Получена ошибка неопределенной ссылки на `SSL_new 'при компиляции кода с использованием openssl - PullRequest
0 голосов
/ 07 мая 2020
• 1000

Мой код следующий:

#include <stdio.h>
#include <errno.h>
#include <unistd.h>
#include <malloc.h>
#include <string.h>
#include <sys/socket.h>
#include <resolv.h>
#include <netdb.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/bio.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <fcntl.h>
#define FAIL    -1

SSL_CTX* init_ssl_ctx();
static int verify_cb(int ok, X509_STORE_CTX *store);

int main()
{
    int sockfd;
    struct sockaddr_in servaddr;
    int ret;
    struct sockaddr sockaddr;
    int port = 8443;
    //string ns_addr = "55.0.0.5";

    bzero(&servaddr, sizeof(servaddr));
    servaddr.sin_family = AF_INET;
    servaddr.sin_port = htons(8443);
    inet_pton(AF_INET, "55.0.0.5", &servaddr.sin_addr);

    sockfd = socket(PF_INET, SOCK_STREAM, 1); //tcp
    if (sockfd < 0)
    {
        printf("sockfd fail with %d, %s\n", sockfd, strerror(errno));
        return 0;
    }

    int reuse_opt = 1;
    ret = setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &reuse_opt, sizeof(reuse_opt));
    if (ret < 0)
    {
        printf("setsocketopt fail with %d, %s\n", ret, strerror(errno));
        close(sockfd);
        return 0;
    }

    int flags = fcntl(sockfd, F_GETFL, 0);
    if (flags < 0)
    {
        printf("fcntl fail with %d, %s\n", flags, strerror(errno));
        close(sockfd);
        return 0;
    }

    ret = bind(sockfd, (struct sockaddr *)&servaddr, sizeof(servaddr));
    if (ret < 0)
    {
        printf("bind fail with %d, %s\n", ret, strerror(errno));
        close(sockfd);
        return 0;
    }

    ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr));
    if (ret < 0)
    {
        printf("bind fail with %d, %s\n", ret, strerror(errno));
        close(sockfd);
        return 0;
    }

    SSL_CTX* ssl_ctx = init_ssl_ctx();
    if (ssl_ctx == NULL)
    {
        close(sockfd);
        return 0;
    }

    SSL *p_ssl = SSL_new(ssl_ctx);
    if (p_ssl == NULL)
    {
        printf("SSL_new fail\n");
        close(sockfd);
        return 0;
    }

    BIO *p_bio = BIO_new_socket(sockfd, BIO_NOCLOSE);
    if (p_bio == NULL)
    {
        printf("BIO_new_socket fail\n");
        close(sockfd);
        SSL_free(p_ssl);
        return 0;
    }

    SSL_set_bio(p_ssl, p_bio, p_bio);

    SSL_clear_options(p_ssl, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3);

    long vermasks = SSL_OP_NO_SSLv2;
    vermasks |= SSL_OP_NO_TLSv1_3;
    SSL_set_options(p_ssl, SSL_OP_ALL | vermasks);
    SSL_set_verify(p_ssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE, verify_cb);
    SSL_set_verify_depth(p_ssl, 4);

    ret = SSL_connect(p_ssl);
    int err = SSL_get_error(p_ssl, ret);

    printf("SSL_connect err = %d\n", err);

    return 0;
}

static int verify_cb(int ok, X509_STORE_CTX *store)
{
    printf("SSL_set_verify fail\n");
    return ok;
}

SSL_CTX* init_ssl_ctx()
{
    SSL_CTX* ssl_ctx = SSL_CTX_new(SSLv23_client_method());
    if (ssl_ctx == NULL)
    {
        printf("SSL_CTX_new fail\n");
        return NULL;
    }

    long vermasks = SSL_OP_NO_SSLv2;
    vermasks |= SSL_OP_NO_TLSv1_3;
    SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | vermasks);

    //Two standardized session resumption mechanisms that require two different data sharing designs:
    //Session IDs RFC 5246, and Session Tickets RFC 5077. Both will be disabled by calling openssl APIs as below.
    //For details, please check SBC-23917
    SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_OFF);
    SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
    SSL_CTX_set_num_tickets(ssl_ctx, 0);

    SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS);

    //set ALPN as HTTP/2
    unsigned char protos[] = {
        2, 'h', '2'
    };
    unsigned int protos_len = sizeof(protos);

    if (SSL_CTX_set_alpn_protos(ssl_ctx, protos, protos_len) != 0)
    {
        printf("SSL_CTX_set_alpn_protos fail\n");
        SSL_CTX_free(ssl_ctx);
        return NULL;
    }

    if (SSL_CTX_set_cipher_list(ssl_ctx, "ALL:!DH:!EXP:!RC4:@STRENGTH") != 1)
    {
        printf("SSL_CTX_set_cipher_list fail\n");
        SSL_CTX_free(ssl_ctx);
        return NULL;
    }

    char* CAfile = "CaListApple.pem";
    if (SSL_CTX_load_verify_locations(ssl_ctx, CAfile, NULL) != 1)
    {
        printf("SSL_CTX_load_verify_locations fail\n");
        SSL_CTX_free(ssl_ctx);
        return NULL;
    }

    char *client_cert_file = "CertificateAppleV4D.pem";
    if (SSL_CTX_use_certificate_chain_file(ssl_ctx, client_cert_file) != 1)
    {
        printf("SSL_CTX_use_certificate_chain_file fail\n");
        SSL_CTX_free(ssl_ctx);
        return NULL;
    }

    if (SSL_CTX_use_PrivateKey_file(ssl_ctx, client_cert_file, SSL_FILETYPE_PEM) != 1)
    {
        printf("SSL_CTX_use_PrivateKey_file fail\n");
        SSL_CTX_free(ssl_ctx);
        return NULL;
    }

    if (SSL_CTX_check_private_key(ssl_ctx) != 1)
    {
        printf("SSL_CTX_check_private_key fail\n");
        SSL_CTX_free(ssl_ctx);
        return NULL;
    }

    return ssl_ctx;
}

ОС - ubuntu 20.04 LTS:

Description:    Ubuntu 20.04 LTS

openssl версии 1.1.1f:

OpenSSL 1.1.1f  31 Mar 2020
built on: Mon Apr 20 11:53:50 2020 UTC
platform: debian-amd64
options:  bn(64,64) rc4(8x,int) des(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-P_ODHM/openssl-1.1.1f=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_TLS_SECURITY_LEVEL=2 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
OPENSSLDIR: "/usr/lib/ssl"
ENGINESDIR: "/usr/lib/x86_64-linux-gnu/engines-1.1"
Seeding source: os-specific

$ dpkg -l | grep ssl
ii  libflac8:amd64                 1.3.3-1build1                     amd64        Free Lossless Audio Codec - runtime C library
ii  libssl-dev:amd64               1.1.1f-1ubuntu2                   amd64        Secure Sockets Layer toolkit - development files
ii  libssl1.1:amd64                1.1.1f-1ubuntu2                   amd64        Secure Sockets Layer toolkit - shared libraries
ii  libxmlsec1-openssl:amd64       1.2.28-2                          amd64        Openssl engine for the XML security library
ii  libzstd1:amd64                 1.4.4+dfsg-3                      amd64        fast lossless compression algorithm
ii  openssl                        1.1.1f-1ubuntu2                   amd64        Secure Sockets Layer toolkit - cryptographic utility
ii  python3-openssl                19.0.0-1build1                    all          Python 3 wrapper around the OpenSSL library

Пробовал несколько команды сборки:

g++ -lssl -lcrypto -o ssl_client ssl_client.cpp
g++ -lrt -lssl -lcrypto -o ssl_client ssl_client.cpp
g++ -L/lib/x86_64-linux-gnu -lrt -lssl -lcrypto -o ssl_client ssl_client.cpp
g++ -L/usr/lib/ssl -lrt -lssl -lcrypto -o ssl_client ssl_client.cpp
g++ -L/usr/lib/x86_64-linux-gnu -lrt -lssl -lcrypto -o ssl_client ssl_client.cpp

