如何解决SSL上使用nanopb的客户端服务器
我正在尝试使用protobuf有效负载为客户端-服务器通信的传输层安全性实现SSL。我看了nanopb的network_server示例,还看了opensl / wolfssl C示例客户端(例如https://aticleworld.com/ssl-server-client-using-openssl-in-c/和https://www.wolfssl.com/docs/quickstart/)。但是,SSL库提供了诸如SSL_set_fd_ctx,SSL_connect,SSL_read,SSL_write之类的功能,供套接字客户端代码中使用。如何将SSL库与nanopb network_server示例集成在一起,该示例使用诸如pb_encode_delimited和pb_decode_delimited之类的函数进行发送和接收?任何帮助表示赞赏。
解决方法
SSL_write
和SSL_read
是用于通过SSL传输数据的功能。在network_server
示例中,examples/network_server/common.c中使用了libc send()
和recv()
。
您可以替换那里的功能,以使nanopb直接写入SSL管道。另外,您始终可以从内存缓冲区进行编码和解码(例如在examples/simple/simple.c中),然后分别发送和接收该内存缓冲区。
,wolfSSL支持自定义输入/输出(I / O),并允许用户插入自己的回调以进行发送和接收。
这意味着wolfSSL与基础传输层无关。默认情况下,wolfSSL假定使用BSD套接字和TCP / IP堆栈,但是用户可以简单地编写自己的发送和接收函数,并在设置过程中对其进行注册,以删除TCP / IP或BSD套接字的默认依赖项。
下面,我提供了一些有关如何设置自定义发送和接收的基本文档,并且还提供了一个示例的链接,其中我们在同一台PC上使用两个文件在客户端和服务器之间交换TLS数据包。使用文件系统作为传输层(没有套接字,端口,TCP / IP等!)
int myReceive(WOLFSSL *ssl,char *buf,int sz,void *ctx)
{
// ssl = the current SSL object,cast to void if unused
// buf = the buffer to receive the message,always used
// sz = the size in bytes to receive,always used
// ctx = a custom user context,can be anything,a structure,char buf,variable,cast to the correct type and use as needed,cast to void if unused.
// RULE1: Only return the amount received.
// RULE2: In the case of a failed receive return one of the following errors as appropriate,returning 0 will
// trigger an automatic re-receive attempt without returning control to the calling application.
// WOLFSSL_CBIO_ERR_GENERAL = -1,/* general unexpected err */
// WOLFSSL_CBIO_ERR_WANT_READ = -2,/* need to call read again */
// WOLFSSL_CBIO_ERR_WANT_WRITE = -2,/* need to call write again */
// WOLFSSL_CBIO_ERR_CONN_RST = -3,/* connection reset */
// WOLFSSL_CBIO_ERR_ISR = -4,/* interrupt */
// WOLFSSL_CBIO_ERR_CONN_CLOSE = -5,/* connection closed or epipe */
// WOLFSSL_CBIO_ERR_TIMEOUT = -6 /* socket timeout */
// RULE3: In the case of a partial receive,only return the amount read,call wolfSSL_read again
// with the exact same parameters (including sz),the state machine will internally keep
// track of received vs remainder and will handle the remainder appropriately.
}
int mySend(WOLFSSL *ssl,cast to void if unused
// buf = the message to send,always used
// sz = the size in bytes to send,cast to void if unused.
// RULE1: Only return the amount sent.
// RULE2: In the case of a failed send return one of the following errors as appropriate,returning 0 will
// trigger an automatic re-send attempt without returning control to the calling application.
// WOLFSSL_CBIO_ERR_GENERAL = -1,/* connection closed or epipe */
// WOLFSSL_CBIO_ERR_TIMEOUT = -6 /* socket timeout */
// RULE3: In the case of a partial send,only return the amount written,call wolfSSL_write again
// with the exact same parameters (including sz),the state machine will internally keep
// track of send vs remainder and will handle the remainder appropriately.
}
// Register your callbacks in place of the defaults:
wolfSSL_CTX_SetIORecv(ctx,mySend);
wolfSSL_CTX_SetIOSend(ctx,myReceive);
https://github.com/wolfSSL/wolfssl-examples/tree/master/custom-io-callbacks
我包含此链接的原因是,您可以在https://github.com/wolfSSL/wolfssl-examples/blob/master/custom-io-callbacks/file-client/file-client.c#L73-L119签出客户端的自定义I / O回调,并了解如何简单地替换使用文件系统的read()和write()调用而是使用您的pb_encode_delimited()和pb_decode_delimited()。
如果您有关于如何使用wolfSSL设置自定义I / O的后续问题,或者正在努力通过nanopb实施该问题,请随时发送电子邮件至wolfSSL支持团队:
“在wolfssl [点] com上提供支持”
谢谢!
- KH
jpa的意见之后,在common.c中添加了ssl读写回调。
static bool ssl_write_callback(pb_ostream_t *stream,const uint8_t *buf,size_t count)
{
WOLFSSL * sslfd = (WOLFSSL *) stream->state;
int ret = wolfSSL_write(sslfd,buf,count);
return (ret == count) ; // true if success or false
}
pb_ostream_t pb_ostream_from_ssl_socket(WOLFSSL * ssl)
{
pb_ostream_t stream = {&ssl_write_callback,(void *) (WOLFSSL *)ssl,SIZE_MAX,0};
return stream;
}
从客户端主体
//initialize WOLFSSL and associate socket fd
pb_ostream_t output = pb_ostream_from_ssl_socket(ssl); // WOLFSSL * ssl;
正在工作。感谢所有提供帮助的人
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。