堆栈内存溢出
  简体   繁体   English

如何处理 QTcpServer 中的 TLS 握手超时?

[英]How to handle TLS handshake timeout in QTcpServer?

 原文  2021-06-04 13:33:37       c++/ qt/ ssl/ openssl/ qtcpserver

问题描述

I'm trying to figure out how to create a timeout for the handshake process in a TLS connection in a QTcpServer .我试图弄清楚如何在QTcpServer的 TLS 连接中为握手过程创建超时。

I tried something like this in the overriden incomingConnection function:我在覆盖的incomingConnection function中尝试了这样的事情:

QSslSocket * const tlsSocket = static_cast<QSslSocket*>(socket);
    connect(tlsSocket, &QSslSocket::encrypted, this, [this, tlsSocket](){ addPendingConnection(tlsSocket); });
    tlsSocket->setLocalCertificate(m_serverCertificate);
    tlsSocket->setPrivateKey(m_serverPrivateKey);
    tlsSocket->setProtocol(QSsl::SecureProtocols);
    tlsSocket->startServerEncryption();

    // We will have a handshake timeout of 30 seconds
    QTimer::singleShot(30*1000, this, [this, tlsSocket]() {
        if(!tlsSocket->isEncrypted()) {
            // If no handshake initialized from the client close the connection
            delete tlsSocket;
        }
    });

But this doesn't seem to work because I am not calling directly addPendingConnection function (it get's called in a slot/lamdba which seems to break the pendingConnection chain.但这似乎不起作用,因为我没有直接调用addPendingConnection function (它在 slot/lamdba 中被调用,这似乎破坏了pendingConnection链。

Does anybody know how can I achieve this timeout in Qt?有谁知道我怎样才能在 Qt 中实现这个超时? The problem at the moment is that a client can open a connection with the server and it never answers the TLS handshake which leads to an useless open connection (that is never closed).目前的问题是客户端可以打开与服务器的连接,并且它永远不会响应导致无用的打开连接(永远不会关闭)的 TLS 握手。

1 个解决方案

解决方案1
 0 已采纳  2021-06-15 10:02:03

I ended implementing the TLS handshake timeout this way:我以这种方式结束了 TLS 握手超时:

// We will have a handshake timeout of 30 seconds (same as firefox today)
QTimer::singleShot(30*1000, this, [this]() {

    // we use dynamic_cast because this may be or not an encrypted socket
    QSslSocket * const tlsSocket = dynamic_cast<QSslSocket*>(m_socket);

    if(tlsSocket != nullptr && !tlsSocket->isEncrypted()) {
        qWarning() << "TLS Handshake timeout for connection from " <<
                      tlsSocket->peerAddress().toString() << ":" << tlsSocket->peerPort();
        tlsSocket->close();
    }
});

This code can be added anywhere where is more practical for your project.可以将此代码添加到对您的项目更实用的任何地方。 I added it in a session class that we have (which owns the created socket), this class is created in the end of newConnection slot.我将它添加到我们拥有的 session class 中(它拥有创建的套接字),这个 class 是在 newConnection 插槽的末尾创建的。 I have tested it and works perfectly.我已经对其进行了测试并且可以完美运行。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 TLS握手消息解析 - TLS Handshake message parsing CURLpp:TLS握手错误 - CURLpp: TLS Handshake Error Websocket++ 错误:handle_transport_init 收到错误:TLS 握手失败 - Websocket++ error: handle_transport_init received error: TLS handshake failed 如何通过QTcpServer连接2台计算机 - How to connect 2 machines through QTcpServer TLS握手过程由InitializeSecurityContext(Schannel) - TLS Handshake process by InitializeSecurityContext (Schannel) 如何强制QTcpServer在特定端口上侦听? - How to force QTcpServer listen on a specific port? 如何制作从 QTcpServer 继承的嵌套 class? - How to make a nested class that is inherited from QTcpServer? QTcpServer如何从客户端套接字读取数据 - QTcpServer how to read data from client socket TLS 初始化失败和 SSL 握手失败 QtNetwork - TLS initialization failed and SSL handshake failed QtNetwork WAIT_TIMEOUT 后如何处理信号量 - How to handle semaphore after WAIT_TIMEOUT
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM