我正在尝试编写一个使用OpenSSL的简单Web服务器。我一直收到“破管”的错误。即使我处理错误,似乎套接字永远不会打开来写。
我做错了什么?
这是我的代码:
/*
* I created tempory certificates like this:
*
* openssl req -newkey rsa:1024 -x509 -keyout key.pem -out root.pem
*
* I compile like this:
*
* gcc -g -o webssl webssl.c -lssl -lcrypto
*
* I get this error:
*
* Program received signal SIGPIPE, Broken pipe.
*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <fcntl.h>
#include "openssl/bio.h"
#include "openssl/ssl.h"
#include "openssl/err.h"
const char *password = "jake";
const char *KEY_FILE = "key.pem";
const char *CA_LIST = "root.pem";
const char *response = "HTTP/1.0 200 OK\r\nServer : webssl\r\n\r\n<html><head><title>Hello World!</title></head><body><h1>Hello world!</h1></body></html>";
void sigpipe_handle(int x)
{
printf("broken pipe\n");
}
int password_cb(char *buf, int num, int rwflag, void *userdata)
{
if(num<strlen(password)+1)
return 0;
strcpy(buf, password);
return strlen(password);
}
int main(int argc, char *argv[])
{
SSL *ssl = NULL;
SSL_CTX *ctx = NULL;
int listenfd, clientfd;
struct sockaddr_in clientaddr;
socklen_t addrlen;
char *port = "8080";
struct addrinfo hints, *res;
char buffer[5000];
SSL_library_init();
/* Set up a SIGPIPE handler */
signal(SIGPIPE,sigpipe_handle);
ctx = SSL_CTX_new(SSLv23_server_method());
SSL_CTX_use_certificate_chain_file(ctx, KEY_FILE);
SSL_CTX_set_default_passwd_cb(ctx, password_cb);
SSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM);
SSL_CTX_load_verify_locations(ctx, CA_LIST, 0);
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = AI_PASSIVE;
getaddrinfo(NULL, port, &hints, &res);
listenfd = socket(res->ai_family, res->ai_socktype, 0);
bind(listenfd, res->ai_addr, res->ai_addrlen);
freeaddrinfo(res);
listen(listenfd, 15);
while (1) {
addrlen = sizeof(clientaddr);
clientfd = accept(listenfd, (struct sockaddr *)&clientaddr, &addrlen);
ssl = SSL_new(ctx);
SSL_set_fd(ssl, clientfd);
SSL_accept(ssl);
SSL_read(ssl, buffer, 5000);
SSL_write(ssl, response, strlen(response));
SSL_free(ssl);
close(clientfd);
}
return 0;
}
答案 0 :(得分:1)
您可以尝试signal(SIGPIPE, SIG_IGN)。这应该使send返回EPIPE错误。否则,您可以在向发送呼叫发送MSG_NOSIGNAL标志的注释中遵循Kerrek SB的建议。
答案 1 :(得分:1)
SIGPIPE, Broken Pipe in a simple OpenSSL web server
我认为我生成的证书错了。我需要使用像我这样的server.pem:
openssl req -newkey rsa:1024 -x509 -keyout key.pem -out root.pem
cat key.pem root.pem > server.pem
我仍然不太确定问题是什么,但是此代码可以运行:
/*
* Created my new server.pem like this:
*
* openssl req -newkey rsa:1024 -x509 -keyout key.pem -out root.pem
* cat key.pem root.pem > server.pem
*
* Compiled like this:
* gcc -o webssl webssl.c -lssl -lcrypto
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <netdb.h>
#include <fcntl.h>
#include <signal.h>
#include <unistd.h>
#include <string.h>
#include <openssl/ssl.h>
const int PORT = 3000;
const char *CA_LIST = "root.pem";
const char *KEY_FILE = "server.pem";
const char *PASSWORD = "jake";
const char *message = "HTTP/1.0 200 OK\r\nServer: webssl\r\n\r\n<html><head><title>Hi</title></head><body><h1>Hello World!</h1></body></html>";
static int password_cb(char *buf, int num, int rwflag, void *userdata)
{
if(num<strlen(PASSWORD)+1)
return(0);
strcpy(buf,PASSWORD);
return(strlen(PASSWORD));
}
static void sigpipe_handle(int x) {}
int main(int argc, char *argv[])
{
struct sockaddr_in sin;
int sock, s;
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
char buffer[5000];
BIO *sbio = NULL;
BIO *io = NULL;
BIO *ssl_bio = NULL;
SSL_library_init();
signal(SIGPIPE, sigpipe_handle);
ctx = SSL_CTX_new(SSLv23_method());
SSL_CTX_use_certificate_chain_file(ctx, KEY_FILE);
SSL_CTX_set_default_passwd_cb(ctx, password_cb);
SSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM);
SSL_CTX_load_verify_locations(ctx, CA_LIST, 0);
sock = socket(AF_INET, SOCK_STREAM, 0);
memset(&sin, 0, sizeof(sin));
sin.sin_addr.s_addr = INADDR_ANY;
sin.sin_family = AF_INET;
sin.sin_port = htons(PORT);
bind(sock, (struct sockaddr *)&sin, sizeof(sin));
listen(sock, 5);
while (1) {
memset(buffer, 0, 5000);
s = accept(sock, 0, 0);
sbio=BIO_new_socket(s,BIO_NOCLOSE);
ssl = SSL_new(ctx);
SSL_set_bio(ssl,sbio,sbio);
SSL_accept(ssl);
io=BIO_new(BIO_f_buffer());
ssl_bio=BIO_new(BIO_f_ssl());
BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE);
BIO_push(io,ssl_bio);
BIO_gets(io, buffer, 5000);
BIO_puts(io, message);
BIO_flush(io);
SSL_shutdown(ssl);
SSL_free(ssl);
close(s);
}
return 0;
}