OpenSSL的DTLSv1_Listen()在运行时暂停程序

时间:2017-12-06 01:23:06

标签: c++ openssl dtls

我尝试使用OpenSSL DTLS进行测试,创建一个程序,创建一个客户端和服务器套接字来回显套接字之间的字符串;但是,当我尝试测试DTLSv1_Listen()函数时,即使我没有尝试在套接字之间连接或发送数据,我的程序似乎也会暂停。注意:我正在使用1.0.2 OpenSSL,这是在DTLSv1_Listen()被重写之后。

这是我完整的C ++ winsock特定代码:

([,;]*)*\sà\s((\w+\s)+\w+)[\.,]

我希望结果如下:

#include <stdio.h>
#include <winsock2.h>
#include <ws2tcpip.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
//#include <openssl/applink.c>
#include <string>
#pragma comment(lib, "Ws2_32.lib")


struct DTLSStuff { //struct to contain DTLS object instances
    SSL_CTX *ctx;
    SSL *ssl;
    BIO *bio;
};

void DTLSErr() { //DTLS error reporting
    ERR_print_errors_fp(stderr);
    exit(1);
}

int newSocket(sockaddr_in addr) { //creates a socket and returns the file descriptor //TODO expand for multi-platform
    WSADATA wsaData;
    int fd;
    int iResult;

    iResult = WSAStartup(MAKEWORD(2, 2), &wsaData);                                                     //Initialize Winsock
    if (iResult != 0) { printf("WSAStartup failed: %d\n", iResult); exit(1); }

    fd = socket(AF_INET, SOCK_DGRAM, 0); if (fd < 0) { perror("Unable to create socket"); exit(1); }    //create socket
    printf("New Socket: %i\n", fd);
    if (bind(fd, (struct sockaddr *)&addr, sizeof(sockaddr)) < 0) { printf("bind failed with error %u\n", WSAGetLastError());   exit(1); }

    return fd;                                                                                          //file descriptor
}

void InitCTX(SSL_CTX *ctx, bool IsClient) { //Takes a ctx object and initializes it for DTLS communication
    if (IsClient) {
        if(SSL_CTX_use_certificate_chain_file(ctx, "client-cert.pem") < 0) { printf("Failed loading client cert");}
        if(SSL_CTX_use_PrivateKey_file(ctx, "client-key.pem", SSL_FILETYPE_PEM) < 0) { printf("Failed loading client key"); }
    }
    else {
        if (SSL_CTX_use_certificate_chain_file(ctx, "server-cert.pem") < 0) { printf("Failed loading client cert"); }
        if (SSL_CTX_use_PrivateKey_file(ctx, "server-key.pem", SSL_FILETYPE_PEM) < 0) { printf("Failed loading client key"); }
    }
    //SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_cert);    //omitted for testing
    //SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie);     //omitted for testing
    //SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie);         //omitted for testing
    SSL_CTX_set_read_ahead(ctx, 1);
}

int main() { //creates client and server sockets and DTLS objects. TODO: have client complete handshake with server socket and send a message and have the server echo it back to client socket
    BIO_ADDR *faux_addr = BIO_ADDR_new(); // for DTLSv1_listen(), since we are this is both client and server (meaning client address is known) it is only used to satisfy parameters.
    ERR_load_BIO_strings();
    SSL_load_error_strings();   
    SSL_library_init();         

    //Set up addresses
    sockaddr_in client_addr;
    client_addr.sin_family = AF_INET;
    client_addr.sin_port = htons(25501);
    client_addr.sin_addr.s_addr = INADDR_ANY;
    sockaddr_in server_addr;
    server_addr.sin_family = AF_INET;
    server_addr.sin_port = htons(25500);
    server_addr.sin_addr.s_addr = INADDR_ANY;

    //*********CLIENT
    DTLSStuff ClientInf;
    ClientInf.ctx = SSL_CTX_new(DTLSv1_client_method());
    InitCTX(ClientInf.ctx,true);
    int ClientFD = newSocket(client_addr); 
    ClientInf.bio = BIO_new_dgram(ClientFD, BIO_NOCLOSE);
    ClientInf.ssl = SSL_new(ClientInf.ctx);
    //SSL_set_options(ClientInf.ssl, SSL_OP_COOKIE_EXCHANGE); //omitted for testing
    SSL_set_bio(ClientInf.ssl, ClientInf.bio, ClientInf.bio);

    //*********SERVER
    DTLSStuff ServerInf;
    ServerInf.ctx = SSL_CTX_new(DTLSv1_server_method());
    InitCTX(ServerInf.ctx,false);
    int ServerFD = newSocket(server_addr); 
    ServerInf.bio = BIO_new_dgram(ServerFD, BIO_NOCLOSE);
    ServerInf.ssl = SSL_new(ServerInf.ctx);
    //SSL_set_options(ServerInf.ssl, SSL_OP_COOKIE_EXCHANGE); //omitted for testing
    SSL_set_bio(ServerInf.ssl, ServerInf.bio, ServerInf.bio);

    printf("Listen attempt...\n");  
    int ret = DTLSv1_listen(ServerInf.ssl, faux_addr);
    if (ret < 0) { DTLSErr(); }
    printf("this print should occur, but it never does");
    exit(1);
}

然而,在运行程序时,它永远不会打印最后一行。该程序似乎响应,因为我能够通过ctrl + c取消可执行文件,所以我假设它没有崩溃或冻结,但除此之外,我不知所措。我的理解是,如果没有任何反应,该方法应返回0,如果听到clienthello则返回&gt;如果发生错误则返回&lt; 0。

另外,一个有点相关的问题:由于DTLSv1_Listen()需要BIO_ADDR来存储传入请求地址这是否意味着单独的客户端和服务器程序如果希望能够同时发送和侦听都需要2个套接字?通常,UDP客户端和服务器只需要一个套接字,但我似乎无法通过OpenSSL的DTLS来设计这个设计。

我感谢你的时间。

1 个答案:

答案 0 :(得分:0)

我没有在代码中看到您将套接字设置为非阻塞的任何位置。在默认阻止模式下,当您尝试从套接字读取时,程序将暂停直到数据到达。如果您不想这样做,那么请确保您设置了合适的选项(我不是Windows程序员,但ioctlsocket似乎可以完成这项工作:https://msdn.microsoft.com/en-us/library/windows/desktop/ms738573(v=vs.85).aspx

  

这是否意味着单独的客户端和服务器程序如果希望能够发送和收听,则都需要2个套接字

使用DTLSv1_listen()时,您正在使用未连接状态的套接字,因此您可能会收到来自多个客户端的UDP数据包。 DTLS是基于连接的,因此一旦DTLSv1_listen()成功返回,您应该创建一个到客户端地址的“连接”套接字。因此,您有一个用于侦听新连接的套接字,以及每个客户端与服务器通信的一个套接字。

相关问题
最新问题