mirror of
https://github.com/openssl/openssl.git
synced 2024-12-27 06:21:43 +08:00
9e973eb297
The demo code has changed to accept the hostname/port on the command line. We update the tutorials to keep in sync with the demo code. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22552)
467 lines
21 KiB
Plaintext
467 lines
21 KiB
Plaintext
=pod
|
|
|
|
=begin comment
|
|
|
|
NB: Changes to the source code samples in this file should also be reflected in
|
|
demos/guide/quic-client-non-block.c
|
|
|
|
=end comment
|
|
|
|
=head1 NAME
|
|
|
|
ossl-guide-quic-client-non-block
|
|
- OpenSSL Guide: Writing a simple nonblocking QUIC client
|
|
|
|
=head1 SIMPLE NONBLOCKING QUIC CLIENT EXAMPLE
|
|
|
|
This page will build on the example developed on the
|
|
L<ossl-guide-quic-client-block(7)> page which demonstrates how to write a simple
|
|
blocking QUIC client. On this page we will amend that demo code so that it
|
|
supports nonblocking functionality.
|
|
|
|
The complete source code for this example nonblocking QUIC client is available
|
|
in the B<demos/guide> directory of the OpenSSL source distribution in the file
|
|
B<quic-client-non-block.c>. It is also available online at
|
|
L<https://github.com/openssl/openssl/blob/master/demos/guide/quic-client-non-block.c>.
|
|
|
|
As we saw in the previous example an OpenSSL QUIC application always uses a
|
|
nonblocking socket. However, despite this, the B<SSL> object still has blocking
|
|
behaviour. When the B<SSL> object has blocking behaviour then this means that
|
|
it waits (blocks) until data is available to read if you attempt to read from
|
|
it when there is no data yet. Similarly it waits when writing if the B<SSL>
|
|
object is currently unable to write at the moment. This can simplify the
|
|
development of code because you do not have to worry about what to do in these
|
|
cases. The execution of the code will simply stop until it is able to continue.
|
|
However in many cases you do not want this behaviour. Rather than stopping and
|
|
waiting your application may need to go and do other tasks whilst the B<SSL>
|
|
object is unable to read/write, for example updating a GUI or performing
|
|
operations on some other connection or stream.
|
|
|
|
We will see later in this tutorial how to change the B<SSL> object so that it
|
|
has nonblocking behaviour. With a nonblocking B<SSL> object, functions such as
|
|
L<SSL_read_ex(3)> or L<SSL_write_ex(3)> will return immediately with a non-fatal
|
|
error if they are currently unable to read or write respectively.
|
|
|
|
Since this page is building on the example developed on the
|
|
L<ossl-guide-quic-client-block(7)> page we assume that you are familiar with it
|
|
and we only explain how this example differs.
|
|
|
|
=head2 Performing work while waiting for the socket
|
|
|
|
In a nonblocking application you will need work to perform in the event that
|
|
we want to read or write to the B<SSL> object but we are currently unable to.
|
|
In fact this is the whole point of using a nonblocking B<SSL> object, i.e. to
|
|
give the application the opportunity to do something else. Whatever it is that
|
|
the application has to do, it must also be prepared to come back and retry the
|
|
operation that it previously attempted periodically to see if it can now
|
|
complete. Ideally it would only do this in the event that something has changed
|
|
such that it might succeed on the retry attempt, but this does not have to be
|
|
the case. It can retry at any time.
|
|
|
|
Note that it is important that you retry exactly the same operation that you
|
|
tried last time. You cannot start something new. For example if you were
|
|
attempting to write the text "Hello World" and the operation failed because the
|
|
B<SSL> object is currently unable to write, then you cannot then attempt to
|
|
write some other text when you retry the operation.