Всегда получалась ошибка:

/usr/bin/ld: /tmp/ccA1Fl3A.o: in function `main':
ssl_client.cpp:(.text+0x25c): undefined reference to `SSL_new'
/usr/bin/ld: ssl_client.cpp:(.text+0x296): undefined reference to `BIO_new_socket'
/usr/bin/ld: ssl_client.cpp:(.text+0x2c3): undefined reference to `SSL_free'
/usr/bin/ld: ssl_client.cpp:(.text+0x2e4): undefined reference to `SSL_set_bio'
/usr/bin/ld: ssl_client.cpp:(.text+0x2f5): undefined reference to `SSL_clear_options'
/usr/bin/ld: ssl_client.cpp:(.text+0x320): undefined reference to `SSL_set_options'
/usr/bin/ld: ssl_client.cpp:(.text+0x338): undefined reference to `SSL_set_verify'
/usr/bin/ld: ssl_client.cpp:(.text+0x349): undefined reference to `SSL_set_verify_depth'
/usr/bin/ld: ssl_client.cpp:(.text+0x355): undefined reference to `SSL_connect'
/usr/bin/ld: ssl_client.cpp:(.text+0x369): undefined reference to `SSL_get_error'
/usr/bin/ld: /tmp/ccA1Fl3A.o: in function `init_ssl_ctx()':
ssl_client.cpp:(.text+0x3e1): undefined reference to `TLS_client_method'
/usr/bin/ld: ssl_client.cpp:(.text+0x3e9): undefined reference to `SSL_CTX_new'
/usr/bin/ld: ssl_client.cpp:(.text+0x435): undefined reference to `SSL_CTX_set_options'
/usr/bin/ld: ssl_client.cpp:(.text+0x450): undefined reference to `SSL_CTX_ctrl'
/usr/bin/ld: ssl_client.cpp:(.text+0x461): undefined reference to `SSL_CTX_set_options'
/usr/bin/ld: ssl_client.cpp:(.text+0x472): undefined reference to `SSL_CTX_set_num_tickets'
/usr/bin/ld: ssl_client.cpp:(.text+0x48d): undefined reference to `SSL_CTX_ctrl'
/usr/bin/ld: ssl_client.cpp:(.text+0x4b4): undefined reference to `SSL_CTX_set_alpn_protos'
/usr/bin/ld: ssl_client.cpp:(.text+0x4d5): undefined reference to `SSL_CTX_free'
/usr/bin/ld: ssl_client.cpp:(.text+0x4f2): undefined reference to `SSL_CTX_set_cipher_list'
/usr/bin/ld: ssl_client.cpp:(.text+0x514): undefined reference to `SSL_CTX_free'
/usr/bin/ld: ssl_client.cpp:(.text+0x541): undefined reference to `SSL_CTX_load_verify_locations'
/usr/bin/ld: ssl_client.cpp:(.text+0x563): undefined reference to `SSL_CTX_free'
/usr/bin/ld: ssl_client.cpp:(.text+0x58b): undefined reference to `SSL_CTX_use_certificate_chain_file'
/usr/bin/ld: ssl_client.cpp:(.text+0x5ad): undefined reference to `SSL_CTX_free'
/usr/bin/ld: ssl_client.cpp:(.text+0x5cc): undefined reference to `SSL_CTX_use_PrivateKey_file'
/usr/bin/ld: ssl_client.cpp:(.text+0x5ee): undefined reference to `SSL_CTX_free'
/usr/bin/ld: ssl_client.cpp:(.text+0x601): undefined reference to `SSL_CTX_check_private_key'
/usr/bin/ld: ssl_client.cpp:(.text+0x623): undefined reference to `SSL_CTX_free'
collect2: error: ld returned 1 exit status

Не уверены, что я пропустил? Оцените ваши предложения.

1 Ответ

0 голосов
/ 07 мая 2020

-lssl -lcrypto должно быть последним в команде

g++ -o ssl_client ssl_client.cpp -lssl -lcrypto
Добро пожаловать на сайт PullRequest, где вы можете задавать вопросы и получать ответы от других членов сообщества.
...