[英]How to get OpenSSL BIO_do_connect() failure reason?
I'm using Ubuntu 18.04/gcc 7.3/OpenSSL 1.1.0g to make C++ app performing TLS/SSL connection with non-blocking BIO API. 我正在使用Ubuntu 18.04 / gcc 7.3 / OpenSSL 1.1.0g使C ++应用通过非阻塞BIO API执行TLS / SSL连接。
When BIO_do_connect()
fails connecting, eg if using wrong host name or port, there is no errors reported by OpenSSL. 当
BIO_do_connect()
连接失败时,例如,如果使用错误的主机名或端口,则OpenSSL不会报告任何错误。 ERR_get_error()
returns zero and ERR_print_errors_xx()
doesn't print anything. ERR_get_error()
返回零,而ERR_print_errors_xx()
不打印任何内容。
So the question is - how to get actual connection failure reason, eg 'Connection refused' or 'Host not resolved' etc? 所以问题是-如何获取实际的连接失败原因,例如“连接被拒绝”或“主机未解决”等?
Used code snippet below: 以下是使用的代码段:
#include <cstdio>
#include <cstring>
#include <iostream>
#include "openssl/bio.h"
#include "openssl/err.h"
#include "openssl/ssl.h"
int main(int argc, char *argv[])
{
OPENSSL_init_ssl(OPENSSL_INIT_SSL_DEFAULT, nullptr);
std::cout << OpenSSL_version(OPENSSL_VERSION) << std::endl;
SSL_CTX* ctx = SSL_CTX_new(TLS_client_method());
if (!ctx)
{
std::cerr << "Error creating SSL context:" << std::endl;
ERR_print_errors_fp(stderr);
return 1;
}
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
if(!SSL_CTX_load_verify_locations(ctx,
"/etc/ssl/certs/ca-certificates.crt",
nullptr))
{
std::cerr << "Error loading trust store into SSL context" << std::endl;
ERR_print_errors_fp(stderr);
return 1;
}
BIO* cbio = BIO_new_ssl_connect(ctx);
SSL* ssl = nullptr;
BIO_get_ssl(cbio, &ssl);
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
BIO_set_conn_hostname(cbio, "not_actually_existing_host.com:https");
BIO_set_nbio(cbio, 1);
std::cout << "Start connecting" << std::endl;
next:
if (BIO_do_connect(cbio) <= 0)
{
if (!BIO_should_retry(cbio))
{
std::cerr << "Error attempting to connect:" << std::endl;
ERR_print_errors_fp(stderr); // <---- PRINTS NOTHING!!!
BIO_free_all(cbio);
SSL_CTX_free(ctx);
return 1;
}
else goto next;
}
std::cout << "Connected OK" << std::endl;
BIO_free_all(cbio);
SSL_CTX_free(ctx);
return 0;
}
This approach finally works for me: 这种方法终于对我有用:
const auto sysErrorCode = errno;
const auto sslErrorCode = ERR_get_error();
std::string errorDescription;
if (sslErrorCode != 0) errorDescription = ERR_error_string(sslErrorCode, nullptr);
if (sysErrorCode != 0)
{
if (!errorDescription.empty()) errorDescription += '\n';
errorDescription += "System error, code=" + std::to_string(sysErrorCode);
errorDescription += ", ";
errorDescription += strerror(sysErrorCode);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.