1

我正在尝试通过创建一个创建客户端和服务器套接字以在套接字之间回显字符串的程序来使用 OpenSSL DTLS 进行测试;但是,当我尝试测试 DTLSv1_Listen() 函数时,即使我没有尝试在套接字之间连接或发送数据,我的程序似乎也会暂停。注意:我使用的是在 DTLSv1_Listen() 被重写之后发布的 1.0.2 OpenSSL。

这是我完整的 C++ winsock 特定代码:

#include <stdio.h>
#include <winsock2.h>
#include <ws2tcpip.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
//#include <openssl/applink.c>
#include <string>
#pragma comment(lib, "Ws2_32.lib")


struct DTLSStuff { //struct to contain DTLS object instances
    SSL_CTX *ctx;
    SSL *ssl;
    BIO *bio;
};

void DTLSErr() { //DTLS error reporting
    ERR_print_errors_fp(stderr);
    exit(1);
}

int newSocket(sockaddr_in addr) { //creates a socket and returns the file descriptor //TODO expand for multi-platform
    WSADATA wsaData;
    int fd;
    int iResult;

    iResult = WSAStartup(MAKEWORD(2, 2), &wsaData);                                                     //Initialize Winsock
    if (iResult != 0) { printf("WSAStartup failed: %d\n", iResult); exit(1); }

    fd = socket(AF_INET, SOCK_DGRAM, 0); if (fd < 0) { perror("Unable to create socket"); exit(1); }    //create socket
    printf("New Socket: %i\n", fd);
    if (bind(fd, (struct sockaddr *)&addr, sizeof(sockaddr)) < 0) { printf("bind failed with error %u\n", WSAGetLastError());   exit(1); }

    return fd;                                                                                          //file descriptor
}

void InitCTX(SSL_CTX *ctx, bool IsClient) { //Takes a ctx object and initializes it for DTLS communication
    if (IsClient) {
        if(SSL_CTX_use_certificate_chain_file(ctx, "client-cert.pem") < 0) { printf("Failed loading client cert");}
        if(SSL_CTX_use_PrivateKey_file(ctx, "client-key.pem", SSL_FILETYPE_PEM) < 0) { printf("Failed loading client key"); }
    }
    else {
        if (SSL_CTX_use_certificate_chain_file(ctx, "server-cert.pem") < 0) { printf("Failed loading client cert"); }
        if (SSL_CTX_use_PrivateKey_file(ctx, "server-key.pem", SSL_FILETYPE_PEM) < 0) { printf("Failed loading client key"); }
    }
    //SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_cert);    //omitted for testing
    //SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie);     //omitted for testing
    //SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie);         //omitted for testing
    SSL_CTX_set_read_ahead(ctx, 1);
}

int main() { //creates client and server sockets and DTLS objects. TODO: have client complete handshake with server socket and send a message and have the server echo it back to client socket
    BIO_ADDR *faux_addr = BIO_ADDR_new(); // for DTLSv1_listen(), since we are this is both client and server (meaning client address is known) it is only used to satisfy parameters.
    ERR_load_BIO_strings();
    SSL_load_error_strings();   
    SSL_library_init();         

    //Set up addresses
    sockaddr_in client_addr;
    client_addr.sin_family = AF_INET;
    client_addr.sin_port = htons(25501);
    client_addr.sin_addr.s_addr = INADDR_ANY;
    sockaddr_in server_addr;
    server_addr.sin_family = AF_INET;
    server_addr.sin_port = htons(25500);
    server_addr.sin_addr.s_addr = INADDR_ANY;

    //*********CLIENT
    DTLSStuff ClientInf;
    ClientInf.ctx = SSL_CTX_new(DTLSv1_client_method());
    InitCTX(ClientInf.ctx,true);
    int ClientFD = newSocket(client_addr); 
    ClientInf.bio = BIO_new_dgram(ClientFD, BIO_NOCLOSE);
    ClientInf.ssl = SSL_new(ClientInf.ctx);
    //SSL_set_options(ClientInf.ssl, SSL_OP_COOKIE_EXCHANGE); //omitted for testing
    SSL_set_bio(ClientInf.ssl, ClientInf.bio, ClientInf.bio);

    //*********SERVER
    DTLSStuff ServerInf;
    ServerInf.ctx = SSL_CTX_new(DTLSv1_server_method());
    InitCTX(ServerInf.ctx,false);
    int ServerFD = newSocket(server_addr); 
    ServerInf.bio = BIO_new_dgram(ServerFD, BIO_NOCLOSE);
    ServerInf.ssl = SSL_new(ServerInf.ctx);
    //SSL_set_options(ServerInf.ssl, SSL_OP_COOKIE_EXCHANGE); //omitted for testing
    SSL_set_bio(ServerInf.ssl, ServerInf.bio, ServerInf.bio);

    printf("Listen attempt...\n");  
    int ret = DTLSv1_listen(ServerInf.ssl, faux_addr);
    if (ret < 0) { DTLSErr(); }
    printf("this print should occur, but it never does");
    exit(1);
}

我希望结果如下:

NewSocket: 356
NewSocket: 360
Listen attempt...
this print should occur but it never does

但是,在运行程序时,它从不打印最后一行。该程序似乎做出了响应,因为我可以通过 ctrl+c 取消可执行文件,所以我假设它没有崩溃或冻结,但除此之外我不知所措。我的理解是,如果什么都没发生,该方法应该返回 0,如果听到 clienthello,则返回 >1,如果发生错误,则返回 <0。

另外,一个有点相关的问题:由于 DTLSv1_Listen() 需要 BIO_ADDR 来存储传入的请求地址,这是否意味着单独的客户端和服务器程序都需要 2 个套接字才能同时发送和监听?通常 UDP 客户端和服务器只需要一个套接字,但我似乎无法想出一个设计来使用 OpenSSL 的 DTLS 保留它。

我感谢你的时间。

4

1 回答 1

1

我在您的代码中没有看到您将套接字设置为非阻塞的任何地方。在默认阻塞模式下,当您尝试从套接字读取时,您的程序将暂停,直到数据到达。如果您不希望这样,请确保您设置了适当的选项(我不是 Windows 程序员,但 ioctlsocket 似乎可以完成这项工作:https ://msdn.microsoft.com/en-us/library/windows/桌面/ms738573(v=vs.85).aspx )

这是否意味着单独的客户端和服务器程序都需要 2 个套接字才能同时发送和侦听

使用 DTLSv1_listen() 时,您使用的套接字处于未连接状态,因此您可能会收到来自多个客户端的 UDP 数据包。DTLS 是基于连接的,因此一旦 DTLSv1_listen() 成功返回,您应该为客户端地址创建一个“已连接”套接字。因此,您有一个用于侦听新连接的套接字,并且每个客户端都有一个与您的服务器通信的套接字。

于 2017-12-06T09:34:32.480 回答