我正在编写一个 https 服务器。我已经创建了 csr 并使用我的测试域的根证书对其进行了签名。当客户端连接时,SSL_accept() 成功完成。我正在使用非阻塞 IO。因此,我将首先在 Windows 中使用 WSARecv() 和 IOCP 异步接收字符缓冲区中的数据。从该字符缓冲区,我将其写入 BIO(BIO_write 返回写入的字节数)并尝试使用 SSL_read() 解密该 BIO 的内容时,它返回 ssl_error_ssl 和错误字符串作为错误:00000001:lib(0):func (0):原因(1)。
我在这里添加了我的代码结构。
const SSL_METHOD *method;
SSL_CTX *ctx;
method = SSLv23_method(); /* create new server-method instance */
ctx = SSL_CTX_new(method); /* create new context from method */
if ( ctx == NULL )
{
printf("SSL Context Creation failed\n");
}
//create bio
BIO *bioIn = BIO_new(BIO_s_mem());
BIO *bioOut = BIO_new(BIO_s_mem());
/* get new SSL state with context */
SSL *clientSSL = SSL_new(ctx);
SSL_set_bio(clientSSL, bioIn , bioOut);
/* set connection socket to SSL state */
SSL_set_fd(clientSSL, mClientSocket);
/* serverNameCallBack will set ctx with certificate created for this domain */
SSL_CTX_set_tlsext_servername_callback(ctx, serverNameCallback);
/* accept ssl connection */
SSL_accept(clientSSL);
//Using WSARecv() here to get encrypted request to a buffer
//read from buffer
//bridge->getBuffer() returns the buffer with encrypted data received
int retBio = BIO_write(bioIn, bridge->getBuffer(), bytesTransfered);
char *buffer = (char *)malloc(sizeof(char) * 1024);
ZeroMemory(buffer, sizeof(buffer));
int retSSL = SSL_read(clientSSL, (void*)buffer, 1023);
retSSL == -1 和 SSL_get_error(clientSSL, retSSL) 返回 SSL_ERROR_SSL
感谢一些博客,我解决了这个问题。执行此操作的正确顺序是,应在调用 ssl_accept 之后创建 BIO 并将其与 ssl 对象关联。如果您在 ssl_accept 之前关联它,那么您必须以不同的方式处理它。并且您应该在调用 ssl_accept 之前设置 SSL_set_accept_state。
这是正确的代码顺序
const SSL_METHOD *method;
SSL_CTX *ctx;
method = SSLv23_method(); /* create new server-method instance */
ctx = SSL_CTX_new(method); /* create new context from method */
if ( ctx == NULL )
{
printf("SSL Context Creation failed\n");
}
/* get new SSL state with context */
SSL *clientSSL = SSL_new(ctx);
/* set connection socket to SSL state */
SSL_set_fd(clientSSL, mClientSocket);
/* serverNameCallBack will set ctx with certificate created for this domain */
SSL_CTX_set_tlsext_servername_callback(ctx, serverNameCallback);
/* set ssl handle to be used as a server */
SSL_set_accept_state(clientSSL);
/* accept ssl connection */
SSL_accept(clientSSL);
//Using WSARecv() here to get encrypted request to a buffer
//create bio
BIO *bioIn = BIO_new(BIO_s_mem());
BIO *bioOut = BIO_new(BIO_s_mem());
SSL_set_bio(clientSSL, bioIn , bioOut);
//read from buffer
//bridge->getBuffer() returns the buffer with encrypted data received
int retBio = BIO_write(bioIn, bridge->getBuffer(), bytesTransfered);
char *buffer = (char *)malloc(sizeof(char) * 1024);
ZeroMemory(buffer, sizeof(buffer));
int retSSL = SSL_read(clientSSL, (void*)buffer, 1023);