在我的应用程序中,我使用的是Native SSL Layer而不是openSSL,
看起来Handshake很好,但是在使用SSLWrite时出错并且错误代码是909,这意味着“错误的参数或无效的操作状态”,
知道出了什么问题?
无法附加文件,仅在此处发布一些相关的代码块,
bool MacSSL::connect( const char *hostName, int port ){
struct sockaddr_in addr;
struct hostent *ent;
struct in_addr host;
// int sock = 0;
//*socketNo = NULL;
if (hostName[0] >= '0' && hostName[0] <= '9')
{
host.s_addr = ::inet_addr(hostName);
}
else
{ ent = ::gethostbyname(hostName);
if (!ent)
{ printf("gethostbyname failed\n");
return ioErr;
}
memcpy(&host, ent->h_addr, sizeof(struct in_addr));
}
hSocket = socket(AF_INET, SOCK_STREAM, 0);
addr.sin_addr = host;
addr.sin_port = htons((u_short)port);
addr.sin_family = AF_INET;
if (::connect(hSocket, (struct sockaddr *) &addr, sizeof(struct sockaddr_in)) != 0)
{
return ioErr;
}
peerId.ipAddr = addr.sin_addr.s_addr;
peerId.port = htons(port);
return true;
}
bool MacSSL::clientHandshake( const char *host ){
setDefaultSSLArguments(host);
sslPing(&sSSLArguments);
return true;
}
void MacSSL::setDefaultSSLArguments(const char *pHostName){
sSSLArguments.tryVersion = kTLSProtocol1;
sSSLArguments.verbose = true;
sSSLArguments.resumableEnable = false;
sSSLArguments.allowAnyRoot = true;
sSSLArguments.allowExpired = true;
sSSLArguments.keepConnected = true;
if(pHostName){
sSSLArguments.hostName = (char *)malloc(strlen(pHostName)+1);
strcpy(sSSLArguments.hostName, (const char *)pHostName);
// strCpy(sSSLArguments.hostName,pHostName);
}
}
OSStatus MacSSL::sslPing(
sslPingArgs *pargs)
{
PeerSpec peerId;
OSStatus ortn;
pargs->negVersion = kSSLProtocolUnknown;
pargs->negCipher = SSL_NULL_WITH_NULL_NULL;
pargs->peerCerts = NULL;
if(!hSocket) {
return -1;
}
/*
* Set up a SecureTransport session.
* First the standard calls.
*/
ortn = SSLNewContext(false, &ctx);
if(ortn) {
printSslErrStr("SSLNewContext", ortn);
goto cleanup;
}
ortn = SSLSetIOFuncs(ctx, SocketRead, SocketWrite);
if(ortn) {
printSslErrStr("SSLSetIOFuncs", ortn);
goto cleanup;
}
ortn = SSLSetProtocolVersion(ctx, pargs->tryVersion);
if(ortn) {
printSslErrStr("SSLSetProtocolVersion", ortn);
goto cleanup;
}
ortn = SSLSetConnection(ctx, (SSLConnectionRef)(&hSocket));
if(ortn) {
printSslErrStr("SSLSetConnection", ortn);
goto cleanup;
}
if(!pargs->allowHostnameSpoof) {
/* if this isn't set, it isn't checked by APpleX509TP */
ortn = SSLSetPeerDomainName(ctx, pargs->hostName,
strlen(pargs->hostName) + 1);
if(ortn) {
printSslErrStr("SSLSetPeerDomainName", ortn);
goto cleanup;
}
}
/*
* SecureTransport options.
*/
if(pargs->resumableEnable) {
const void *rtnId = NULL;
size_t rtnIdLen = 0;
ortn = SSLSetPeerID(ctx, &peerId, sizeof(PeerSpec));
if(ortn) {
printSslErrStr("SSLSetPeerID", ortn);
goto cleanup;
}
/* quick test of the get fcn */
ortn = SSLGetPeerID(ctx, &rtnId, &rtnIdLen);
if(ortn) {
printSslErrStr("SSLGetPeerID", ortn);
goto cleanup;
}
if((rtnId == NULL) || (rtnIdLen != sizeof(PeerSpec))) {
}
else if(memcmp(&peerId, rtnId, rtnIdLen) != 0) {
}
}
if(pargs->allowExpired) {
ortn = SSLSetAllowsExpiredCerts(ctx, true);
if(ortn) {
printSslErrStr("SSLSetAllowExpiredCerts", ortn);
goto cleanup;
}
}
if(pargs->allowAnyRoot) {
ortn = SSLSetAllowsAnyRoot(ctx, true);
if(ortn) {
printSslErrStr("SSLSetAllowAnyRoot", ortn);
goto cleanup;
}
}
if(pargs->cipherRestrict != '\0') {
ortn = setCipherRestrictions(ctx, pargs->cipherRestrict);
if(ortn) {
goto cleanup;
}
}
/* get server cert and optional encryption cert as CFArrayRef */
//if(keyChainName)
{
pargs->clientCerts = getSslCerts(NULL, CSSM_FALSE, &serverKc);
if(pargs->clientCerts == nil) {
exit(1);
}
}
//if(encryptKeyChainName)
{
pargs->encryptClientCerts = getSslCerts(NULL, CSSM_TRUE,
&encryptKc);
if(pargs->encryptClientCerts == nil) {
exit(1);
}
}
if(pargs->clientCerts) {
ortn = SSLSetCertificate(ctx, pargs->clientCerts);
if(ortn) {
printSslErrStr("SSLSetCertificate", ortn);
goto cleanup;
}
}
if(pargs->encryptClientCerts) {
ortn = SSLSetEncryptionCertificate(ctx, pargs->encryptClientCerts);
if(ortn) {
printSslErrStr("SSLSetEncryptionCertificate", ortn);
goto cleanup;
}
}
/*** end options ***/
do
{ ortn = SSLHandshake(ctx);
if ( ortn == 0)
break;
else {
printf(" handshaking failed");
}
showSslError(ortn);
} while (ortn == errSSLWouldBlock);
/* this works even if handshake failed due to cert chain invalid */
copyPeerCerts(ctx, &pargs->peerCerts);
SSLGetNegotiatedCipher(ctx, &pargs->negCipher);
SSLGetNegotiatedProtocolVersion(ctx, &pargs->negVersion);
//1800 266 0000
//213 219
if(ortn) {
if(!pargs->silent) {
printf("\n");
}
goto cleanup;
}
if(pargs->verbose) {
printf(".... SSL Handshake Complete ");
}
cleanup:
if(!hSocket) {
endpointShutdown(hSocket);
}
if(ctx) {
SSLDisposeContext(ctx);
}
return ortn;
}
// blocking send of what's in the writeBuf followed by buf/len; returns true on successful write
bool MacSSL::send( const char *buf, int len ){
size_t sendLen;
OSStatus oss = SSLWrite(ctx, (void *)buf,len,&sendLen );
if ( oss < 0 ) {
showSslError(oss);
return false;
}
else {
return true;
}
return true;
}