我的问题;
我尝试了一些主机名地址,以通过嵌入式系统连接到服务器。
不幸的是,我发生了连接错误。
实例,我可以连接到“ www.google.com”,而不能连接到“ www.wikipedia.org”。
res = SSL_connect(ssl)函数返回值-1。
当我调用result = ERR_error_string(err, buf);的函数时,我检索到“未知错误代码”。
int rl_ssl_fetch_webpage(void)
{
long res = 1;
int ret = 1;
unsigned long ssl_err = 0;
int sockfd = 0;
SSL *ssl = NULL;
SSL_CTX *ctx = NULL;
init_openssl();
do{
const SSL_METHOD *method = SSLv23_client_method();
ssl_err = ERR_get_error();
if(method == NULL){
error_msg(ssl_err, "SSLv23_client_method");
break;
}
ctx = SSL_CTX_new(method);
ssl_err = ERR_get_error();
if(ctx == NULL){
error_msg(ssl_err, "SSL_CTX_new");
break;
}
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
ssl = SSL_new(ctx);
ssl_err = ERR_get_error();
if(ssl == NULL){
error_msg(ssl_err, "SSL_new");
break;
}
sockfd = conn_socket();
res = SSL_set_fd(ssl, sockfd);
ssl_err = ERR_get_error();
if(res != 1){
error_msg(ssl_err, "SSL_set_fd");
break;
}
res = SSL_connect(ssl);
ssl_err = ERR_get_error();
if(res != 1){
ssl_err = ERR_get_error();
error_msg(res, "SSL_connect");
break;
}..........
static int conn_socket(void)
{
int res, sockfd;
struct addrinfo hints = {}, *srvaddrs;
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
if((res = getaddrinfo(HOST_NAME, HOST_PORT, &hints, &srvaddrs)) != 0){
perror("ERROR: getaddrinfo()\n");
exit(EXIT_FAILURE);
}
if((sockfd = socket(srvaddrs->ai_family, srvaddrs->ai_socktype, srvaddrs->ai_protocol)) < 0){
perror("ERROR: socket()\n");
exit(EXIT_FAILURE);
}
struct timeval timeout;
timeout.tv_sec = 2; //seconds
timeout.tv_usec = 0; //microseconds
socklen_t opt_len = sizeof(timeout);
setsockopt(sockfd, SOL_SOCKET, SO_RCVTIMEO, (void *) &timeout, opt_len);
if(connect(sockfd, srvaddrs->ai_addr, srvaddrs->ai_addrlen) != 0){
close(sockfd);
perror("ERROR: connect()\n");
exit(EXIT_FAILURE);
}
freeaddrinfo(srvaddrs);
return sockfd;
}
头文件
#ifndef __RL_OPENSSL_H__
#define __RL_OPENSSL_H__
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <netdb.h>
#include <netinet/in.h>
#define HOST_NAME "www.wikipedia.org" //non-working
//#define HOST_NAME "www.google.com" //working
#define HOST_PORT "443"
#define HOST_RESOURCE "/ "
#endif
感谢您的帮助。
答案 0 :(得分:0)
某些服务器可能不接受使用SSL v2/v3进行通信,因为它们不再被认为是安全的。因此,您不应使用SSLv23_client_method(),而应使用TLSv1_1_method()或TLSv1_2_method()。
您可以尝试使用openssl s_client进行连接,以查看服务器是否接受连接,例如:
openssl s_client -connect www.google.com:443 -tls1
您将获得很多有趣的信息/错误消息:
openssl s_client -connect www.google.com:443 -tls1
CONNECTED(00000003)
depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = www.google.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google LLC/CN=www.google.com
i:/C=US/O=Google Trust Services/CN=GTS CA 1O1
1 s:/C=US/O=Google Trust Services/CN=GTS CA 1O1
i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgIRALgy9sW+NYwCCAAAAAAyCqkwDQYJKoZIhvcNAQELBQAw
QjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET
MBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMDAzMDMwOTQ1NTJaFw0yMDA1MjYwOTQ1
NTJaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRcwFQYDVQQDEw53
d3cuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOsG
BXpTDutwvQ/iVIg7/Z/r8thSgauiXw/tbT5nCVK/7AlsU2ELv8uhImpNdfteA8hy
/7M7NbYtcv0M+deAc6NKwyaLBAblBX+kv2TFn7xozsc6OeAahoH2CSy/XD+RQ2Uw
2TEFC6qqXrFAmmhxq/vJArMtx7hFcz3AugCm+EBTHPw0O8JQ++w2e2cm5sQNU0yo