|
|
|
|
In this demo application we will create a helper function which simulates doing
|
|
other work. In fact, for the sake of simplicity, it will do nothing except wait
|
|
for the state of the underlying socket to change or until a timeout expires
|
|
after which the state of the B<SSL> object might have changed. We will call our
|
|
function C<wait_for_activity()>.
|
|
|
|
static void wait_for_activity(SSL *ssl)
|
|
{
|
|
fd_set wfds, rfds;
|
|
int width, sock, isinfinite;
|
|
struct timeval tv;
|
|
struct timeval *tvp = NULL;
|
|
|
|
/* Get hold of the underlying file descriptor for the socket */
|
|
sock = SSL_get_fd(ssl);
|
|
|
|
FD_ZERO(&wfds);
|
|
FD_ZERO(&rfds);
|
|
|
|
/*
|
|
* Find out if we would like to write to the socket, or read from it (or
|
|
* both)
|
|
*/
|
|
if (SSL_net_write_desired(ssl))
|
|
FD_SET(sock, &wfds);
|
|
if (SSL_net_read_desired(ssl))
|
|
FD_SET(sock, &rfds);
|
|
width = sock + 1;
|
|
|
|
/*
|
|
* Find out when OpenSSL would next like to be called, regardless of
|
|
* whether the state of the underlying socket has changed or not.
|
|
*/
|
|
if (SSL_get_event_timeout(ssl, &tv, &isinfinite) && !isinfinite)
|
|
tvp = &tv;
|
|
|
|
/*
|
|
* Wait until the socket is writeable or readable. We use select here
|
|
* for the sake of simplicity and portability, but you could equally use
|
|
* poll/epoll or similar functions
|
|
*
|
|
* NOTE: For the purposes of this demonstration code this effectively
|
|
* makes this demo block until it has something more useful to do. In a
|
|
* real application you probably want to go and do other work here (e.g.
|
|
* update a GUI, or service other connections).
|
|
*
|
|
* Let's say for example that you want to update the progress counter on
|
|
* a GUI every 100ms. One way to do that would be to use the timeout in
|
|
* the last parameter to "select" below. If the tvp value is greater
|
|
* than 100ms then use 100ms instead. Then, when select returns, you
|
|
* check if it did so because of activity on the file descriptors or
|
|
* because of the timeout. If the 100ms GUI timeout has expired but the
|
|
* tvp timeout has not then go and update the GUI and then restart the
|
|
* "select" (with updated timeouts).
|
|
*/
|
|
|
|
select(width, &rfds, &wfds, NULL, tvp);
|
|
}
|
|
|
|
If you are familiar with how to write nonblocking applications in OpenSSL for
|
|
TLS (see L<ossl-guide-tls-client-non-block(7)>) then you should note that there
|
|
is an important difference here between the way a QUIC application and a TLS
|
|
application works. With a TLS application if we try to read or write something
|
|
to the B<SSL> object and we get a "retry" response (B<SSL_ERROR_WANT_READ> or
|
|
B<SSL_ERROR_WANT_WRITE>) then we can assume that is because OpenSSL attempted to
|
|
read or write to the underlying socket and the socket signalled the "retry".
|
|
With QUIC that is not the case. OpenSSL may signal retry as a result of an
|
|
L<SSL_read_ex(3)> or L<SSL_write_ex(3)> (or similar) call which indicates the
|
|
state of the stream. This is entirely independent of whether the underlying
|
|
socket needs to retry or not.
|
|
|
|
To determine whether OpenSSL currently wants to read or write to the underlying
|
|
socket for a QUIC application we must call the L<SSL_net_read_desired(3)> and
|
|
L<SSL_net_write_desired(3)> functions.
|
|
|
|
It is also important with QUIC that we periodically call an I/O function (or
|
|
otherwise call the L<SSL_handle_events(3)> function) to ensure that the QUIC
|
|
connection remains healthy. This is particularly important with a nonblocking
|
|
application because you are likely to leave the B<SSL> object idle for a while
|
|
while the application goes off to do other work. The L<SSL_get_event_timeout(3)>
|
|
function can be used to determine what the deadline is for the next time we need
|
|
to call an I/O function (or call L<SSL_handle_events(3)>).
