1
SSL_accept(ssl)需要200ms是否正常?SSL_accept需要200ms(c/openssl)
作爲windows服務運行,用C++編寫,使用MFC和Boost。運行在具有4GB內存的Intel xeon e5620 2.4G和Win 7 Pro上。
以下是我的代碼。與此同時,懷疑SSL_accept(SSL_CTX_ * RAND_ *等)可能會耗費很長時間的其他方法,但我記錄了並且發現SSL_accept一直在吃東西。
int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
{
return preverify_ok;
}
void somemethod() {
SSL *ssl = 0;
SSL_CTX *tlsctx = 0;
int ret_conn = -1;
tlsctx = SSL_CTX_new(SSLv23_method());
SSL_CTX_use_certificate_file(tlsctx, sCert , SSL_FILETYPE_PEM);
SSL_CTX_use_PrivateKey_file(tlsctx, sKey , SSL_FILETYPE_PEM);
RAND_write_file(sRandomPem);
int _rand_loaded = RAND_load_file(sRandomPem, -1);
if(! SSL_CTX_load_verify_locations(tlsctx, sCACert, NULL))
{
// TODO // /* Handle error here */
}
SSL_CTX_set_verify(tlsctx, SSL_VERIFY_PEER, verify_callback);
ssl = SSL_new(tlsctx);
int _error = SSL_ERROR_WANT_READ;
int loopCount = 0;
// START MEASURING TIME FROM HERE
SSL_set_fd(ssl, _sck);
while(ret_conn != 1)
{
loopCount++;
ret_conn = SSL_accept(ssl);
_error = SSL_get_error(ssl, ret_conn);
switch (_error)
{
case SSL_ERROR_NONE:
break;
case SSL_ERROR_WANT_WRITE:
break;
case SSL_ERROR_WANT_READ:
break;
case SSL_ERROR_WANT_X509_LOOKUP:
break;
case SSL_ERROR_SYSCALL:
break;
case SSL_ERROR_SSL:
break;
case SSL_ERROR_ZERO_RETURN:
break;
}
if(_error == SSL_ERROR_WANT_READ || _error == SSL_ERROR_WANT_WRITE)
{
Sleep(1);
} else
{
break;
}
}
if(ret_conn < 1)
{
Log("SSL_accept -1 ", ERR_error_string(_error, NULL));
return;
}
// MEASURING END HERE, takes ~200ms (on successfully accepting connection)
}
測量是通過文件記錄完成的。 – user1283791
及其運行服務,不在調試模式 – user1283791