我试图编写一个连接到OpenSSL服务器的c ++应用程序。 我可以发送未损坏的数据到服务器,但读取操作只读取1个字节。
代码:
char* dest_url = "147.87.116.74";
X509 *cert = NULL;
X509_name_st *certname = NULL;
const SSL_METHOD *method;
SSL_CTX *ctx;
SSL *ssl;
int server = 0;
int ret, i;
/* ---------------------------------------------------------- *
* These function calls initialize openssl for correct work. *
* ---------------------------------------------------------- */
OpenSSL_add_all_algorithms();
ERR_load_BIO_strings();
ERR_load_crypto_strings();
SSL_load_error_strings();
/* ---------------------------------------------------------- *
* initialize SSL library and register algorithms *
* ---------------------------------------------------------- */
SSL_library_init();
/* ---------------------------------------------------------- *
* Set SSLv2 client hello, also announce SSLv3 and TLSv1 *
* ---------------------------------------------------------- */
method = TLSv1_2_client_method();
/* ---------------------------------------------------------- *
* Try to create a new SSL context *
* ---------------------------------------------------------- */
ctx = SSL_CTX_new(method);
/* ---------------------------------------------------------- *
* SSL certificate checking AND MY STUFF
* thanks guys http://h71000.www7.hp.com/doc/83final/ba554_90007/ch05s03.html
* ---------------------------------------------------------- */
SSL_CTX_load_verify_locations(ctx, "ca.crt", nullptr);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
SSL_CTX_set_verify_depth(ctx, 1);
/* ---------------------------------------------------------- *
* Create new SSL connection state object *
* ---------------------------------------------------------- */
ssl = SSL_new(ctx);
/* ---------------------------------------------------------- *
* Make the underlying TCP socket connection *
* ---------------------------------------------------------- */
server = create_socket(dest_url);
/* ---------------------------------------------------------- *
* Attach the SSL session to the socket descriptor *
* ---------------------------------------------------------- */
SSL_set_fd(ssl, server);
/* ---------------------------------------------------------- *
* Try to SSL-connect here, returns 1 for success *
* ---------------------------------------------------------- */
SSL_connect(ssl);
/* ---------------------------------------------------------- *
* send some text *
* -----------------------------------------------------------*/
char* tSend = "testdata";
int sendSize = strlen(tSend);
int net_tSend = htonl(sendSize);
SSL_write(ssl, &net_tSend, 4);
SSL_write(ssl, tSend, sendSize);
long size = 0L;
int bytesread = SSL_read(ssl, &size, 4);
我的问题: 是否必须使用BIO对象? 为什么read()函数只读取1个字节? 我如何检索/读取错误?
答案 0 :(得分:2)
读取的字节数是任意的。如果您确切知道应该接收多少字节,则可以使用准确读取该数字的函数。
此函数是SSL_read的替代品,除非出现错误,否则始终精确读取指定的字节数。它在出错时返回< 0(call SSL_get_error)。如果连接关闭,它返回0。成功时,它返回读取的字节数,它将始终与请求的数字相同。
int SSL_read_all(SSL *ssl, void* buf, int num)
{
char* ptr = reinterpret_cast<char*>(buf);
int read_bytes = 0;
while (read_bytes < num)
{
int r = SSL_read(ssl, ptr + read_bytes, num - read_bytes);
if (r <= 0)
return r;
read_bytes += r;
}
return read_bytes;
}
如果OpenSSL直接与套接字通话,则无需明确使用BIO。
答案 1 :(得分:0)
您可以像这样读取所有SSL流:
char buf[1024];
int c=1024;
while(c==1024)
{
c=SSL_read(ssl,buf,1024);
buf[c]='\0';
printf("%s",buf);
}