SIGPIPE,一个简单的 OpenSSL Web 服务器中的断管

【问题标题】:SIGPIPE, Broken Pipe in a simple OpenSSL web serverSIGPIPE,一个简单的 OpenSSL Web 服务器中的断管
【发布时间】:2012-08-27 21:48:46
【问题描述】:

我正在尝试编写一个使用 OpenSSL 的简单 Web 服务器。我不断收到“断管”错误。即使我处理了错误,似乎套接字也永远不会打开写入。

我做错了什么?

这是我的代码:

/*
 * I created tempory certificates like this:
 *
 * openssl req -newkey rsa:1024 -x509 -keyout key.pem -out root.pem
 *
 * I compile like this:
 *
 * gcc -g -o webssl webssl.c -lssl -lcrypto
 *
 * I get this error:
 *
 * Program received signal SIGPIPE, Broken pipe.
 */

#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <fcntl.h>

#include "openssl/bio.h"
#include "openssl/ssl.h"
#include "openssl/err.h"

const char *password = "jake";
const char *KEY_FILE = "key.pem";
const char *CA_LIST = "root.pem";

const char *response = "HTTP/1.0 200 OK\r\nServer : webssl\r\n\r\n<html><head><title>Hello World!</title></head><body><h1>Hello world!</h1></body></html>";

void sigpipe_handle(int x)
{
    printf("broken pipe\n");
}


int password_cb(char *buf, int num, int rwflag, void *userdata)
{
    if(num<strlen(password)+1)
        return 0;
    strcpy(buf, password);
    return strlen(password);
}

int main(int argc, char *argv[])
{
    SSL *ssl = NULL;
    SSL_CTX *ctx = NULL;

    int listenfd, clientfd;
    struct sockaddr_in clientaddr;
    socklen_t addrlen;
    char *port = "8080";

    struct addrinfo hints, *res;

    char buffer[5000];

    SSL_library_init();

    /* Set up a SIGPIPE handler */
    signal(SIGPIPE,sigpipe_handle);

    ctx = SSL_CTX_new(SSLv23_server_method());
    SSL_CTX_use_certificate_chain_file(ctx, KEY_FILE);
    SSL_CTX_set_default_passwd_cb(ctx, password_cb);
    SSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM);
    SSL_CTX_load_verify_locations(ctx, CA_LIST, 0);

    memset(&hints, 0, sizeof(hints));
    hints.ai_family = AF_INET;
    hints.ai_socktype = SOCK_STREAM;
    hints.ai_flags = AI_PASSIVE;

    getaddrinfo(NULL, port, &hints, &res);
    listenfd = socket(res->ai_family, res->ai_socktype, 0);
    bind(listenfd, res->ai_addr, res->ai_addrlen);
    freeaddrinfo(res);

    listen(listenfd, 15);

    while (1) {
        addrlen = sizeof(clientaddr);
        clientfd = accept(listenfd, (struct sockaddr *)&clientaddr, &addrlen);

        ssl = SSL_new(ctx);
        SSL_set_fd(ssl, clientfd);
        SSL_accept(ssl);

        SSL_read(ssl, buffer, 5000);

        SSL_write(ssl, response, strlen(response));

        SSL_free(ssl);
        close(clientfd);
    }

    return 0;
}

【问题讨论】:

  • SIGPIPE 当您send(2) 进入另一端已关闭的套接字时引发。传递MSG_NOSIGNAL 标志以抑制信号。

标签: c https openssl


【解决方案1】:

你可以试试signal(SIGPIPE, SIG_IGN)。这应该使发送返回 EPIPE 错误。否则,您可以按照Kerrek SB 在发送 MSG_NOSIGNAL 标志到发送调用的评论中的建议。

【讨论】:

    【解决方案2】:

    SIGPIPE, Broken Pipe in a simple OpenSSL web server

    我认为我生成的证书有误。我需要使用我这样制作的 server.pem:

    openssl req -newkey rsa:1024 -x509 -keyout key.pem -out root.pem
cat key.pem root.pem > server.pem

    我仍然不太确定问题出在哪里,但这段代码有效:

    /*
 * Created my new server.pem like this:
 *
 * openssl req -newkey rsa:1024 -x509 -keyout key.pem -out root.pem
 * cat key.pem root.pem > server.pem
 *
 * Compiled like this:
 * gcc -o webssl webssl.c -lssl -lcrypto
 *
 */
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <netdb.h>
#include <fcntl.h>
#include <signal.h>
#include <unistd.h>
#include <string.h>
#include <openssl/ssl.h>

const int PORT = 3000;
const char *CA_LIST = "root.pem";
const char *KEY_FILE = "server.pem";
const char *PASSWORD = "jake";

const char *message = "HTTP/1.0 200 OK\r\nServer: webssl\r\n\r\n<html><head><title>Hi</title></head><body><h1>Hello World!</h1></body></html>";

static int password_cb(char *buf, int num, int rwflag, void *userdata)
{
    if(num<strlen(PASSWORD)+1)
    return(0);

    strcpy(buf,PASSWORD);
    return(strlen(PASSWORD));
}

static void sigpipe_handle(int x) {}

int main(int argc, char *argv[])
{
    struct sockaddr_in sin;
    int sock, s;
    SSL_CTX *ctx = NULL;
    SSL *ssl = NULL;
    char buffer[5000];

    BIO *sbio = NULL;
    BIO *io = NULL;
    BIO *ssl_bio = NULL; 

    SSL_library_init();

    signal(SIGPIPE, sigpipe_handle);

    ctx = SSL_CTX_new(SSLv23_method());
    SSL_CTX_use_certificate_chain_file(ctx, KEY_FILE);
    SSL_CTX_set_default_passwd_cb(ctx, password_cb);
    SSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM);
    SSL_CTX_load_verify_locations(ctx, CA_LIST, 0);

    sock = socket(AF_INET, SOCK_STREAM, 0);
    memset(&sin, 0, sizeof(sin));
    sin.sin_addr.s_addr = INADDR_ANY;
    sin.sin_family = AF_INET;
    sin.sin_port = htons(PORT);

    bind(sock, (struct sockaddr *)&sin, sizeof(sin));
    listen(sock, 5);

    while (1) {
        memset(buffer, 0, 5000);

        s = accept(sock, 0, 0);

        sbio=BIO_new_socket(s,BIO_NOCLOSE);
        ssl = SSL_new(ctx);
        SSL_set_bio(ssl,sbio,sbio);


        SSL_accept(ssl);

        io=BIO_new(BIO_f_buffer());
        ssl_bio=BIO_new(BIO_f_ssl());
        BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE);
        BIO_push(io,ssl_bio);


        BIO_gets(io, buffer, 5000);

        BIO_puts(io, message);
        BIO_flush(io);

        SSL_shutdown(ssl);
        SSL_free(ssl);
        close(s);
    }

    return 0;
}

    【讨论】:

      猜你喜欢
      • 2011-10-13
      • 2011-03-15
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2023-04-11
      • 2011-03-26
      • 2010-09-16
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode