffer = (char *)malloc(sizeof(char) * 1024);
ZeroMemory(buffer, sizeof(buffer));

int retSSL = SSL_read(clientSSL, (void*)buffer, 1023);

retSSL == -1和SSL_get_error(clientSSL,retSSL)返回SSL_ERROR_SSL

openssl
iocp
c++
EN

回答 1

Stack Overflow用户

回答已采纳

发布于 2014-05-29 19:44:27

多亏了一些博客,我修复了这个问题。正确的顺序是,应该在调用ssl_accept之后创建BIO并将其与ssl对象相关联。如果您在ssl_accept之前关联它,那么您必须以不同的方式处理它。并且您应该在调用ssl_accept之前设置SSL_set_accept_state。

下面是正确的代码序列

代码语言:javascript
复制
const SSL_METHOD *method;
SSL_CTX *ctx;

method = SSLv23_method();    /* create new server-method instance */
ctx = SSL_CTX_new(method);   /* create new context from method */
if ( ctx == NULL )
{
    printf("SSL Context Creation failed\n");
}

/* get new SSL state with context */
SSL *clientSSL = SSL_new(ctx);      

/* set connection socket to SSL state */        
SSL_set_fd(clientSSL, mClientSocket);      

/* serverNameCallBack will set ctx with certificate created for this domain */
SSL_CTX_set_tlsext_servername_callback(ctx, serverNameCallback);

/* set ssl handle to be used as a server */
SSL_set_accept_state(clientSSL);

/* accept ssl connection */
SSL_accept(clientSSL);

//Using WSARecv() here to get encrypted request to a buffer

//create bio
BIO *bioIn = BIO_new(BIO_s_mem());
BIO *bioOut = BIO_new(BIO_s_mem());
SSL_set_bio(clientSSL, bioIn , bioOut);

//read from buffer
//bridge->getBuffer() returns the buffer with encrypted  data received
int retBio = BIO_write(bioIn, bridge->getBuffer(), bytesTransfered);

char *buffer = (char *)malloc(sizeof(char) * 1024);
ZeroMemory(buffer, sizeof(buffer));

int retSSL = SSL_read(clientSSL, (void*)buffer, 1023);
票数 3
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/23888517

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档