Linux 异常运行 boost asio ssl 示例
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6452756/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Exception running boost asio ssl example
提问by Shootfast
I'm trying to run the SSL examples from boost::asio and I'm getting an "Invalid argument" exception when I run them. I'm on Linux x86_64.
我正在尝试从 boost::asio 运行 SSL 示例,但在运行它们时出现“无效参数”异常。我在 Linux x86_64 上。
http://www.boost.org/doc/libs/1_46_1/doc/html/boost_asio/example/ssl/client.cpp
http://www.boost.org/doc/libs/1_46_1/doc/html/boost_asio/example/ssl/client.cpp
http://www.boost.org/doc/libs/1_46_1/doc/html/boost_asio/example/ssl/server.cpp
http://www.boost.org/doc/libs/1_46_1/doc/html/boost_asio/example/ssl/server.cpp
Compiled with:
编译:
g++ server.cpp -o server -lboost_system -lssl
g++ client.cpp -o client -lboost_system -lssl
Run like:
像这样运行:
$ ./server
Usage: server <port>
$ ./server 10000
Exception: Invalid argument
$ ./server 1000
Exception: Permission denied
$ sudo ./server 1000
Exception: Invalid argument
Not sure what the problem is :( Any help would be greatly appreciated.
不确定问题是什么:( 任何帮助将不胜感激。
Thanks!
谢谢!
采纳答案by Shootfast
OK, for anyone finding this in the future, you need to create your certificates and sign them appropriately. Here are the commands for linux:
好的,对于将来发现此问题的任何人,您需要创建证书并对其进行适当签名。以下是Linux的命令:
//Generate a private key
//生成私钥
openssl genrsa -des3 -out server.key 1024
//Generate Certificate signing request
//生成证书签名请求
openssl req -new -key server.key -out server.csr
//Sign certificate with private key
//使用私钥签署证书
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
//Remove password requirement (needed for example)
//删除密码要求(例如需要)
cp server.key server.key.secure
openssl rsa -in server.key.secure -out server.key
//Generate dhparam file
//生成dhparam文件
openssl dhparam -out dh512.pem 512
Once you've done that, you need to change the filenames in server.cpp and client.cpp.
完成后,您需要更改 server.cpp 和 client.cpp 中的文件名。
server.cpp
服务器.cpp
context_.use_certificate_chain_file("server.crt");
context_.use_private_key_file("server.key", boost::asio::ssl::context::pem);
context_.use_tmp_dh_file("dh512.pem");
client.cpp
客户端
ctx.load_verify_file("server.crt");
Then it should all work!
那么它应该一切正常!
回答by Brian Cain
Execute the tests again with strace to see which syscall gets the EINVAL, as a bonus you'll get to see the args for the failing call. It's likely part of the security context setup that's failing, unless you have the right files and data from the example:
使用 strace 再次执行测试以查看哪个系统调用获得了EINVAL,作为奖励,您将看到失败调用的参数。这可能是安全上下文设置失败的一部分,除非您从示例中获得了正确的文件和数据:
context_.use_certificate_chain_file("server.pem");
context_.use_private_key_file("server.pem", boost::asio::ssl::context::pem);
context_.use_tmp_dh_file("dh512.pem");
You were getting EPERMbecause you were trying to bind to a privileged TCP port (one whose value is less than 1024). That's why ./server 10000does not get EPERM.
您EPERM之所以收到此消息,是因为您试图绑定到特权 TCP 端口(值小于 1024 的端口)。这就是为什么./server 10000没有得到EPERM.
