Dear openssl-users,
When using the openssl and found a large number of connections during the
establishment of the memory has been growing closed, the test found that when
the memory is increased to 317548K, the not increased, the initial memory, only
a few K, very strange.
why? How can I resolve it?
thank u!
code:
server.c
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <string>
using namespace std;
std::string a_serverCert = "server_cert/newcert.pem";
std::string a_serverKey = "server_cert/newkey.pem";
std::string a_trustCert = "server_cert/cacert.pem";
std::string a_password = "1234";
#define MAXBUF 1024
int main(int argc, char **argv)
{
int sockfd, new_fd;
socklen_t len;
struct sockaddr_in my_addr, their_addr;
unsigned int myport, lisnum;
char buf[MAXBUF + 1];
SSL_CTX *ctx;
if (argv[1])
myport = atoi(argv[1]);
else
myport = 8899;
if (argv[2])
lisnum = atoi(argv[2]);
else
lisnum = 2;
/* SSL 库初始化 */
SSL_library_init();
/* 载入所有 SSL 算法 */
OpenSSL_add_all_algorithms();
/* 载入所有 SSL 错误消息 */
SSL_load_error_strings();
/* 以 SSL V2 和 V3 标准兼容方式产生一个 SSL_CTX ,即 SSL Content Text */
ctx = SSL_CTX_new(SSLv23_server_method());
/* 也可以用 SSLv2_server_method() 或 SSLv3_server_method() 单独表示 V2 或 V3标准 */
if (ctx == NULL) {
ERR_print_errors_fp(stdout);
exit(1);
}
/* 载入用户的数字证书, 此证书用来发送给客户端。 证书里包含有公钥 */
if (SSL_CTX_use_certificate_file(ctx, a_serverCert.c_str(),
SSL_FILETYPE_PEM) <= 0) {
ERR_print_errors_fp(stdout);
exit(1);
}
//set the key file's password.
SSL_CTX_set_default_passwd_cb_userdata(ctx, (void*) (a_password.c_str()));
/* 载入用户私钥 */
if (SSL_CTX_use_PrivateKey_file(ctx, a_serverKey.c_str(), SSL_FILETYPE_PEM)
<= 0) {
ERR_print_errors_fp(stdout);
exit(1);
}
/* 检查用户私钥是否正确 */
if (!SSL_CTX_check_private_key(ctx)) {
ERR_print_errors_fp(stdout);
exit(1);
}
//set vefify client, the server will verify client's certification
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
//load trust certification. it is CA root certification or user's certification
SSL_CTX_load_verify_locations(ctx, a_trustCert.c_str(), NULL);
/* 开启一个 socket 监听 */
printf("socket creating...... \t\t");
if ((sockfd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
{
perror("socket");
exit(1);
}
else
printf("socket created.\n");
bzero(&my_addr, sizeof(my_addr));
my_addr.sin_family = PF_INET;
my_addr.sin_port = htons(myport);
my_addr.sin_addr.s_addr = INADDR_ANY;
printf("bingding......\t\t\t");
if (bind(sockfd, (struct sockaddr *) &my_addr, sizeof(struct sockaddr))
== -1) {
perror("bind");
exit(1);
} else
printf("binded.\n");
if (listen(sockfd, lisnum) == -1) {
perror("listen");
exit(1);
} else
printf("begin listen......\n");
while (1)
{
SSL *ssl;
len = sizeof(struct sockaddr);
/* 等待客户端连上来 */
if ((new_fd =
accept(sockfd, (struct sockaddr *) &their_addr,
&len)) == -1) {
perror("accept");
//exit(errno);
continue;
} else
printf("server: got connection from %s, port %d, socket %d\n",
inet_ntoa(their_addr.sin_addr),
ntohs(their_addr.sin_port), new_fd);
/* 基于 ctx 产生一个新的 SSL */
ssl = SSL_new(ctx);
/* 将连接用户的 socket 加入到 SSL */
SSL_set_fd(ssl, new_fd);
/* 建立 SSL 连接 */
if (SSL_accept(ssl) == -1) {
perror("accept");
close(new_fd);
continue;
}
/* 开始处理每个新连接上的数据收发 */
bzero(buf, MAXBUF + 1);
printf("输入要发送客户端的消息:");
// scanf("%[^\n]",buf);
// /* 发消息给客户端 */
// len = SSL_write(ssl, buf, strlen(buf));
//
// if (len <= 0) {
// printf
// ("消息'%s'发送失败!错误代码是%d,错误信息是'%s'\n",
// buf, errno, strerror(errno));
// goto finish;
// } else
// printf("消息'%s'发送成功,共发送了%d个字节!\n",
// buf, len);
bzero(buf, MAXBUF + 1);
/* 接收客户端的消息 */
len = SSL_read(ssl, buf, MAXBUF);
if (len > 0)
printf("接收到来自客户端的消息:'%s',共%d个字节的数据。\n",
buf, len);
else
printf
("消息接收失败!错误代码是%d,错误信息是'%s'\n",
errno, strerror(errno));
/* 处理每个新连接上的数据收发结束 */
finish:
/* 关闭 SSL 连接 */
SSL_shutdown(ssl);
/* 释放 SSL */
SSL_free(ssl);
/* 关闭 socket */
close(new_fd);
}
/* 关闭监听的 socket */
close(sockfd);
/* 释放 CTX */
SSL_CTX_free(ctx);
return 0;
}
2010-12-24
Best regards,
李志平
务实 进取 诚信 协作
中国互联网络信息中心 CNNIC
电 话:(8610)-58813355
邮 箱:lizhip...@cnnic.cn
网 址:www.cnnic.cn
地 址:北京市海淀区中关村南4街4号-1号楼6层
邮 编:100190
MSN:lizp....@gmail.com
