我使用我发现的一些示例代码在C中编写了一个简单的SSL / HTTPS客户端,当我使用它向https服务器发送GET请求时,我得到一个不寻常的响应,这是来自stackoverflow.com的响应:
HTTP / 1.1 200 OK Cache-Control:public,no-cache =“Set-Cookie”, max-age = 36内容类型:text / html; charset = utf-8到期:1月3日星期六 2015 16:54:57 GMT Last-Modified:星期六,03 Jan 2015 16:53:57 GMT变化:* X-Frame-Options:SAMEORIGIN Set-Cookie: 省= 407726d8-1493-4ebd-8657-8958be5b2683;域= .stackoverflow.com; expires =星期五,01年1月1日至2055 00:00:00 GMT;路径= /; HttpOnly日期:星期六,03 2015年1月16:54:20 GMT内容 - 长度:239129
<title>Stack Overflow</title> <link rel="shortcut icon" href="//cdn.sstatic.net/stackoverflow/img/favicon.ico?v=038622610830"> <link rel="apple-touch-icon image_src" href="//cdn.sstatic.net/stackoverflow/img/apple-touch-icon.png?v=fd7230a85918"> <link rel="search" type="application/opensearchdescription+xml" title="Stack Overflow" href="/opensearch.xml"> <meta name="twitter:card" content="summary"> <meta name="twitter:domain" content="stackoverflow.com"/> <meta property="og:type" content="website" /> <meta property="og:image" itemprop="image primaryImageOfPage" content="http://cdn.sstatic.net/stackoverflow/img/apple-touch-icon@2.png?v=fde65a5a78c6"/&GT;
当我使用openssl命令行工具执行相同的操作时,我得到一个包含索引页面的正常响应。我已经尝试更改一些代码并遵循不同的教程,但似乎没有任何工作。如何让程序返回索引页而不是我当前得到的响应?,这是该程序的源代码:
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <openssl/bio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
/**
* Simple log function
*/
void slog(char* message) {
fprintf(stdout, message);
}
/**
* Print SSL error details
*/
void print_ssl_error(char* message, FILE* out) {
fprintf(out, message);
fprintf(out, "Error: %s\n", ERR_reason_error_string(ERR_get_error()));
fprintf(out, "%s\n", ERR_error_string(ERR_get_error(), NULL));
ERR_print_errors_fp(out);
}
/**
* Print SSL error details with inserted content
*/
void print_ssl_error_2(char* message, char* content, FILE* out) {
fprintf(out, message, content);
fprintf(out, "Error: %s\n", ERR_reason_error_string(ERR_get_error()));
fprintf(out, "%s\n", ERR_error_string(ERR_get_error(), NULL));
ERR_print_errors_fp(out);
}
/**
* Initialise OpenSSL
*/
void init_openssl() {
/* call the standard SSL init functions */
SSL_load_error_strings();
SSL_library_init();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms();
/* seed the random number system - only really nessecary for systems without '/dev/random' */
/* RAND_add(?,?,?); need to work out a cryptographically significant way of generating the seed */
}
/**
* Connect to a host using an encrypted stream
*/
BIO* connect_encrypted(char* host_and_port, char* store_path, SSL_CTX** ctx, SSL** ssl) {
BIO* bio = NULL;
int r = 0;
/* Set up the SSL pointers */
*ctx = SSL_CTX_new(TLSv1_client_method());
*ssl = NULL;
r = SSL_CTX_load_verify_locations(*ctx, store_path, NULL);
if (r == 0) {
print_ssl_error_2("Unable to load the trust store from %s.\n", store_path, stdout);
return NULL;
}
/* Setting up the BIO SSL object */
