sockets - C++ SSL connect: message too long -
i'm developing application many clients should connect server application , transmit every minute string 300 bytes. client's gateway between rs232 , socket server. connection between clients , server ssl encrypted openssl. both developed in c++.
the transmission running 24/7 it's not critical if data lost.
first tried tcp connection, got trouble it, because connection break times. decided connect , disconnect every minute, when send informations (maybe later cache data , send not every minute). because of thought better use udp connection dtls.
but have 2 problems udp connection.
ca every 10th string has 1 missing character. it's not critical, isn't maybe fault in code ?
if use "ssl_ctx_load_verify_locations" verify client, got error: "ssl connect: message long". think should typically messages on 64k? on connect don't send data? how can happen while connecting ?
you think udp right protocol me? or should rather use tcp?
here details code:
server:
server_addr.s4.sin_family = af_inet; server_addr.s4.sin_addr.s_addr = inaddr_any; server_addr.s4.sin_port = htons(port); thread_setup(); openssl_add_ssl_algorithms(); ssl_load_error_strings(); ctx = ssl_ctx_new(dtlsv1_server_method()); ssl_ctx_set_cipher_list(ctx, "all:null:enull:anull"); ssl_ctx_set_session_cache_mode(ctx, ssl_sess_cache_off); if (!ssl_ctx_use_certificate_file(ctx, servercert, ssl_filetype_pem)) printf("\nerror: no certificate found!"); if (!ssl_ctx_use_privatekey_file(ctx, serverkey, ssl_filetype_pem)) printf("\nerror: no private key found!"); if (!ssl_ctx_check_private_key (ctx)) printf("\nerror: invalid private key!"); if(!ssl_ctx_load_verify_locations(ctx, cacert, null)) cout << "\nerror: no ca-cert found!\n"; ssl_ctx_set_verify(ctx, ssl_verify_peer | ssl_verify_client_once | ssl_verify_fail_if_no_peer_cert, dtls_verify_callback); ssl_ctx_set_read_ahead(ctx, 1); ssl_ctx_set_cookie_generate_cb(ctx, generate_cookie); ssl_ctx_set_cookie_verify_cb(ctx, verify_cookie); fd = socket(server_addr.ss.ss_family, sock_dgram, 0); if (fd < 0) { perror("socket"); exit(-1); } setsockopt(fd, sol_socket, so_reuseaddr, (const void*) &on, (socklen_t) sizeof(on)); bind(fd, (const struct sockaddr *) &server_addr, sizeof(struct sockaddr_in)); while (1) { memset(&client_addr, 0, sizeof(struct sockaddr_storage)); bio = bio_new_dgram(fd, bio_noclose); timeout.tv_sec = 5; timeout.tv_usec = 0; bio_ctrl(bio, bio_ctrl_dgram_set_recv_timeout, 0, &timeout); ssl = ssl_new(ctx); ssl_set_bio(ssl, bio, bio); ssl_set_options(ssl, ssl_op_cookie_exchange); while (dtlsv1_listen(ssl, &client_addr) <= 0); info = (struct pass_info*) malloc (sizeof(struct pass_info)); memcpy(&info->server_addr, &server_addr, sizeof(struct sockaddr_storage)); memcpy(&info->client_addr, &client_addr, sizeof(struct sockaddr_storage)); info->ssl = ssl; if (pthread_create( &tid, null, connection_handle, info) != 0) { perror("pthread_create"); exit(-1); } } thread_cleanup(); } client:
openssl_add_ssl_algorithms(); ssl_load_error_strings(); ctx = ssl_ctx_new(dtlsv1_client_method()); ssl_ctx_set_cipher_list(ctx, "enull:!md5"); if (!ssl_ctx_use_certificate_file(ctx, clientcert, ssl_filetype_pem)) printf("\nerror: no certificate found!"); if (!ssl_ctx_use_privatekey_file(ctx, clientkey, ssl_filetype_pem)) printf("\nerror: no private key found!"); if (!ssl_ctx_check_private_key (ctx)) printf("\nerror: invalid private key!"); if(!ssl_ctx_load_verify_locations(ctx,cacert,null)) cout << "\nerror: cannot load ca cert file verification!\n"; ssl_ctx_set_verify(ctx,ssl_verify_peer,null); ssl_ctx_set_read_ahead(ctx, 1); ssl = ssl_new(ctx); bio = bio_new_dgram(fd, bio_close); connect(fd, (struct sockaddr *) &remote_addr, sizeof(struct sockaddr_in)); bio_ctrl(bio, bio_ctrl_dgram_set_connected, 0, &remote_addr.ss); ssl_set_bio(ssl, bio, bio); if (ssl_connect(ssl) < 0) { perror("ssl_connect"); printf("%s\n", err_error_string(err_get_error(), buf)); exit(-1); } timeout.tv_sec = 3; timeout.tv_usec = 0; bio_ctrl(bio, bio_ctrl_dgram_set_recv_timeout, 0, &timeout);
Comments
Post a Comment