[英]Client returns -1 on BIO_do_connect
I'm trying to create a basic server and client using OpenSSL and its BIOs but BIO_do_connect returns -1. 我正在尝试使用OpenSSL及其BIO创建基本服务器和客户端,但BIO_do_connect返回-1。 ERR_get_error returns 0 after that.
之后ERR_get_error返回0。 I've tried to minimize the code below by just writing // check [condition].
我试着通过编写// check [condition]来尽量减少下面的代码。 In my real code I'm doing the same thing with an if check and then I print out the error returned by ERR_get_error.
在我的实际代码中,我使用if检查执行相同的操作,然后打印出ERR_get_error返回的错误。 (so if condition is true I'm printing an error msg)
(如果条件为真,我打印错误消息)
This is my code for the server: 这是我的服务器代码:
// init OpenSSL
SSL_load_error_strings();
ERR_load_BIO_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method());
SSL_CTX_set_default_passwd_cb(ctx, &myPasswordCallback);
int certState = SSL_CTX_use_certificate_file(ctx, "../certs/cert.pem", SSL_FILETYPE_PEM);
// check certState < 0
int keyState = SSL_CTX_use_PrivateKey_file(ctx, "../certs/key.pem", SSL_FILETYPE_PEM);
// check keyState < 0
BIO *serverBio = BIO_new_ssl(ctx, 0);
// check serverBio == nullptr
SSL *serverSsl = nullptr;
BIO_get_ssl(serverBio, &serverSsl);
// check serverSsl == nullptr
SSL_set_mode(serverSsl, SSL_MODE_AUTO_RETRY);
BIO *acceptBio = BIO_new_accept("6672");
// check acceptBio == nullptr
int setupAcceptResult = BIO_do_accept(acceptBio);
// check setupAcceptResult <= 0
int acceptResult = BIO_do_accept(acceptBio);
// check acceptResult <= 0
BIO *clientBio = BIO_pop(acceptBio);
// check clientBio == nullptr
BIO_free_all(clientBio);
BIO_free_all(acceptBio);
BIO_free_all(serverBio);
// cleanup OpenSSL
SSL_CTX_free(ctx);
EVP_cleanup();
ERR_free_strings();
This server runs fine but my client fails to connect to it: 此服务器运行正常,但我的客户端无法连接到它:
// init OpenSSL
SSL_load_error_strings();
ERR_load_BIO_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
SSL_CTX *ctx = SSL_CTX_new(SSLv23_client_method());
SSL_CTX_set_default_passwd_cb(ctx, &myPasswordCallback);
int certState = SSL_CTX_use_certificate_file(ctx, "../certs/cert.pem", SSL_FILETYPE_PEM);
// check certState < 0
int keyState = SSL_CTX_use_PrivateKey_file(ctx, "../certs/key.pem", SSL_FILETYPE_PEM);
// check keyState < 0
BIO *clientBio = BIO_new_ssl_connect(ctx);
SSL *clientSsl = nullptr;
BIO_get_ssl(clientBio, &clientSsl);
// check clientSsl == nullptr
SSL_set_mode(clientSsl, SSL_MODE_AUTO_RETRY);
BIO_set_conn_hostname(clientBio, "localhost:6672");
long connectionState = BIO_do_connect(clientBio);
// check connectionState <= 0
// here it fails; connectionState is -1
long sslState = SSL_get_verify_result(clientSsl);
// check sslState != X509_V_OK
BIO_free_all(clientBio);
SSL_CTX_free(ctx);
EVP_cleanup();
ERR_free_strings();
I'm sorry for posting so much code. 我很抱歉发布了这么多代码。 I didn't really find a complete example of OpenSSL server/client using BIOs.
我没有真正找到使用BIO的OpenSSL服务器/客户端的完整示例。
You server code is essentially this: 你的服务器代码基本上是这样的
The server is not doing any SSL handshake here since the serverBio gets not used for the newly created TCP connection clientBio. 由于serverBio未用于新创建的TCP连接clientBio,因此服务器未在此处执行任何SSL握手。
Apart from that I recommend that you test your server and client first against known good client and server so that you can faster figure out where the problem is. 除此之外,我建议您首先针对已知良好的客户端和服务器测试您的服务器和客户端,以便您可以更快地找出问题所在。
openssl s_client
and openssl s_server
provide such test client and server. openssl s_client
和openssl s_server
提供了这样的测试客户端和服务器。 Also packet capturing (wireshark) helps to find out what happens between server and client. 数据包捕获(wireshark)也有助于找出服务器和客户端之间发生的事情。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.