openssl 握手失敗
[英]openssl handshake failed
問題描述
我正在嘗試編寫簡單的 C openssl 客戶端和服務器。 這是客戶的代碼:
int main() {
int err;
SSL_CTX * ctx = init_ctx("client-cert.pem", "client-private.pem", "certs/cacert.pem", "clientpass");
if (!ctx) {
fprintf(stderr, "couldn't init ctx\n");
exit(1);
}
int sock = tcp_connect("localhost", 4443);
/* Connect the SSL socket */
SSL * ssl = SSL_new(ctx);
BIO * sbio = BIO_new_socket(sock,BIO_NOCLOSE);
SSL_set_bio(ssl,sbio,sbio);
if((err = SSL_connect(ssl)) != 1) {
switch(SSL_get_error(ssl, err)) {
case SSL_ERROR_NONE:
fprintf(stderr, "error SSL_ERROR_NONE\n");
break;
case SSL_ERROR_ZERO_RETURN:
fprintf(stderr, "errorSSL_ERROR_ZERO_RETURN \n");
break;
case SSL_ERROR_WANT_READ:
fprintf(stderr, "error SSL_ERROR_WANT_READ\n");
break;
case SSL_ERROR_WANT_WRITE:
fprintf(stderr, "error SSL_ERROR_WANT_WRITE\n");
break;
case SSL_ERROR_WANT_CONNECT:
fprintf(stderr, "error SSL_ERROR_WANT_CONNECT\n");
break;
case SSL_ERROR_WANT_X509_LOOKUP:
fprintf(stderr, "error SSL_ERROR_WANT_X509_LOOKUP\n");
break;
case SSL_ERROR_SYSCALL:
fprintf(stderr, "error SSL_ERROR_SYSCALL\n");
break;
case SSL_ERROR_SSL:
fprintf(stderr, "error SSL_ERROR_SSL\n");
break;
default:
fprintf(stderr, "error f****** s***!!!\n");
break;
}
fprintf(stderr, "%s\n", ERR_error_string(ERR_get_error(), NULL));
ERR_print_errors_fp(stderr);
//exit(1);
}
check_cert(ssl, "host.com");
fprintf(stderr, "%d bytes sent\n", send_request(ssl, "come with me, we'll go dreaming"));
/* shutdown ssl connection */
err = SSL_shutdown(ssl);
if (err < 0) {
ERR_print_errors_fp(stderr);
exit(1);
}
close(sock);
SSL_free(ssl);
SSL_CTX_free(ctx);
return 0;
}
ssize_t send_request(SSL * ssl, const char * req) {
fprintf(stderr, "sending request...\n");
ssize_t size = SSL_write(ssl, req, strlen(req));
if (size < 0) {
ERR_print_errors_fp(stderr);
}
return size;
}
SSL_get_error(ssl, err) returns SSL_ERROR_SYSCALL and send_request returns following error: 5269:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: . 用密碼保護的私鑰,我正在設置pem_password_cb回調:
SSL_CTX_set_default_passwd_cb(ctx, passwd_func);
SSL_CTX_set_default_passwd_cb_userdata(ctx, (void *)password);
. 使用 v23 方法......我不知道這次握手失敗的原因......
我試過這樣調試: openssl s_client -connect localhost:4443 -cert sberbank-cert.pem -key sberbank-private.pem -verify 1 -CAfile cacert.pem -prexit -msg我有以下結果:
milo@milonote:~/src/tests/ssl$ openssl s_client -connect localhost:4443 -cert sberbank-cert.pem -key sberbank-private.pem -verify 1 -CAfile cacert.pem -prexit -msg
verify depth is 1
CONNECTED(00000003)
>>> TLS 1.0 Handshake [length 005a], ClientHello
01 00 00 56 03 01 4d ed fc 5e a7 d7 56 6a 70 40
0c a6 19 d0 06 23 08 28 65 07 53 46 d1 87 c0 c2
a2 27 d8 5b ad ac 00 00 28 00 39 00 38 00 35 00
16 00 13 00 0a 00 33 00 32 00 2f 00 05 00 04 00
15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00
ff 02 01 00 00 04 00 23 00 00
5825:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 95 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
這是tcp_connect的來源。 我確定它不會失敗,因為它返回 fd (不是-1 ):
int tcp_connect(const char *host, int port) {
struct hostent *hp;
struct sockaddr_in addr;
int sock;
if(!(hp=gethostbyname(host)))
return -1;
memset(&addr,0,sizeof(addr));
addr.sin_addr=*(struct in_addr*)
hp->h_addr_list[0];
addr.sin_family=AF_INET;
addr.sin_port=htons(port);
if((sock=socket(AF_INET,SOCK_STREAM, IPPROTO_TCP))<0)
return -1;
if(connect(sock,(struct sockaddr *)&addr, sizeof(addr))<0)
return -1;
return sock;
}
1 個解決方案
解決方案1
0 已采納 2011-06-08 04:56:45
我已經解決了我的問題,它不是客戶端。 但服務器端! 服務器關閉 tcp 連接,同時獲得 SSL_WANT_READ 錯誤,重復到 SSL_accept。 感謝參與!
編譯Ruby錯誤:無法配置openssl。它不會被安裝
[英]Compiling Ruby error: Failed to configure openssl. It will not be installed
libcurl gnutls_handshake()失敗:收到了TLS警告警報
[英]libcurl gnutls_handshake() failed: A TLS warning alert has been received
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.