[問題] 請問一個micro_httpd + openssl的問題

看板NetSecurity (資安資訊安全)作者Dreamall (失眠的寒流夜)時間20年前 (2005/07/13 18:39)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

我把openssl加進micro_httpd， httpd run起來以後，當我用https去連網頁的時候，出現這個error message: s3_pkt: 418 //error returned in file s3_pkt.c, line 418 error code = -1, 1, 336131157 SSL routines //error library SSL3_GET_RECORD //error function decryption failed or bad record mac //error reason 在呼叫SSL_accept(...)的時候就會return這個error，請問這個問題該怎麼解決？希望各位前輩高手能提供小弟一些意見，感激不盡..... ps.我的openssl是0.9.6d 下面是我的httpd的code //Jason... .這是我加的部分 . . //________________ ==================================webmain============================= int webmain(void) { usockaddr usa; int listen_fd; int conn_fd; socklen_t sz = sizeof(usa); FILE *pid_fp; /* modify from original (PT) */ int nready; int done = 0; int ret = 0; int retFlag = WEB_STS_OK, rebootFlag = WEB_STS_OK; extern void destroy(void); fd_set rset; struct timeval to; struct timeval tv; unsigned long timestamp; //Jason added, 2005/06/29 BIO *sbio; SSL_CTX *ctx = NULL; int r; BIO *ssl_bio; int err; unsigned long int e; int timeout = 15; //_______________________ // register SIGUSR1 handler signal(SIGUSR1, sigUserHandler); /* end modify */ /* Ignore broken pipes */ signal(SIGPIPE, SIG_IGN); signal(SIGINT, SIG_IGN); //Jason added, 2005/06/27 /* Build our SSL context */ fprintf(stderr, "HTTPS enable\n\n\n\n\n\n"); if(do_ssl){ bcmSystemMute("cp /etc/gencert.sh /var/gencert.sh"); chdir("/var"); fprintf(stderr, "./gencert.sh 1096531622\n\n"); bcmSystemMute("./gencert.sh 1096531622"); fprintf(stderr, "https initialize\n"); SSLeay_add_ssl_algorithms(); //call SSL_library_init(void) SSL_load_error_strings(); //good reporting of errors ctx = SSL_CTX_new( SSLv23_server_method() ); //Setting up a secure connection if (ctx == NULL) { fprintf(stderr, "SSL_CTX_new() error\n"); exit(1); } //read file if ( SSL_CTX_use_certificate_file( ctx, CERT_FILE, SSL_FILETYPE_PEM ) == 0 ) //if (SSL_CTX_use_certificate_chain_file(ctx, CERT_FILE) == 0) { //cprintf("Cann't read %s\n", CERT_FILE); fprintf(stderr, "Cann't read %s\n", CERT_FILE); ERR_print_errors_fp( stderr ); exit( 1 ); } if(SSL_CTX_use_PrivateKey_file( ctx, KEY_FILE, SSL_FILETYPE_PEM ) == 0 ) { //cprintf("Cann't read %s\n", KEY_FILE); fprintf(stderr, "Cann't read %s\n", KEY_FILE); ERR_print_errors_fp( stderr ); exit( 1 ); } if(SSL_CTX_check_private_key( ctx ) == 0 ) { //cprintf("Check private key fail\n"); fprintf(stderr, "Check private key fail\n"); ERR_print_errors_fp( stderr ); exit( 1 ); } } //_________________________ /* Initialize listen socket */ if ((listen_fd = initialize_listen_socket(&usa)) < 0) { fprintf(stderr, "can't bind to any address\n" ); exit(errno); } /* Daemonize and log PID */ /* Comment out daemon() to remove zombie process */ /*if (daemon(1, 1) == -1) { perror("daemon"); exit(errno); }*/ if (!(pid_fp = fopen("/var/run/httpd_pid", "w"))) { perror("/var/run/httpd_pid"); return errno; } fprintf(pid_fp, "%d\n", getpid()); fclose(pid_fp); /* modify from original (PT) */ cgiGetAllInfo(); /* end modify */ /* Loop forever handling requests */ for (;;) { FD_ZERO(&rset); FD_SET(listen_fd,&rset); to.tv_sec = MONLOOP_TIMEOUT; to.tv_usec = 0; nready = select(listen_fd+1,&rset,NULL,NULL,&to); if ( nready == 0 ) { //timeout BcmWan_monitorInterfaces(&done); resettimeout(&timestamp); } else if ( nready == -1 ) { //perror("select"); //printf("!!! HTTP server is received request with nready == -1 !!!