GnuWin32 openssl s_client conn 到 WebSphere MQ 服务器未在 EOF 关闭，挂起 [英] GnuWin32 openssl s_client conn to WebSphere MQ server not closing at EOF, hangs

问题描述

我正在尝试使用 OpenSSL 的 GnuWin32 版本从多个 WebSphere MQ 队列管理器获取证书.所有尝试都会导致 OpenSSL 保持连接打开，直到我手动按 ENTER.

I am trying to use the GnuWin32 version of OpenSSL to fetch certificates from several WebSphere MQ queue managers. All attempts result in OpenSSL keeping the connection open until I manually hit ENTER.

我尝试将各种文本输入到命令 按照这个 SO 问题和这个SO问题，但没有运气.

I tried piping various text into the command as per this SO question and this SO question, but with no luck.

理想情况下，一旦输入文件或管道文本到达 EOF，OpenSSL 将关闭连接.

Ideally, OpenSSL would close the connection once the input file or piped text hit EOF.

示例:

echo QUIT | openssl s_client -connect qmgrhost:1414 -showcerts 

openssl s_client -connect qmgrhost:1414 -showcerts < responsefile.txt

使用 QUIT 命令的示例似乎适用于另一个 SO 问题，因为它们正在访问 HTTP 服务器.由于在我的情况下这是 WMQ，因此连接握手是不同的，发送 QUIT(或我尝试过的任何其他内容)并不能关闭连接.我可能会向它提供一个巨大的文件，直到 QMgr 窒息并终止连接，但我正在尝试对服务器尽可能礼貌.当前从键盘提供 ENTER 的方法会导致每个连接上的 FDC 转储原样，引发各种警报并使 Tivoli 人员生我的气.

The examples using the QUIT command appear to work in the other SO question because they are hitting an HTTP server. Since this is WMQ in my case, the connection handshake is different and sending QUIT (or anything else I've tried) doesn't get it to close the connection. I could probably feed it a giant file until the QMgr choked and killed the connection but I'm trying to be as polite as possible to the server. The current method of supplying an ENTER from the keyboard is causing FDC dumps on each connection as it is, setting off all kinds of alarms and making the Tivoli guys mad at me.

所以最好的情况是 QMgr 将字符串或十六进制值解释为优雅的拒绝并关闭连接.第二个最好的情况是任何允许编写脚本的方法，我们将接受 FDC 文件作为自动化此功能的成本.

So best case would be a string or hex value the QMgr interprets as a graceful rejection and closes the connection. Second best case is any method that allows this to be scripted and we'll accept the FDC files as a cost of automating this function.

更新:2013 年 5 月 31 日
从那以后，我搬到了 AIX，在那里它可以完美地工作.s_client 在脚本中运行时建立连接后立即挂断，并将换行符输送到其中.但是，我仍然希望有一个适用于 Windows 的解决方案.有谁知道 Cygwin 版本是否有效或有同样的问题?是 Windows 信号/POSIX 问题吗?代码错误?

UPDATE: 31 May 2013
I've since moved to AIX where this works perfectly. The s_client hangs up immediately after making the connection when run in a script and piping a newline into it. However, I'd still like to have a solution for Windows. Does anyone know if the Cygwin version works or has the same problem? Is it Windows signalling/POSIX issue? Code bug?

推荐答案

看来这个问题与 Batch 文件和 openssl.exe 程序之间的同步问题有关.我需要您的合作才能进行一些测试并报告结果.下面是第一个测试的 Batch-JScript 混合脚本.JScript 部分有两个部分；第一个 WScript.Stdout.WriteLine("QUIT"); 完全等同于 echo QUIT 批处理命令.第二部分(有两行)类似，但它使用QUIT"和 Enter 键加载键盘缓冲区，而不是通过 STDOUT 发送字符串.

It seems that this problem is related to a synchronization issue between the Batch file and the openssl.exe program. I need your collaboration in order to do some tests and report the result. Below is a Batch-JScript hybrid script for the first test. The JScript section have two parts; the first one WScript.Stdout.WriteLine("QUIT"); is entirely equivalent to echo QUIT Batch command. The second part (with two lines) is similar, but it load the keyboard buffer with "QUIT" and an Enter key instead of send the string via STDOUT.

我需要您对 JScript 代码的两部分进行测试并报告结果(双斜线 // 将行的其余部分标记为注释).如果幸运的话，openssl.exe 程序会以Sendkeys 方法结束；如果没有，请尝试通过 STDOUT 发送QUIT"字符串，并使用 Sendkeys 键入 Enter 键.如果 openssl.exe 程序在返回所需信息之前终止，那么问题几乎解决了，因为在这种情况下，我们可以同步 Enter 键的发送，直到从 接收到所需信息openssl.exe.

I need you to make a test with both sections of the JScript code and report the result (the double-slash // mark the rest of the line as comment). If we are lucky, the openssl.exe program will end with the Sendkeys method; if not, try to send a "QUIT" string via STDOUT and type just an Enter key with Sendkeys. If the openssl.exe program terminate before returning the desired information then the problem is almost solved, because in this case we can synchronize the sending of the Enter key until the desired information had been received from openssl.exe.

将以下内容另存为 .bat 文件.尝试一下，然后注释掉 Wscript 行，取消注释 WshShell 行，然后再试一次.

Save the following as a .bat file. Try it, then comment out the Wscript line, uncomment the WshShell lines, and then try it again.

@if (@CodeSection == @Batch) @then

:: The first line above is...
:: in Batch: a valid IF command that does nothing.
:: in JScript: a conditional compilation IF statemente that is false,
::             so this section is omitted until next "at-sign end".

@echo off
CScript //nologo //E:JScript "%~F0" | openssl s_client -connect qmgrhost:1414 -showcerts 
goto :EOF


@end


// JScript section

WScript.Stdout.WriteLine("QUIT");

// var WshShell = WScript.CreateObject("WScript.Shell");
// WshShell.SendKeys("QUIT{ENTER}");

您也可以尝试使用 String.fromCharCode(26) 在 WriteLine 或 Sendkeys 中生成 Ctrl-Z (EOF) 字符> 方法；例如:

You may also try with String.fromCharCode(26) to generate a Ctrl-Z (EOF) character, both in WriteLine or Sendkeys methods; for example:

WshShell.SendKeys("QUIT{ENTER}" + String.fromCharCode(26));

这篇关于GnuWin32 openssl s_client conn 到 WebSphere MQ 服务器未在 EOF 关闭，挂起的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！