在 PHP 中:OpenSSL 错误消息:错误:1409F07F:SSL 例程:SSL3_WRITE_PENDING:错误写入重试 [英] In PHP: OpenSSL Error messages: error: 1409F07F: SSL routines: SSL3_WRITE_PENDING: bad write retry

问题描述

我正在尝试在 PHP 中使用 SSL/TLS 连接发送大量数据.如果数据块不是很大，或者如果我不使用 TLS，但我需要(接近 2MiB)，fwrite 函数显示警告:

I'm trying to send a huge amount of data using SSL/TLS connection in PHP. It works pretty well if the data chunk isn't very big or if I don't use TLS, but what I need (near 2MiB), the fwrite function shows the warning:

警告:fwrite():SSL 操作失败，代码为 1.OpenSSL 错误消息:错误:1409F07F:SSL 例程:SSL3_WRITE_PENDING:错误写入重试

Warning: fwrite(): SSL operation failed with code 1. OpenSSL Error messages: error: 1409F07F: SSL routines: SSL3_WRITE_PENDING: bad write retry

我用来连接客户端的相关代码:

The relevant code I'm using to connect clients:

$cntxt = stream_context_create(array('ssl' => array('local_cert' => 'certificate.pem')));
$server = stream_socket_server('tls://127.0.0.1:8080', $errno, $errstr, STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $cntxt);

// Wait for client connection //

$client = stream_socket_accept($server);
// Use non-blocking socket to allow answering many clients at a time
stream_set_blocking($client, 0);
$clients[] = $client;

当发送数据时，它被附加到一个缓冲区，并且不时地为每个客户端和链接的缓冲区调用这个函数:

When sending data, it's append to a buffer and, from time to time, this function is called for each client and linked buffer:

function trySend($client, &$buffer) {
    if (strlen($buffer)) {
        $len = fwrite($client, $buffer);
        $buffer = substr($buffer, $len);
    }
}

正如我所说，我的代码适用于少量数据或正常(非 TLS)连接.我搜索了这个错误并找到了 http://www.openssl.org/docs/ssl/SSL_write.html:

As I said, my code works for small ammount of data or for normal (non-TLS) connections. I've searched for this error and found http://www.openssl.org/docs/ssl/SSL_write.html:

SSL_write() 只有在写入长度为 num 的 buf 的完整内容时才会成功返回.可以使用 SSL_CTX_set_mode(3) 的 SSL_MODE_ENABLE_PARTIAL_WRITE 选项更改此默认行为.设置此标志后，SSL_write() 也将成功返回，当部分写入已成功完成时.在这种情况下，SSL_write() 操作被认为已完成.字节已发送，并且必须启动具有新缓冲区(已删除已发送字节)的新 SSL_write() 操作.部分写入以消息块的大小执行，对于 SSLv3/TLSv1 为 16kB.

SSL_write() will only return with success, when the complete contents of buf of length num has been written. This default behaviour can be changed with the SSL_MODE_ENABLE_PARTIAL_WRITE option of SSL_CTX_set_mode(3). When this flag is set, SSL_write() will also return with success, when a partial write has been successfully completed. In this case the SSL_write() operation is considered completed. The bytes are sent and a new SSL_write() operation with a new buffer (with the already sent bytes removed) must be started. A partial write is performed with the size of a message block, which is 16kB for SSLv3/TLSv1.

但是我如何在 PHP 中做到这一点?

But how can I do this in PHP?

感谢任何帮助:)

推荐答案

我发现我可以通过将传递给 fwrite() 的字符串长度限制为 8192 来解决这个问题，这可以防止 fwrite() 警告.

I have found I can get around this problem by restricting the length of the string passed to fwrite() to 8192, which prevents fwrite() warning.

因此，对于您示例中的代码，我会尝试将 substr() 调用更改为:

So for the code in your example I would try changing the substr() call to:

$buffer = substr($buffer, $len, 8192);

这篇关于在 PHP 中:OpenSSL 错误消息:错误:1409F07F:SSL 例程:SSL3_WRITE_PENDING:错误写入重试的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！