\n"); usleep(100); continue; } else if ( nready != 1 ) { perror("select"); #ifdef BRCM_DEBUG printf("app: HTTP server received request with nready == %d\n", nready); #endif } if (istimeout(&timestamp, MONLOOP_TIMEOUT)) { BcmWan_monitorInterfaces(&done); resettimeout(&timestamp); } #ifdef BRCM_DEBUG if ( done == 0 ) printf("app: HTTP server received request but monitor service is NOT done\n"); #endif if ( FD_ISSET(listen_fd,&rset)) { if ((conn_fd = accept(listen_fd, &usa.sa, &sz)) < 0) { perror("accept"); shutdown(listen_fd, 2); close(listen_fd); return errno; } //#ifdef SUPPORT_TOD char cmd[64]=""; sprintf(cmd, "echo %s > /var/fromip", inet_ntoa(usa.sa_in.sin_addr)); bcmSystemMute(cmd); //#endif tv.tv_sec=1; tv.tv_usec=0; setsockopt(conn_fd,SOL_SOCKET,SO_RCVTIMEO,&tv,sizeof(tv)); /* gavin comment retFlag = early_auth(conn_fd, usa.sa_in.sin_addr); if ( retFlag != 0) { close(conn_fd); // go away continue; } */ //Jason added, 2006/06/27 if(do_ssl) { fprintf(stderr, "https request\n"); /* if(check_action() == ACT_WEB_UPGRADE) { // We don't want user to use web (https) during web (http) upgrade. fprintf(stderr, "httpsd: nothing to do...\n"); return -1; } */ sbio=BIO_new_socket(conn_fd,BIO_NOCLOSE); ssl=SSL_new(ctx); SSL_set_bio(ssl,sbio,sbio); r = SSL_accept(ssl); if(r <= 0) { err = SSL_get_error(ssl, r); e = ERR_get_error(); fprintf(stderr, "error code = %d, %d, %d\n", r, err, e); fprintf(stderr, "%s\n", ERR_lib_error_string(e)); fprintf(stderr, "%s\n", ERR_func_error_string(e)); fprintf(stderr, "%s\n", ERR_reason_error_string(e)); //berr_exit("SSL accept error"); //ct_syslog(LOG_ERR, httpd_level, "SSL accept error"); fprintf(stderr, "httpd:878, something error here\n"); /* s3_pkt: 418 error code = -1, 1, 336131157 SSL routines SSL3_GET_RECORD decryption failed or bad record mac */ close(conn_fd); continue; } conn_fp=(webs_t)BIO_new(BIO_f_buffer()); ssl_bio=BIO_new(BIO_f_ssl()); BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE); BIO_push((BIO *)conn_fp,ssl_bio); } else if (!(conn_fp = fdopen(conn_fd, "r+"))) { perror("fdopen"); shutdown(listen_fd, 2); close(listen_fd); return errno; } #ifdef SES wlApplySetting = FALSE; wlRestoreDefault = FALSE; #endif //gavin added for mac clone memset(cmd,0,sizeof(cmd)); sprintf(cmd, "echo %s > /var/clonemac", get_mac_from_ip(inet_ntoa(usa.sa_in.sin_addr)) ); bcmSystemMute(cmd); //gavin added for mac clone retFlag = handle_request(usa.sa_in.sin_addr); // keep the reboot or restore flag to be used // when there is no activity in listen_fd if ( retFlag == WEB_STS_RESTORE || retFlag == WEB_STS_REBOOT || retFlag == WEB_STS_UPLOAD ) rebootFlag = retFlag; //Jason modified, 2005/06/27 /* ret = fflush(conn_fp); fclose(conn_fp); close(conn_fd); */ ret = wfflush(conn_fp); wfclose(conn_fp); close(conn_fd); //__________________________ #ifdef SES if (wlApplySetting) { BcmWl_Setup(WL_SETUP_SECURITY); } if (wlRestoreDefault) { BcmWl_Retrieve(TRUE); BcmWl_Store(); BcmPsi_flush(); BcmWl_stopService(); BcmWl_Setup(WL_SETUP_ALL); BcmWl_startService(); } #endif } else { // if no activity in listen_fd descriptor if ( rebootFlag == WEB_STS_RESTORE ) { cgiRestoreDefault(); shutdown(listen_fd, 2); close(listen_fd); destroy(); } else if ( rebootFlag == WEB_STS_REBOOT ) { cgiReboot(); shutdown(listen_fd, 2); close(listen_fd); destroy(); } else if ( rebootFlag == WEB_STS_UPLOAD ) do_upload_post(); } // FD_ISSET } // for shutdown(listen_fd, 2); close(listen_fd); return WEB_STS_OK; } -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 203.69.36.50