Boost的ASIO + SSL在某些情况下不工作 [英] Boost's ASIO + SSL don't work in some conditions
问题描述
有一个使用Boost的ASIO(Boost v.1.48)+ OpenSSL(v.1.0.0d)编写的客户端/服务器应用程序。完成OpenSSL(动态/静态库和二进制文件)是定制构建的,后构建测试正确传递,它链接到客户端和服务器静态。 ASIO代码在异步模式下工作。所有ASIO的SSL上下文使用
There is a client/server application written using Boost's ASIO (Boost v.1.48) + OpenSSL (v.1.0.0d). Complete OpenSSL (dynamic/static libraries and binaries) is custom built, the after-build tests are passed correctly and it links to the client and the server statically. ASIO code works in asynchronous mode. All ASIO's SSL contexts use the
boost::asio::ssl::context::sslv23
方法。
服务器:工作在Win7 Prof SP1(Comp0) 。它使用自签名私钥(PK0)和由上述定制的OpenSSL二进制文件生成的公共证书(PC0)。服务器具有无限超时。
客户端:在WinXP Prof SP3(Comp1)下工作。它使用服务器公用证书(PC0)。客户端有20秒超时。
The server: works under Win7 Prof SP1 (Comp0). It uses a self-signed private key (PK0) and a public certificate (PC0) generated by the custom built OpenSSL binaries mentioned above. The server has a infinite timeout. The client: works under WinXP Prof SP3 (Comp1). It uses the servers public certificate (PC0). The client has 20 secs timeout.
客户端成功连接到服务器,但在SSL握手方法中通过20秒超时关闭连接(boost :: asio :: ssl :: stream :: async_handshake)。 FAIL 。
The clients connects successfully to the server but closes the connection by the 20 secs timeout in the SSL's handshake method (boost::asio::ssl::stream::async_handshake). FAIL.
服务器和客户端
客户端成功地连接了握手,发送/接收数据,并且使用相同的以太网接口和相同的PK0 / PC0。并关闭连接。 SUCCESS 。
The clients successfully connects handshakes, sends/receives data and closes the connection. SUCCESS.
服务器:在Win7 Prof SP1 Comp0)。它使用由自定义构建的OpenSSL二进制文件生成的自签名私钥(PK1)和公用证书(PC1),但PK1和PC1在半年前生成。 PK0 / PC0今天生成。所有密钥由相同的OpenSSL二进制文件(v.1.0.0d)生成。
客户端:在WinXP Prof SP3(Comp1)下工作。它使用服务器公用证书(PC1)。
The server: works under Win7 Prof SP1 (Comp0). It uses a self-signed private key (PK1) and a public certificate (PC1) generated by the custom built OpenSSL binaries BUT the PK1 and PC1 are generated a half of a year ago. PK0/PC0 are generated today. All the keys are generated by the same OpenSSL binaries (v.1.0.0d). The client: works under WinXP Prof SP3 (Comp1). It uses the servers public certificate (PC1).
客户端成功连接握手,发送/接收数据并关闭连接。 SUCCESS 。
The clients successfully connects handshakes, sends/receives data and closes the connection. SUCCESS.
服务器和客户端
客户端成功地连接了握手,发送/接收数据,同时使用相同的以太网接口和相同的PK1 / PC1。并关闭连接。
The clients successfully connects handshakes, sends/receives data and closes the connection. Obviousely SUCCESS.
将OpenSSL版本更改为最新的稳定版本(v.1.0.0g)会产生相同的结果。
Changing the OpenSSL version to the latest stable release (v.1.0.0g) gives the same results.
问题是不工作的配置0.有没有人有这样的问题?有什么想法在哪里可以是问题原因吗?在哪个方向需要移动以解决问题?
The problem is not working configuration 0. Has anyone ever had such problem? Are there any ideas where can be the problem cause? In which direction is necessary to move to fix the problem?
更新#1 。使用tlsv1方法而不是sslv23编译的代码在配置0中也不起作用。
Update #1. The code compiled using the tlsv1 method instead of the sslv23 one does not work in the Configuration 0 also.
最终更新。问题是固定的。原因是Comp1的系统日期是过去的,即PK0 / PC0将来为此计算机发出,并且OpenSSL在握手过程中失败。 PC1是过去发布的Comp1和它的工作与没有问题。要诊断问题原因,我使用在客户端计算机上执行的以下命令:
Final Update. The problem is fixed. The cause is that the Comp1's system date was in the past, i.e. the PK0/PC0 are issued in future for this computer and OpenSSL fails in the handshake procedure. PC1 is issued in the past for the Comp1 and it works with it without problems. To diagnose the problem cause I used the following command executed on the client computer:
openssl s_client -connect server_ip:server_port其中server_ip是服务器地址,server_port是服务器侦听端口。现在一个任务是找到一个原因为什么握手超时而不是返回一个错误。但这是另一个故事。我希望我的帖子会帮助未来的人。
, where server_ip is the server address and server_port is the the server listening port. Now a task is to find a reason why handshake times out rather than returns an error. But it is another story. I hope my post will help someone in future.
推荐答案
问题已修复。原因是Comp1的系统日期是过去的,即PK0 / PC0将来为此计算机发出,而OpenSSL在握手过程中失败。 PC1是过去发布的Comp1和它的工作与没有问题。要诊断问题原因,我使用在客户端计算机上执行的以下命令:
The problem is fixed. The cause is that the Comp1's system date was in the past, i.e. the PK0/PC0 are issued in future for this computer and OpenSSL fails in the handshake procedure. PC1 is issued in the past for the Comp1 and it works with it without problems. To diagnose the problem cause I used the following command executed on the client computer:
openssl s_client -connect server_ip:server_port
,其中server_ip是服务器地址,server_port是服务器侦听端口。现在一个任务是找到一个原因为什么握手超时而不是返回一个错误。但这是另一个故事。我希望我的帖子将来会帮助某人。
, where server_ip is the server address and server_port is the the server listening port. Now a task is to find a reason why handshake times out rather than returns an error. But it is another story. I hope my post will help someone in future.
这篇关于Boost的ASIO + SSL在某些情况下不工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