|
|
|
|
An alternative to using L<SSL_get_event_timeout(3)> to find the next deadline
|
|
that OpenSSL must be called again by is to use "thread assisted" mode. In
|
|
"thread assisted" mode OpenSSL spawns an additional thread which will
|
|
periodically call L<SSL_handle_events(3)> automatically, meaning that the
|
|
application can leave the connection idle safe in the knowledge that the
|
|
connection will still be maintained in a healthy state. See
|
|
L</Creating the SSL_CTX and SSL objects> below for further details about this.
|
|
|
|
In this example we are using the C<select> function to check the
|
|
readability/writeability of the socket because it is very simple to use and is
|
|
available on most Operating Systems. However you could use any other similar
|
|
function to do the same thing. C<select> waits for the state of the underlying
|
|
socket(s) to become readable/writeable or until the timeout has expired before
|
|
returning.
|
|
|
|
=head2 Handling errors from OpenSSL I/O functions
|
|
|
|
A QUIC application that has been configured for nonblocking behaviour will need
|
|
to be prepared to handle errors returned from OpenSSL I/O functions such as
|
|
L<SSL_read_ex(3)> or L<SSL_write_ex(3)>. Errors may be fatal for the stream (for
|
|
example because the stream has been reset or because the underlying connection
|
|
has failed), or non-fatal (for example because we are trying to read from the
|
|
stream but no data has not yet arrived from the peer for that stream).
|
|
|
|
L<SSL_read_ex(3)> and L<SSL_write_ex(3)> will return 0 to indicate an error and
|
|
L<SSL_read(3)> and L<SSL_write(3)> will return 0 or a negative value to indicate
|
|
an error. L<SSL_shutdown(3)> will return a negative value to incidate an error.
|
|
|
|
In the event of an error an application should call L<SSL_get_error(3)> to find
|
|
out what type of error has occurred. If the error is non-fatal and can be
|
|
retried then L<SSL_get_error(3)> will return B<SSL_ERROR_WANT_READ> or
|
|
B<SSL_ERROR_WANT_WRITE> depending on whether OpenSSL wanted to read to or write
|
|
from the stream but was unable to. Note that a call to L<SSL_read_ex(3)> or
|
|
L<SSL_read(3)> can still generate B<SSL_ERROR_WANT_WRITE>. Similarly calls to
|
|
L<SSL_write_ex(3)> or L<SSL_write(3)> might generate B<SSL_ERROR_WANT_READ>.
|
|
|
|
Another type of non-fatal error that may occur is B<SSL_ERROR_ZERO_RETURN>. This
|
|
indicates an EOF (End-Of-File) which can occur if you attempt to read data from
|
|
an B<SSL> object but the peer has indicated that it will not send any more data
|
|
on the stream. In this case you may still want to write data to the stream but
|
|
you will not receive any more data.
|
|
|
|
Fatal errors that may occur are B<SSL_ERROR_SYSCALL> and B<SSL_ERROR_SSL>. These
|
|
indicate that the stream is no longer usable. For example, this could be because
|
|
the stream has been reset by the peer, or because the underlying connection has
|
|
failed. You can consult the OpenSSL error stack for further details (for example
|
|
by calling L<ERR_print_errors(3)> to print out details of errors that have
|
|
occurred). You can also consult the return value of
|
|
L<SSL_get_stream_read_state(3)> to determine whether the error is local to the
|
|
stream, or whether the underlying connection has also failed. A return value
|
|
of B<SSL_STREAM_STATE_RESET_REMOTE> tells you that the stream has been reset by
|
|
the peer and B<SSL_STREAM_STATE_CONN_CLOSED> tells you that the underlying
|
|
connection has closed.