bio = BIO_new_ssl_connect(*ctx);
BIO_get_ssl(bio, ssl);
if (!(*ssl)) {
print_ssl_error("Unable to allocate SSL pointer.\n", stdout);
return NULL;
}
SSL_set_mode(*ssl, SSL_MODE_AUTO_RETRY);
/* Attempt to connect */
BIO_set_conn_hostname(bio, host_and_port);
/* Verify the connection opened and perform the handshake */
if (BIO_do_connect(bio) < 1) {
print_ssl_error_2("Unable to connect BIO.%s\n", host_and_port, stdout);
return NULL;
}
if (SSL_get_verify_result(*ssl) != X509_V_OK) {
print_ssl_error("Unable to verify connection result.\n", stdout);
}
return bio;
}
/**
* Read a from a stream and handle restarts if nessecary
*/
ssize_t read_from_stream(BIO* bio, char* buffer, ssize_t length) {
ssize_t r = -1;
while (r < 0) {
r = BIO_read(bio, buffer, length);
if (r == 0) {
print_ssl_error("Reached the end of the data stream.\n", stdout);
continue;
} else if (r < 0) {
if (!BIO_should_retry(bio)) {
print_ssl_error("BIO_read should retry test failed.\n", stdout);
continue;
}
/* It would be prudent to check the reason for the retry and handle
* it appropriately here */
}
};
return r;
}
/**
* Write to a stream and handle restarts if nessecary
*/
int write_to_stream(BIO* bio, char* buffer, ssize_t length) {
ssize_t r = -1;
while (r < 0) {
r = BIO_write(bio, buffer, length);
if (r <= 0) {
if (!BIO_should_retry(bio)) {
print_ssl_error("BIO_read should retry test failed.\n", stdout);
continue;
}
/* It would be prudent to check the reason for the retry and handle
* it appropriately here */
}
}
return r;
}
/**
* Main SSL demonstration code entry point
*/
int main() {
char* host_and_port = "stackoverflow.com:443";
char* server_request = "GET / HTTP/1.1\r\nHost: stackoverflow.com\r\n\r\n";
char* store_path = "mycert.pem";
char buffer[4096];
buffer[0] = 0;
BIO* bio;
SSL_CTX* ctx = NULL;
SSL* ssl = NULL;
/* initilise the OpenSSL library */
init_openssl();
if ((bio = connect_encrypted(host_and_port, store_path, &ctx, &ssl)) == NULL)
return (EXIT_FAILURE);
write_to_stream(bio, server_request, strlen(server_request));
read_from_stream(bio, buffer, 4096);
printf("%s\r\n", buffer);
/* clean up the SSL context resources for the encrypted link */
SSL_CTX_free(ctx);
return (EXIT_SUCCESS);
}
答案 0 :(得分:1)
您调用read_from_stream最多可读取4096个字节,但答案可能比此长得多。您必须重试读取,直到调用返回0.您还要在每次读取之前清除缓冲区。像这样:
int l;
bzero(buffer,4096); // clean the buffer
while ((l=read_from_stream(bio,buffer,4096)) { // try to read 4096 bytes
printf("%s",buffer); // write exactly what was read...
bzero(buffer,4096); // clean the buffer
}
请注意,服务器可以向您发送ASCII nul字节(在HTML页面中很少见,但可能用于其他类型的数据)...此代码并未将此考虑在内。
通常你必须解码标题,然后解码Content-Length:标题。它旨在为您提供在 HTTP标头之后读取的数据字节数(在您的示例中为239129)。
答案 1 :(得分:1)
除了您只读取固定数量的字节(如其他响应中所述)之外,您正在执行HTTP / 1.1请求。这意味着答案的长度可以由Content-Length标题,Transfer-Encoding: chunked或文件结尾指定。并且由于HTTP / 1.1默认允许通过单个连接(保持活动)的多个请求,因此简单的读取方法可能会导致连接停止,因为服务器不会关闭连接而是等待新的请求。 / p>
如果您要发出HTTP / 1.0请求,则不必处理所有这些问题,即默认情况下没有分块模式且没有保持活动状态。然后你可以简单地阅读,直到你得到更多的数据。