【发布时间】:2023-03-27 22:46:01
【问题描述】:
此示例应用通过 TLS 安全套接字创建客户端-服务器连接并通过它发送一些数据:
static void Main(string[] args)
{
try
{
var listenerThread = new Thread(ListenerThreadEntry);
listenerThread.Start();
Thread.Sleep(TimeSpan.FromSeconds(1));
var socket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.IP);
socket.Connect("localhost", Port);
var rawStream = new NetworkStream(socket);
using (var sslStream = new SslStream(rawStream, false, VerifyServerCertificate))
{
var certificate = new X509Certificate(CertsPath + @"test.cer");
var certificates = new X509CertificateCollection(new[] { certificate });
sslStream.AuthenticateAsClient("localhost", certificates, SslProtocols.Tls, false);
using (var writer = new StreamWriter(sslStream))
{
writer.WriteLine("TEST");
writer.Flush();
Thread.Sleep(TimeSpan.FromSeconds(10));
}
}
socket.Shutdown(SocketShutdown.Both);
socket.Disconnect(false);
Console.WriteLine("Success! Well, not really.");
}
catch (Exception exc)
{
Console.WriteLine(exc);
}
}
private static bool VerifyServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
return true;
}
static void ListenerThreadEntry()
{
try
{
var listener = new TcpListener(IPAddress.Any, Port);
listener.Start();
var client = listener.AcceptTcpClient();
var serverCertificate = new X509Certificate2(CertsPath + @"\test.pfx");
var sslStream = new SslStream(client.GetStream(), false);
sslStream.AuthenticateAsServer(serverCertificate, false, SslProtocols.Tls, false);
client.Close(); // terminate the connection
using (var reader = new StreamReader(sslStream))
{
var line = reader.ReadLine();
Console.WriteLine("> " + line);
}
}
catch (Exception exc)
{
Console.WriteLine(exc);
}
}
诀窍是在握手后立即从服务器端终止连接。问题是客户端对此一无所知。我希望客户端在尝试通过关闭的连接发送数据时引发异常,但事实并非如此。
所以,问题是:当连接中断并且数据没有真正到达服务器时,我如何检测这种情况?
【问题讨论】:
-
它看起来客户端从不关闭套接字。这是不正确的;关闭前可能不会报告错误。
-
@Kevin,这只是一个复制应用程序。真正的应用程序会长时间保持连接打开。显然,客户端在发送了许多消息后引发了异常;问题是它发生在真正断开连接之后的某个未知时间,所以我不知道哪些消息发送到服务器,哪些没有发送。
-
哦。好吧,you can't know 到底是哪条消息成功了。
-
@Kevin,TCP/IP 应该保证成功交付,不是吗?
-
当然,但这不是魔术。它运行在一个不可靠的网络之上,无法区分“在我的消息到达之前连接断开”和“在我的消息之后但在对方能够发送确认之前连接断开”之间的区别。另外,TCP 超时时间比较长,你还有Nagle's algorithm 需要应对。