C++ thrift客戶端不能使用ssl（SSL_connect掛起）

Question

我想在我的C++服務器和客戶端中使用由thrift提供的ssl支持。通過「transport-> open（）」 後，我自己的節儉客戶端總是掛在SSL_connect中。所以我爲windows構建了官方的thrift \ thrift-0.9.1 \ test \ cpp \ src \ TestServer.cpp和testclient.cpp。同樣的事情也發生在我身上。

我真的可以使用任何幫助或指針。

更新：

我使用的是最新的來源在https://github.com/apache/thrift 也試過我是用0.9.1

---

工作之前因爲我看到testserver.cpp在做以下

sslSocketFactory->loadCertificate("./server-certificate.pem"); 
    sslSocketFactory->loadPrivateKey("./server-private-key.pem"); 
    sslSocketFactory->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); 

和testclient.cpp正在做以下操作

factory->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); 
    factory->loadTrustedCertificates("./trusted-ca-certificate.pem"); 
    factory->authenticate(true); 

所以我把下面的步驟來建立證書

openssl genrsa -out ca-private-key.pem 2048 
openssl req -new -x509 -nodes -days 3600 -key ca-private-key.pem -out ca-certificate.pem 

openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-private-key.pem -out server-request.pem 
openssl rsa -in server-private-key.pem -out server-private-key.pem 
openssl x509 -req -in server-request.pem -days 3600 -CA ca-certificate.pem -CAkey ca-private-key.pem -set_serial 01 -out server-certificate.pem 

輸出不同的測試情況下─

---

TestServer.exe --ssl 
TestClient.exe --host 192.168.0.4 --ssl 

I saw TestClient.exe hang on SSL_connect while running  
    testClient.testVoid(); 

期間掛起服務器端調用堆棧

掛起期間客戶端調用堆棧。顯然，雙方都卡在閱讀！

Wireshark上述客戶端服務器通信的調試跟蹤。

Debug output through "openssl s_client" run against thriftserver- 

openssl s_client -connect 192.168.0.4:9090 -state -debug 
Loading 'screen' into random state - done 
CONNECTED(00000100) 
SSL_connect:before/connect initialization 
write to 0x1e2b5c0 [0x1e2bf50] (321 bytes => 321 (0x141)) 
0000 - 16 03 01 01 3c 01 00 01-38 03 03 52 dc 25 39 ad ....<...8..R.%9. 
SSL_connect:SSLv2/v3 write client hello A  

---

TestServer.exe --ssl --server-type nonblocking 
TestClient.exe --ssl 

I saw TestClient.exe failed on SSL_connect (10054) while running  
    testClient.testVoid(); 

Server stderr was saying 
Thrift: Sat Jan 18 19:31:21 2014 TNonblockingServer: frame size too large (369295616 > 268435456) 
from client <Host: ::1 Port: 22869>. Remote side not using TFramedTransport? 

openssl.exe s_client -connect localhost:9090 -state -debug 
Loading 'screen' into random state - done 
CONNECTED(0000018C) 
SSL_connect:before/connect initialization 
write to 0x6db5c0 [0x6dbf50] (321 bytes => 321 (0x141)) 
0000 - 16 03 01 01 3c 01 00 01-38 03 03 52 db 4b 8a dd ....<...8..R.K.. 
SSL_connect:SSLv2/v3 write client hello A 
read from 0x6db5c0 [0x6e14b0] (7 bytes => -1 (0xFFFFFFFF)) 
SSL_connect:error in SSLv2/v3 read server hello A 
write:errno=10054 

---

TestServer.exe --ssl --server-type nonblocking --transport framed 
TestClient.exe --ssl --transport framed 

Server stderr was saying 
Thrift: Sat Jan 18 19:36:01 2014 TNonblockingServer: frame size too large (36929 
5616 > 268435456) from client <Host: ::1 Port: 23087>. Remote side not using TFramedTransport? 

通過通過我肯定步進證實TestClient的使用陷害運輸。

Answer 1

我想我知道可能會發生什麼並且可能發現了這個錯誤。

進一步調試後，我看到了虛函數的createSocket聲明與參數 「INT」

的boost :: shared_ptr的的createSocket（INT插座）; https://github.com/apache/thrift/blob/master/lib/cpp/src/thrift/transport/TSSLServerSocket.h https://github.com/apache/thrift/blob/master/lib/cpp/src/thrift/transport/TSSLServerSocket.cpp

然而基類TServerSocket。h聲明它爲「THRIFT_SOCKET」，它在窗口上是ULONG_PTR

virtual boost :: shared_ptr createSocket（THRIFT_SOCKET client）; https://github.com/apache/thrift/blob/master/lib/cpp/src/thrift/transport/TServerSocket.h

因此，正確的createSocket並沒有從膽量中調用。

進行此更改後，我能夠繼續前進，我再次與確認的OpenSSL的s_client.First -connect本地主機：9090 -state -debug

我將我的補丁發送到節儉開發的情況下，他們願意接受它。