我正在使用OpenSSL自定义扩展API创建一个自定义扩展。
函数SSL_CTX_add_client_custom_ext和SSL_CTX_custom_ext返回1,即成功,但问题是有一些回调函数被调用来操作我们需要添加或解析的数据。我添加了某些调试语句来确定它们是否被调用,但我认为它们没有被调用。
static int old_add_cb(SSL *s, unsigned int ext_type, const unsigned
char **out, size_t *outlen, int *al, void *add_arg) {
printf("called!!");
return 1;
}
static void old_free_cb(SSL *s, unsigned int ext_type, const unsigned
char *out, void *add_arg) {
printf("called!!");
OPENSSL_free((unsigned char *)out);
}
static int old_parse_cb(SSL *s, unsigned int ext_type, const
unsigned char *in, size_t inlen, int *al, void *parse_arg) {
printf("called!!");
return 1;
}
SSL_CTX相关代码为:
int main(int count, char *strings[]) {
SSL_CTX *ctx;
int server;
SSL *ssl;
char buf[1024];
int bytes;
char *hostname, *portnum;
if ( count != 3 ) {
printf("usage: %s <hostname> <portnum>n", strings[0]);
exit(0);
}
SSL_library_init();
hostname=strings[1];
portnum=strings[2];
ctx = InitCTX();
int result = SSL_CTX_add_custom_ext(ctx, 1000,
SSL_EXT_CLIENT_HELLO, old_add_cb,
old_free_cb, NULL, old_parse_cb,
NULL);
printf("Extension Register %d", result);
server = OpenConnection(hostname, atoi(portnum));
ssl = SSL_new(ctx); /* create new SSL connection state */
SSL_set_fd(ssl, server); /* attach the socket descriptor */
if ( SSL_connect(ssl) == FAIL ) /* perform the connection */
ERR_print_errors_fp(stderr);
else { char *msg = "Hello???";
printf("Connected with %s encryptionn", SSL_get_cipher(ssl));
ShowCerts(ssl); /* get any certs */
SSL_write(ssl, msg, strlen(msg)); /* encrypt & send message */
bytes = SSL_read(ssl, buf, sizeof(buf)); /* get reply & decrypt */
buf[bytes] = 0;
printf("Received: "%s"n", buf);
SSL_free(ssl); /* release connection state */
}
close(server); /* close socket */
SSL_CTX_free(ctx); /* release context */
return 0;
}
"SSL_CTX_add_custom_ext"函数返回1,但回调函数中的打印语句没有执行。
来自Openssl文档关于SSL_extension_supported我们可以看到以下声明:
对于ServerHello和EncryptedExtension消息,当且仅当满足指定上下文的要求并且在ClientHello中接收到相应的扩展时,才会调用每个注册的add_cb一次。也就是说,如果在ClientHello中没有接收到相应的扩展,那么将不会调用add_cb。
我的意思是,只有服务器验证并接受包括扩展的ClientHello,来自双方(这里是客户端和服务器(的回调才会执行。因此,您应该向类似服务器的客户端添加扩展(此处为回调(,以确保执行回调。这是我的例子:
static int ext_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
size_t *outlen, int *al, void *add_arg)
{
switch (ext_type) {
case 65280:
printf("ext_add_cb from client called!n");
break;
default:
break;
}
return 1;
}
static void ext_free_cb(SSL *s, unsigned int ext_type,
const unsigned char *out, void *add_arg)
{
printf("ext_free_cb from client calledn");
}
static int ext_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
size_t inlen, int *al, void *parse_arg)
{
printf("ext_parse_cb from client called!n");
return 1;
}
服务器和客户端类似。然后在main:中添加寄存器
int result = SSL_CTX_add_client_custom_ext(ctx, 65280, ext_add_cb, ext_free_cb, NULL, ext_parse_cb, NULL);
运行服务器,然后运行客户端,我得到这样的消息:
# server:
ext_parse_cb from server called!
ext_add_cb from server called!
ext_free_cb from server called!
# client:
ext_add_cb from client called!
ext_free_cb from client called
ext_parse_cb from client called!