我有一个异步 winsock 实现(服务器和客户端),我想将 Openssl 添加到以实现安全连接。例如,服务器将处理这些消息:
FD_ACCEPT、FD_READ、FD_WRITE 和 FD_CLOSE
我发现一篇文章提出了一种将 Openssl 添加到异步程序的方法
http://funcptr.net/2012/04/08/openssl-as-a-filter-%28or-non-blocking-openssl%29/
其代码如下所示:
class SSLFilter {
public:
SSLFilter(SSL_CTX* ctxt,
std::string* nread,
std::string* nwrite,
std::string* aread,
std::string* awrite);
virtual ~SSLFilter();
void update();
private:
bool continue_ssl_(int function_return);
SSL * ssl;
BIO * rbio;
BIO * wbio;
std::string* nread;
std::string* nwrite;
std::string* aread;
std::string* awrite;
};
SSLFilter::SSLFilter(SSL_CTX* ctxt,
std::string* nread,
std::string* nwrite,
std::string* aread,
std::string* awrite)
:
nread(nread),
nwrite(nwrite),
aread(aread),
awrite(awrite)
rbio = BIO_new(BIO_s_mem());
wbio = BIO_new(BIO_s_mem());
ssl = SSL_new(ctxt);
SSL_set_accept_state(ssl);
SSL_set_bio(ssl, rbio, wbio);
}
SSLFilter::~SSLFilter() {
SSL_free(_ssl);
}
void SSLFilter::update(Filter::FilterDirection) {
// If we have data from the network to process, put it the memory BIO for OpenSSL
if (!nread->empty()) {
int written = BIO_write(rbio, nread->c_str(), nread->length());
if (written > 0) nread->erase(0, written);
}
// If the application wants to write data out to the network, process it with SSL_write
if (!awrite->empty()) {
int written = SSL_write(ssl, awrite->c_str(), awrite->length());
if (!continue_ssl_()) {
throw std::runtime_error("An SSL error occured.");
}
if (written > 0) awrite->erase(0, written);
}
// Read data for the application from the encrypted connection and place it in the string for the app to read
while (1) {
char *readto = new char[1024];
int read = SSL_read(ssl, readto, 1024);
if (!continue_ssl_()) {
delete readto;
throw std::runtime_error("An SSL error occured.");
}
if (read > 0) {
size_t cur_size = aread->length();
aread->resize(cur_size + read);
std::copy(readto, readto + read, aread->begin() + cur_size);
}
delete readto;
if (static_cast<size_t>(read) != 1024 || written == 0) break;
}
// Read any data to be written to the network from the memory BIO and copy it to nwrite
while (1) {
char *readto = new char[1024];
int read = BIO_read(wbio, readto, 1024);
if (read > 0) {
size_t cur_size = nwrite->length();
nwrite->resize(cur_size + read);
std::copy(readto, readto + read, nwrite->begin() + cur_size);
}
delete readto;
if (static_cast<size_t>(read) != 1024 || read == 0) break;
}
}
bool SSLFilter::continue_ssl_(int function_return) {
int err = SSL_get_error(ssl, function_return);
if (err == SSL_ERROR_NONE || err == SSL_ERROR_WANT_READ) {
return true;
}
if (err == SSL_ERROR_SYSCALL) {
ERR_print_errors_fp(stderr);
perror("syscall error: ");
return false;
}
if (err == SSL_ERROR_SSL) {
ERR_print_errors_fp(stderr);
return false;
}
return true;
}
以下是使用此过滤器的步骤:
在程序启动时根据需要设置 SSL_CTX 结构,以便在 SSLFilter 中使用它。设置套接字/事件循环并接受()新套接字。创建四个新的 std::string 并创建一个新的 SSLFilter,传入您创建的 SSL_CTX 和四个缓冲区。将新套接字添加到事件循环以等待读取。
现在,从事件循环接收到读取就绪状态后,应执行以下操作:
将数据读入 nread 缓冲区。调用 SSLFilter::update() 查看 aread 是否不为空,随意处理数据 根据需要写入数据到 awrite,如果数据写入 awrite,调用 SSLFilter::update(WRITE) 处理数据 查看 nwrite 是否为不为空,如果是这样,则将套接字添加到事件循环以准备写入。
从事件循环接收到写入就绪状态后,您应该执行以下操作:
将 nwrite 中的数据写入套接字。如果 nwrite 为空,则从事件循环中删除套接字以进行写入(这样您就没有事件循环通知您可以写入,即使您没有要写入的内容)。
我的问题是: * 我可以将此方法与 async winsock 一起使用吗?还是我应该考虑另一种实现?* 是否需要进行任何更改?* 我如何处理 WOULDBLOCKS?
谢谢你的想法。