|
|
|
|
In our demo application we will write a function to handle these errors from
|
|
OpenSSL I/O functions:
|
|
|
|
static int handle_io_failure(SSL *ssl, int res)
|
|
{
|
|
switch (SSL_get_error(ssl, res)) {
|
|
case SSL_ERROR_WANT_READ:
|
|
case SSL_ERROR_WANT_WRITE:
|
|
/* Temporary failure. Wait until we can read/write and try again */
|
|
wait_for_activity(ssl);
|
|
return 1;
|
|
|
|
case SSL_ERROR_ZERO_RETURN:
|
|
/* EOF */
|
|
return 0;
|
|
|
|
case SSL_ERROR_SYSCALL:
|
|
return -1;
|
|
|
|
case SSL_ERROR_SSL:
|
|
/*
|
|
* Some stream fatal error occurred. This could be because of a
|
|
* stream reset - or some failure occurred on the underlying
|
|
* connection.
|
|
*/
|
|
switch (SSL_get_stream_read_state(ssl)) {
|
|
case SSL_STREAM_STATE_RESET_REMOTE:
|
|
printf("Stream reset occurred\n");
|
|
/*
|
|
* The stream has been reset but the connection is still
|
|
* healthy.
|
|
*/
|
|
break;
|
|
|
|
case SSL_STREAM_STATE_CONN_CLOSED:
|
|
printf("Connection closed\n");
|
|
/* Connection is already closed. */
|
|
break;
|
|
|
|
default:
|
|
printf("Unknown stream failure\n");
|
|
break;
|
|
}
|
|
/*
|
|
* If the failure is due to a verification error we can get more
|
|
* information about it from SSL_get_verify_result().
|
|
*/
|
|
if (SSL_get_verify_result(ssl) != X509_V_OK)
|
|
printf("Verify error: %s\n",
|
|
X509_verify_cert_error_string(SSL_get_verify_result(ssl)));
|
|
return -1;
|
|
|
|
default:
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
This function takes as arguments the B<SSL> object that represents the
|
|
connection, as well as the return code from the I/O function that failed. In
|
|
the event of a non-fatal failure, it waits until a retry of the I/O operation
|
|
might succeed (by using the C<wait_for_activity()> function that we developed
|
|
in the previous section). It returns 1 in the event of a non-fatal error
|
|
(except EOF), 0 in the event of EOF, or -1 if a fatal error occurred.
|
|
|
|
=head2 Creating the SSL_CTX and SSL objects
|
|
|
|
In order to connect to a server we must create B<SSL_CTX> and B<SSL> objects for
|
|
this. Most of the steps to do this are the same as for a blocking client and are
|
|
explained on the L<ossl-guide-quic-client-block(7)> page. We won't repeat that
|
|
information here.
|
|
|
|
One key difference is that we must put the B<SSL> object into nonblocking mode
|
|
(the default is blocking mode). To do that we use the
|
|
L<SSL_set_blocking_mode(3)> function:
|
|
|
|
/*
|
|
* The underlying socket is always nonblocking with QUIC, but the default
|
|
* behaviour of the SSL object is still to block. We set it for nonblocking
|
|
* mode in this demo.
|
|
*/
|
|
if (!SSL_set_blocking_mode(ssl, 0)) {
|
|
printf("Failed to turn off blocking mode\n");
|
|
goto end;
|
|
}
|
|
|
|
Although the demo application that we are developing here does not use it, it is
|
|
possible to use "thread assisted mode" when developing QUIC applications.
