SSL_connect 和 SSL_ERROR_SYSCALL [英] SSL_connect and SSL_ERROR_SYSCALL
问题描述
SSL_connect() 是否支持 ssl v3?我问这个的原因是,在访问网站时:
Does SSL_connect() support ssl v3?
The reason I am asking this is, while accessing the site :
https://secure53.onlineaccess1.com
我得到 SSL_connect(ssl) 的返回值为 <0 和 SSL_get_error() 为 5 和 ERR_get_error() 为 0.所以最终结果是我发现由于 SSL_get_error() 是 5,
I get a return value for SSL_connect(ssl) as <0 and SSL_get_error() as 5 and ERR_get_error() as 0. So the end result is I found out that since SSL_get_error() is 5,
SSL_ERROR_SYSCALL
SSL_ERROR_SYSCALL
发生了一些 I/O 错误.OpenSSL 错误队列可能包含有关错误的更多信息.如果错误队列为空(即ERR_get_error() 返回 0),可以使用 ret 来了解更多关于错误:如果 ret == 0,则观察到违反协议的 EOF.如果ret == -1,底层 BIO 报告了 I/O 错误(对于 socket I/O onUnix系统,详情请咨询errno).
Some I/O error occurred. The OpenSSL error queue may contain more information on the error. If the error queue is empty (i.e. ERR_get_error() returns 0), ret can be used to find out more about the error: If ret == 0, an EOF was observed that violates the protocol. If ret == -1, the underlying BIO reported an I/O error (for socket I/O on Unix systems, consult errno for details).
并且由于 ERR_get_error() 返回 0,这意味着观察到违反协议的 EOF.
And since ERR_get_error() returns 0, it means an EOF was observed that violates the protocol.
但这是否意味着它不支持 sslv3?
But does that mean it doesnot support sslv3?
我在命令行中使用 curl 尝试了 url,我不得不强制 v3 让它像这样工作:
I tried the url in command line using curl and I had to force v3 to get it to work like this :
curl -3 -v https://secure53.onlineaccess1.com
有没有办法解决这个错误?
And is there a way to fix this error?
推荐答案
我使用 SSLv23_method() 来启动连接.但我最好的猜测是服务器不理解 sslv2.由于此方法 将发送 SSLv2 客户端 hello 消息并表明它也理解 SSLv3 和 TLSv1,服务器不理解我想要什么并使用 EOF 关闭连接.
I was using SSLv23_method() to start the connection. But my best guess is the server doesn't understand sslv2. Since this method will send out SSLv2 client hello messages and will indicate that it also understands SSLv3 and TLSv1, the server did not understand what I wanted and closed the connection with an EOF.
所以我尝试使用 SSLv3_method() 连接到该服务器,并且成功了.所以我现在正在做的是尝试与 SSLv23_method() 连接,如果它失败了 SSL_ERROR_SYSCALL for SSL_get_error() 和 >0 对于 ERR_get_error(),我只是重置连接并使用 SSLv3_method() 重新开始.不是最好的方法,我知道.但它有效.
So I tried using SSLv3_method() to connect to this server and it worked. So what I am doing now is try to connect with SSLv23_method() and if it fails with a SSL_ERROR_SYSCALL for SSL_get_error() and a 0 for ERR_get_error(), I just reset the connection and start over again with SSLv3_method(). Not the best way, I know. But it works.
这篇关于SSL_connect 和 SSL_ERROR_SYSCALL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
