SSL关闭,检查错误代码并考虑待处理数据

时间:2016-06-10 15:45:30

标签: c++ ssl boost openssl boost-asio

我想确保正确关闭SSL连接。从this question我找到了一个代码片段来区分正常关闭和短读错误:

// const boost::system::error_code &ec
if (ec.category() == asio::error::get_ssl_category() &&
  ec.value() == ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ)) {
  // -> not a real error, just a normal TLS shutdown
}

根据engine.ipp中的以下代码,上面的代码是有道理的:

const boost::system::error_code& engine::map_error_code(
    boost::system::error_code& ec) const
{
  // We only want to map the error::eof code.
  if (ec != boost::asio::error::eof)
    return ec;

  // If there's data yet to be read, it's an error.
  if (BIO_wpending(ext_bio_))
  {
    ec = boost::system::error_code(
        ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ),
        boost::asio::error::get_ssl_category());
    return ec;
  }

  // SSL v2 doesn't provide a protocol-level shutdown, so an eof on the
  // underlying transport is passed through.
  if (ssl_->version == SSL2_VERSION)
    return ec;

  // Otherwise, the peer should have negotiated a proper shutdown.
  if ((::SSL_get_shutdown(ssl_) & SSL_RECEIVED_SHUTDOWN) == 0)
  {
    ec = boost::system::error_code(
        ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ),
        boost::asio::error::get_ssl_category());
  }

  return ec;
}

在上面的代码中重新映射错误,然后我会特别检查。但在阅读上述功能后,我感到不安。

似乎两者都是:

  • if (BIO_wpending(ext_bio_))(要读取的数据)和
  • if ((::SSL_get_shutdown(ssl_) & SSL_RECEIVED_SHUTDOWN) == 0)(协商妥善关闭)

将生成我正在检查的相同错误。

如果(BIO_wpending(ext_bio_))为真,我的错误检查会错过错误吗?我不知道这张支票到底在看什么。这有关系吗?

0 个答案:

没有答案