|
|
Normally, when writing an OpenSSL QUIC application, it is important that
|
|
L<SSL_handle_events(3)> (or alternatively any I/O function) is called on the
|
|
connection B<SSL> object periodically to maintain the connection in a healthy
|
|
state. See L</Performing work while waiting for the socket> for more discussion
|
|
on this. This is particularly important to keep in mind when writing a
|
|
nonblocking QUIC application because it is common to leave the B<SSL> connection
|
|
object idle for some time when using nonblocking mode. By using "thread assisted
|
|
mode" a separate thread is created by OpenSSL to do this automatically which
|
|
means that the application developer does not need to handle this aspect. To do
|
|
this we must use L<OSSL_QUIC_client_thread_method(3)> when we construct the
|
|
B<SSL_CTX> as shown below:
|
|
|
|
ctx = SSL_CTX_new(OSSL_QUIC_client_thread_method());
|
|
if (ctx == NULL) {
|
|
printf("Failed to create the SSL_CTX\n");
|
|
goto end;
|
|
}
|
|
|
|
=head2 Performing the handshake
|
|
|
|
As in the demo for a blocking QUIC client we use the L<SSL_connect(3)> function
|
|
to perform the handshake with the server. Since we are using a nonblocking
|
|
B<SSL> object it is very likely that calls to this function will fail with a
|
|
non-fatal error while we are waiting for the server to respond to our handshake
|
|
messages. In such a case we must retry the same L<SSL_connect(3)> call at a
|
|
later time. In this demo we do this in a loop:
|
|
|
|
/* Do the handshake with the server */
|
|
while ((ret = SSL_connect(ssl)) != 1) {
|
|
if (handle_io_failure(ssl, ret) == 1)
|
|
continue; /* Retry */
|
|
printf("Failed to connect to server\n");
|
|
goto end; /* Cannot retry: error */
|
|
}
|
|
|
|
We continually call L<SSL_connect(3)> until it gives us a success response.
|
|
Otherwise we use the C<handle_io_failure()> function that we created earlier to
|
|
work out what we should do next. Note that we do not expect an EOF to occur at
|
|
this stage, so such a response is treated in the same way as a fatal error.
|
|
|
|
=head2 Sending and receiving data
|
|
|
|
As with the blocking QUIC client demo we use the L<SSL_write_ex(3)> function to
|
|
send data to the server. As with L<SSL_connect(3)> above, because we are using
|
|
a nonblocking B<SSL> object, this call could fail with a non-fatal error. In
|
|
that case we should retry exactly the same L<SSL_write_ex(3)> call again. Note
|
|
that the parameters must be I<exactly> the same, i.e. the same pointer to the
|
|
buffer to write with the same length. You must not attempt to send different
|
|
data on a retry. An optional mode does exist
|
|
(B<SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER>) which will configure OpenSSL to allow
|
|
the buffer being written to change from one retry to the next. However, in this
|
|
case, you must still retry exactly the same data - even though the buffer that
|
|
contains that data may change location. See L<SSL_CTX_set_mode(3)> for further
|
|
details. As in the TLS tutorials (L<ossl-guide-tls-client-block(7)>) we write
|
|
the request in three chunks.
|
|
|
|
/* Write an HTTP GET request to the peer */
|
|
while (!SSL_write_ex(ssl, request_start, strlen(request_start), &written)) {
|
|
if (handle_io_failure(ssl, 0) == 1)
|
|
continue; /* Retry */
|
|
printf("Failed to write start of HTTP request\n");
|
|
goto end; /* Cannot retry: error */
|
|
}
|
|
while (!SSL_write_ex(ssl, hostname, strlen(hostname), &written)) {
|
|
if (handle_io_failure(ssl, 0) == 1)
|
|
continue; /* Retry */
|
|
printf("Failed to write hostname in HTTP request\n");
|
|
goto end; /* Cannot retry: error */
|
|
}
|
|
while (!SSL_write_ex(ssl, request_end, strlen(request_end), &written)) {
|
|
if (handle_io_failure(ssl, 0) == 1)
|
|
continue; /* Retry */
|
|
printf("Failed to write end of HTTP request\n");
|
|
goto end; /* Cannot retry: error */
|
|
}
|
|
|
|
On a write we do not expect to see an EOF response so we treat that case in the
|
|
same way as a fatal error.
