OpenSSL自定义扩展回调函数

时间:2018-12-12 11:41:20

标签: c ssl openssl network-programming tls1.2

我正在使用OpenSSL自定义扩展API创建自定义扩展。

函数SSL_CTX_add_client_custom_ext和SSL_CTX_custom_ext返回1,即成功,但问题是调用了某些回调函数来对我们需要添加或解析的数据进行操作。我添加了某些调试语句,以查明它们是否被调用,而我认为没有。

@Volatile
private lateinit var box: BoxStore
class BoxKeeper private constructor() {
    companion object {
        var instance: BoxStore
            get() = box
            set(_) {}

        fun init(context: Context) {
            if (::box.isInitialized.not())
                box = MyObjectBox.builder().androidContext(context).build()
        }

    }
}

与SSL_CTX相关的代码是:

static int old_add_cb(SSL *s, unsigned int ext_type, const unsigned 
char **out, size_t *outlen, int *al, void *add_arg) {

 printf("called!!");
     return 1;
}

static void old_free_cb(SSL *s, unsigned int ext_type, const unsigned 
char *out, void *add_arg) {

    printf("called!!");
    OPENSSL_free((unsigned char *)out);
}

static int old_parse_cb(SSL *s, unsigned int ext_type, const 
 unsigned char *in, size_t inlen, int *al, void *parse_arg) {

       printf("called!!");     
       return 1;
}

'SSL_CTX_add_custom_ext'函数返回1,但未执行回调函数中的print语句。

1 个答案:

答案 0 :(得分:1)

来自Openssl doc about SSL_extension_supported 我们可以看到以下语句:

  

对于ServerHello和EncryptedExtension消息,当且仅当满足指定上下文的要求并且在ClientHello中接收到相应的扩展名时,每个注册的add_cb才被调用一次。也就是说,如果ClientHello中未收到相应的扩展名,则不会调用add_cb。

我的意思是,只有在服务器验证并接受包含扩展名的ClientHello时,双方(即客户端和服务器)的回调才会执行。因此,您应该向服务器(如客户端)添加扩展名(此处为回调),以确保要执行回调。这是我的示例:

static int ext_add_cb(SSL *s, unsigned int ext_type,
                      const unsigned char **out,
                      size_t *outlen, int *al, void *add_arg)
{
    switch (ext_type) {
        case 65280:
            printf("ext_add_cb from client called!\n");
            break;

        default:
            break;
    }
    return 1;
}

static void ext_free_cb(SSL *s, unsigned int ext_type,
                        const unsigned char *out, void *add_arg)
{
    printf("ext_free_cb from client called\n");

}

static int ext_parse_cb(SSL *s, unsigned int ext_type,
                        const unsigned char *in,
                        size_t inlen, int *al, void *parse_arg)
{
    printf("ext_parse_cb from client called!\n");
    return 1;
}

服务器类似于客户端。然后在main中添加寄存器:

    int result = SSL_CTX_add_client_custom_ext(ctx, 65280, ext_add_cb, ext_free_cb, NULL, ext_parse_cb, NULL);

运行服务器,然后运行客户端,我收到此消息:

# server:
ext_parse_cb from server called!
ext_add_cb from server called!
ext_free_cb from server called!


# client:
ext_add_cb from client called!
ext_free_cb from client called
ext_parse_cb from client called!
相关问题
最新问题