Google Chrome POST会打破此SSL_read。任何人都有代码可以工作？ [英] A Google Chrome POST breaks this SSL_read. Anyone have code that works?

问题描述

我需要一个最小 SSL服务器，并提出以下说明：

  confirm（WSAStartup （MakeWord（1,1），WData）= 0）; 
 SSL_library_init; 
 SSL_load_error_strings; 
 ctx：= SSL_CTX_new（SSLv23_server_method）; 
 confirm（ctx 确认（SSL_CTX_use_certificate_chain_file（ctx，'cert.pem'）> 0）; 
确认（SSL_CTX_use_PrivateKey_file（ctx，'key.pem'，SSL_FILETYPE_PEM）> 0）; 
确认（SSL_CTX_check_private_key（ctx））; 
 SSL_CTX_set_mode（ctx，SSL_MODE_AUTO_RETRY）; 
 listen_socket：= socket（PF_INET，SOCK_STREAM，IPPROTO_TCP）; 
 confirm（listen_socket<> 0）; 
 sa_serv.sin_family：= AF_INET; 
 sa_serv.sin_port：= htons（DEFAULTPORT）; 
 sa_serv.sin_addr.s_addr：= INADDR_ANY; 
 confirm（bind（listen_socket，sa_serv，SizeOf（sa_serv））= 0）; 
 while TRUE do 
 begin 
如果listen（listen_socket，100）<> 0然后继续; 
 client_len：= SizeOf（sa_cli）; 
 sock：= accept（listen_socket，@sa_cli，@client_len）; 
如果sock = INVALID_SOCKET，则继续; 
 ssl：= SSL_new（ctx）; 
如果ssl = nil则继续; 
 SSL_set_fd（ssl，sock）; 
如果SSL_accept（ssl）= 1，那么
 begin 
 bytesin：= SSL_read（ssl，buffer，sizeof（buffer）-1）; 
如果bytesin> 0 then 
 begin 
 buffer [bytesin]：=＃0; 
 response：= getresponse（buffer）; 
 SSL_write（ssl，pchar（response）^，length（response））; 
结束
结束
 SSL_set_shutdown（ssl，SSL_SENT_SHUTDOWN或SSL_RECEIVED_SHUTDOWN）; 
 CloseSocket（sock）; 
 SSL_free（ssl）; 
结束
  

单个SSL_read将从Firefox获取整个GET或POST请求
，一切正常大。另一方面，Chrome GET将导致
最初几个SSL_read调用返回零字节，但最终
a SSL_read将获取整个GET请求，代码仍然可用。

但是，当Chrome发送POST时，前几个SSL_read调用
获取零字节，而下一个SSL_read将仅抓住只有HEADERS 。
getresponse（）例程不能理解POST，因为
需要一个SSL_read来抓取POST内容。

SSL_MODE_AUTO_RETRY为设置，希望SSL_read然后不会
返回，直到整个请求完成，
但是不起作用。 SSL_pending总是返回0，每个SSL_read之前或之后
，所以这也没有帮助。

As 这个问题的答案说，非阻塞SSL似乎涉及很多折磨和胃灼热。我在一个单独的线程中玩SSL_reads，并在挂起的时候超时后杀死线程，但这似乎是危险的，因为当线程被杀死时，SSL是什么状态（或如何重置它）是未知的。有没有人有类似于上述的
的最小循环的代码，但是不能挂在Chrome POST或SSL_read上，这很简单，而且足够的香草
轻松转换为Delphi 6？

解决方案

我修改了OpenSSL s_server.c ，它现在做的是把戏，并将其作为回答问题7080958 。

I need a minimal SSL server and came up with the following:

confirm(WSAStartup(MakeWord(1,1), WData) = 0);
SSL_library_init;
SSL_load_error_strings;
ctx := SSL_CTX_new(SSLv23_server_method);
confirm(ctx <> nil);
confirm(SSL_CTX_use_certificate_chain_file(ctx, 'cert.pem') > 0);
confirm(SSL_CTX_use_PrivateKey_file(ctx, 'key.pem', SSL_FILETYPE_PEM) > 0);
confirm(SSL_CTX_check_private_key(ctx));
SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
listen_socket := socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
confirm(listen_socket <> 0);
sa_serv.sin_family := AF_INET;
sa_serv.sin_port := htons(DEFAULTPORT);
sa_serv.sin_addr.s_addr := INADDR_ANY;
confirm(bind(listen_socket, sa_serv, SizeOf(sa_serv)) = 0);
while TRUE do
  begin
  if listen(listen_socket, 100) <> 0 then continue;
  client_len := SizeOf(sa_cli);
  sock := accept(listen_socket, @sa_cli, @client_len);
  if sock = INVALID_SOCKET then continue;
  ssl := SSL_new(ctx);
  if ssl = nil then continue;
  SSL_set_fd(ssl, sock);
  if SSL_accept(ssl) = 1 then
    begin
    bytesin := SSL_read(ssl, buffer, sizeof(buffer)-1);
    if bytesin > 0 then
      begin
      buffer[bytesin] := #0;
      response := getresponse(buffer);
      SSL_write(ssl, pchar(response)^, length(response));
      end;
    end;
  SSL_set_shutdown(ssl, SSL_SENT_SHUTDOWN or SSL_RECEIVED_SHUTDOWN);
  CloseSocket(sock);
  SSL_free(ssl);
  end;

The single SSL_read will grab an entire GET or POST request from Firefox, and everything works great. On the other hand, a Chrome GET will cause the first few SSL_read calls to return zero bytes, but eventually a SSL_read will grab the entire GET request and the code still works.

But when Chrome sends a POST, the first few SSL_read calls fetch zero bytes, and the next SSL_read will grab ONLY THE HEADERS. The getresponse() routine can't make sense of the POST because one more SSL_read is necessary to grab the POST content.

SSL_MODE_AUTO_RETRY was set, hoping SSL_read would then not return until an entire request was done, but that doesn't work. SSL_pending always returns zero, before or after every SSL_read, so that's no help either.

As this question's answer says, non-blocking SSL appears to involve lots of torture and heartburn. I've played with doing SSL_reads in a separate thread and killing the thread after timing out on a hung read, but that seems dangerous since it's unknown what state SSL is in (or how to reset it) as the thread is killed.

Does anyone have code for a minimal loop similar to the above, but that won't hang on a Chrome POST or SSL_read, that's simple and vanilla enough to easily convert to Delphi 6?

解决方案

I modified OpenSSL s_server.c, which now does the trick, and posted it as the answer to Question 7080958.

这篇关于Google Chrome POST会打破此SSL_read。任何人都有代码可以工作？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！