|
|
|
|
Reading a response back from the server is similar:
|
|
|
|
do {
|
|
/*
|
|
* Get up to sizeof(buf) bytes of the response. We keep reading until
|
|
* the server closes the connection.
|
|
*/
|
|
while (!eof && !SSL_read_ex(ssl, buf, sizeof(buf), &readbytes)) {
|
|
switch (handle_io_failure(ssl, 0)) {
|
|
case 1:
|
|
continue; /* Retry */
|
|
case 0:
|
|
eof = 1;
|
|
continue;
|
|
case -1:
|
|
default:
|
|
printf("Failed reading remaining data\n");
|
|
goto end; /* Cannot retry: error */
|
|
}
|
|
}
|
|
/*
|
|
* OpenSSL does not guarantee that the returned data is a string or
|
|
* that it is NUL terminated so we use fwrite() to write the exact
|
|
* number of bytes that we read. The data could be non-printable or
|
|
* have NUL characters in the middle of it. For this simple example
|
|
* we're going to print it to stdout anyway.
|
|
*/
|
|
if (!eof)
|
|
fwrite(buf, 1, readbytes, stdout);
|
|
} while (!eof);
|
|
/* In case the response didn't finish with a newline we add one now */
|
|
printf("\n");
|
|
|
|
The main difference this time is that it is valid for us to receive an EOF
|
|
response when trying to read data from the server. This will occur when the
|
|
server closes down the connection after sending all the data in its response.
|
|
|
|
In this demo we just print out all the data we've received back in the response
|
|
from the server. We continue going around the loop until we either encounter a
|
|
fatal error, or we receive an EOF (indicating a graceful finish).
|
|
|
|
=head2 Shutting down the connection
|
|
|
|
As in the QUIC blocking example we must shutdown the connection when we are
|
|
finished with it.
|
|
|
|
Even though we have received EOF on the stream that we were reading from above,
|
|
this tell us nothing about the state of the underlying connection. Our demo
|
|
application will initiate the connection shutdown process via
|
|
L<SSL_shutdown(3)>.
|
|
|
|
Since our application is initiating the shutdown then we might expect to see
|
|
L<SSL_shutdown(3)> give a return value of 0, and then we should continue to call
|
|
it until we receive a return value of 1 (meaning we have successfully completed
|
|
the shutdown). Since we are using a nonblocking B<SSL> object we might expect to
|
|
have to retry this operation several times. If L<SSL_shutdown(3)> returns a
|
|
negative result then we must call L<SSL_get_error(3)> to work out what to do
|
|
next. We use our handle_io_failure() function that we developed earlier for
|
|
this:
|
|
|
|
/*
|
|
* Repeatedly call SSL_shutdown() until the connection is fully
|
|
* closed.
|
|
*/
|
|
while ((ret = SSL_shutdown(ssl)) != 1) {
|
|
if (ret < 0 && handle_io_failure(ssl, ret) == 1)
|
|
continue; /* Retry */
|
|
}
|
|
|
|
=head2 Final clean up
|
|
|
|
As with the blocking QUIC client example, once our connection is finished with
|
|
we must free it. The steps to do this for this example are the same as for the
|
|
blocking example, so we won't repeat it here.
|
|
|
|
=head1 FURTHER READING
|
|
|
|
See L<ossl-guide-quic-client-block(7)> to read a tutorial on how to write a
|
|
blocking QUIC client. See L<ossl-guide-quic-multi-stream(7)> to see how to write
|
|
a multi-stream QUIC client.
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<ossl-guide-introduction(7)>, L<ossl-guide-libraries-introduction(7)>,
|
|
L<ossl-guide-libssl-introduction(7)>, L<ossl-guide-quic-introduction(7)>,
|
|
L<ossl-guide-quic-client-block(7)>, L<ossl-guide-quic-multi-stream(7)>
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
=cut
|