XUFijBpgwd8ao6o5vxQowU3Ll1LqTxVH+05AGP9pYAgBw/V1oLO55uJCyDA49NM9
Tu/JCcRdIYHmkzsmG1lYHVhHFNReTNUJktM+JUPWIuUVKZ4vtRnl+N3cfRRSZA6D
pWd8RWj9N5HUYLzFRhUCAwEAAaOCAlQwggJQMA4GA1UdDwEB/wQEAwIFoDATBgNV
HSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRie0J7d0P3
ZRHofG6m15SHZfquLDAfBgNVHSMEGDAWgBSY0fhuEOvPm+xgnxiQG6DrfQn9KzBk
BggrBgEFBQcBAQRYMFYwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnBraS5nb29n
L2d0czFvMTArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nL2dzcjIvR1RTMU8x
LmNydDAZBgNVHREEEjAQgg53d3cuZ29vZ2xlLmNvbTAhBgNVHSAEGjAYMAgGBmeB
DAECAjAMBgorBgEEAdZ5AgUDMC8GA1UdHwQoMCYwJKAioCCGHmh0dHA6Ly9jcmwu
cGtpLmdvb2cvR1RTMU8xLmNybDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2ALIe
BcyLos2KIE6HZvkruYolIGdr2vpw57JJUy3vi5BeAAABcKAAg3wAAAQDAEcwRQIh
AMJ/c8ZbNPsSen29pgnNHYpB3gaqkvGLj8A1OQh426qgAiA8xl9x0O9E5iHnw8eA
HAFtNzNksUKgi9eZF1Syoso6fgB2AF6nc/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQY
dZaBcUVYAAABcKAAg7UAAAQDAEcwRQIhAJv2i8XAkvaydDFbrLSjH0AxEy/lp+zp
9xcNXL4wiq6cAiAmOQEF8x98iI/g3V29uRam3llGAYJk/hfh+q/EVuGvBTANBgkq
hkiG9w0BAQsFAAOCAQEAkLRZ5s4RGALv9+sZCL0F4+1FxZPiNyTWEpZsrJhfb6rM
AZQnrFNw4yjV+W+aQSvdZPWvk51ZOfY9OxwW3mhmG59v/XfOvsj/E+1mACHcIqtn
HwPWIKZm/nNY8q+7jhj+5XqvPXSrLpo3F+8QX4EBOldLtZBJM9nEyfVBSnZidyxk
swIgWkMZ59JEg3xrouKCZvKp4vLaHXKsxK6Hv24CqNI/5efv0vYmrb5w/0Uk+OqB
+r0mkiUYHVArDMbQuK/zfiKCOCSZ+hh9yQyqsfPeh5LecT9b9XXTDe2gcESZTrxI
d/OiDxO4NtHAqm9/NV9oZD/KghjdEoyUjs8X3vFrYg==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google LLC/CN=www.google.com
issuer=/C=US/O=Google Trust Services/CN=GTS CA 1O1
---
No client certificate CA names sent
Peer signing digest: MD5-SHA1
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3223 bytes and written 205 bytes
Verification: OK
---
New, TLSv1.0, Cipher is ECDHE-RSA-AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES128-SHA
Session-ID: 26FD4773D0080E5A82A50879045993898C39ED81ED5F5952F2C50A5994143EB1
Session-ID-ctx:
Master-Key: 5358DCE2846B87848015E97A904405CDB0B24D30002A890E51C3007A6AB63B34E7903035F5E0054B7A91E8B3FC087D7B
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 100800 (seconds)
TLS session ticket:
0000 - 01 83 ab 00 79 09 65 62-06 e5 5b 4d 14 72 6f 99 ....y.eb..[M.ro.
0010 - f8 76 35 6d f7 11 81 a9-b7 f6 9b 0a f6 5a ec 9a .v5m.........Z..
0020 - 3b cc 96 f5 20 17 ec 67-2d 6f e7 8b 54 c2 40 2a ;... ..g-o..T.@*
0030 - cc 22 ba 93 04 55 e6 6d-79 59 22 d7 f2 78 b8 0a ."...U.myY"..x..
0040 - 2b a5 e1 e2 b3 00 0d 95-ef e1 54 a4 eb e3 e3 5b +.........T....[
0050 - 42 b8 e4 63 e9 4e f7 b0-24 a0 bb 3d 47 d6 97 17 B..c.N..$..=G...
0060 - c2 8d 18 1b e8 ea ff c4-4d 67 b3 16 d4 62 5d aa ........Mg...b].
0070 - 51 74 dc 06 d1 93 32 b5-2c 3c dc 52 ef 70 ca d1 Qt....2.,<.R.p..
0080 - fd 40 3f 63 e1 d7 01 d7-31 b1 68 31 cd eb 81 1c .@?c....1.h1....
0090 - cb ac c9 54 77 64 66 40-17 9f d8 07 79 f1 e1 c9 ...Twdf@....y...
00a0 - ba 1d ef fb 35 c0 bc b8-54 fc 5f df 0f a7 a9 5d ....5...T._....]
00b0 - 3a cb f0 18 0c 9b 06 15-27 f2 d2 1d 00 b0 88 0b :.......'.......
00c0 - c3 d0 89 3c 06 06 19 bf-a9 a1 f9 9b 96 64 64 d0 ...<.........dd.
00d0 - 80 09 d5 4c 15 65 4d ad-99 24 db 61 17 ff d6 c7 ...L.eM..$.a....
00e0 - c1 14 ..
Start Time: 1586289576
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
openssl s_clientread:errno=0
这应该有助于您进一步研究为什么可以连接到某些服务器而不是其他服务器。