BIO_do_connect失败,返回负值 [英] BIO_do_connect fails, returns negative value
问题描述
我正在尝试在C中使用OpenSSL(在ubuntu 12.04上). 从此处.
I am trying and using OpenSSL in C (on ubuntu 12.04). Took an example from here.
一切顺利,直到BIO_do_connect()返回负值. 可能由于调用bio传递给BIO_do_connect(),我在调用这两个API时做错了.
Everything goes well until BIO_do_connect() which returns a negative value. Probably I did something wrong in calling these two API because bio is passed to BIO_do_connect().
在这两个函数的第二个参数中使用的格式示例将不胜感激.
An example of the format to use in the second parameters of these two functions would be appreciated.
BIO_set_conn_ip(bio, &ip);
BIO_set_conn_int_port(bio, &port);
int main(void) {
BIO * bio;
SSL * ssl;
SSL_CTX * ctx;
int p;
char ip[4];
int port = 60054;
/* considered big-endian */
ip[0] = 0b11000000;
ip[1] = 0b10100100;
ip[2] = 0b1;
ip[3] = 0b1110100;
char * request =
"request";
char r[1024];
SSL_library_init();
/* Set up the library */
ERR_load_BIO_strings();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
/* Set up the SSL context */
ctx = SSL_CTX_new(SSLv23_client_method());
/* Load the trust store */
if (!SSL_CTX_load_verify_locations(ctx, "cert.pem", NULL)) {
fprintf(stderr, "Error loading trust store\n");
ERR_print_errors_fp(stderr);
SSL_CTX_free(ctx);
return 0;
}
/* Setup the connection */
bio = BIO_new_ssl_connect(ctx);
/* Set the SSL_MODE_AUTO_RETRY flag */
BIO_get_ssl(bio, &ssl);
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
/* Create and setup the connection */
BIO_set_conn_ip(bio, &ip);
BIO_set_conn_port(bio, &port);
int ret = BIO_do_connect(bio);
if (ret <= 0) {
fprintf(stderr, "Error attempting to connect\n");
ERR_print_errors_fp(stderr);
BIO_free_all(bio);
SSL_CTX_free(ctx);
return 0;
}
/* Check the certificate */
if (SSL_get_verify_result(ssl) != X509_V_OK) {
fprintf(stderr, "Certificate verification error: %i\n",
SSL_get_verify_result(ssl));
BIO_free_all(bio);
SSL_CTX_free(ctx);
return 0;
}
/* Send the request */
BIO_write(bio, request, strlen(request));
/* Read in the response */
for (;;) {
p = BIO_read(bio, r, 1023);
if (p <= 0)
break;
r[p] = 0;
printf("%s", r);
}
/* Close the connection and free the context */
BIO_free_all(bio);
SSL_CTX_free(ctx);
return 0;
}
这是我从ERR_print_errors_fp API获得的输出stderr:
This is the output stderr that I get from ERR_print_errors_fp API:
SSL例程:SSL3_READ_BYTES:sslv3警报握手失败:s3_pkt.c:1256:SSL警报编号40
SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1256:SSL alert number 40
当我尝试启动此命令时:
and when I try and launch this command:
openssl s_client -connect [ip]:[port] -debug
我得到类似以下的内容(当然,有些东西代替了++++):
I get something like the following (of course there is something sensible instead of ++++):
+++++
------
CONNECTED(00000003)
write to 0x9494140 [0x9494418] (225 bytes => 225 (0xE1))
0000 ++++++
---
Certificate chain
0 ++++++
---
Server certificate
-----BEGIN CERTIFICATE-----
MI++++++
-----END CERTIFICATE-----
subject=/C++++++
---
No client certificate CA names sent
---
SSL handshake has read 931 bytes and written 210 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: DF77194+++
Session-ID-ctx:
Master-Key: 11D6++++
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1394815215
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
推荐答案
BIO_set_conn_ip()使用二进制格式将IP地址设置为ip,即四个字节以 big-endian 格式指定IP地址.您正在尝试以Little-endian形式编写IP.像这样更改字节顺序:
BIO_set_conn_ip() sets the IP address to ip using binary form, that is four bytes specifying the IP address in big-endian form. You are trying to write the IP in the little-endian form. Change the order of bytes like this:
ip[3] = 0b11000000;
ip[2] = 0b10100100;
ip[1] = 0b1;
ip[0] = 0b1110100;
此外,您要设置的IP是 192.164.1.116 ,如果您要使用 192.168.1.116 ,则可能会出错(请注意 168 与 164 部分).
Also, the IP you are trying to set is 192.164.1.116 which might be wrong if you were going for 192.168.1.116 (mind the 168 vs 164 part).
这篇关于BIO_do_connect失败,返回负值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
