您好SSL套接字向导，

我正在尝试在Java服务器和C ++中的应用程序之间实现SSL套接字。我正在寻求帮助来解决以下问题，其中C ++服务器在第一次交互后关闭连接。

流程是这样的：在单个ssl连接中，从Java服务器发送request1->从C ++应用程序接收成功->从Java服务器发送request2->从C ++服务器接收最终响应

工作原理：


初始握手
从Java服务器发送request1
从C ++服务器获得成功


失败在哪里：从Java服务器发送request2

例外是什么：不确定，但是C ++服务器正在关闭连接。这是Java服务器中的异常快照。

java.net.SocketException: Connection closed by remote host
    at sun.security.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1490)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1335)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)

-Djavax.net.ssl.trustStore=/usr/java/jdk1.7.0_25/jre/lib/security/cacerts
-Djavax.net.ssl.trustStorePassword=<store Password>
-Dhttps.protocols=SSLv3
-Dcom.sun.net.ssl.rsaPreMasterSecretFix=true
-Dcom.sun.net.ssl.enableECC=false
-Djsse.enableSNIExtension=false -Djavax.net.debug=all

import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.net.SocketException;

import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;

try {
    SSLSocket socket= (SSLSocket) SSLSocketFactory.getDefault().createSocket(hostname, port)
    DataOutputStream outStream = new DataOutputStream(socket.getOutputStream());
    outStream.write(request1.bytes, 0, request.length);
    DataInputStream in = new DataInputStream(socket.getInputStream());
    response = new byte[1024];
    int bytesRead;

    while ((bytesRead = in.read(response)) > 0) {
    // do nothing
    }

    if (response == success) {
        // trying to re-negotiate the connection
        socket.startHandshake();
        outStream.write(request2);
        response = new byte[1024];
        int bytesRead;

        while ((bytesRead = in.read(final_response)) > 0) {
        // do nothing
        }
    }
} catch (exception e) {
  //Handle exception
}

Protocol  : SSLv3
Cipher    : AES256-SHA
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE

int MyClass::show(SSL* ssl)
{   X509 *cert;
    char *line;
    if(ssl == NULL)
    {
        cerr << "Invalid input " << endl ;
        return -1 ;
    }

    cert = SSL_get_peer_certificate(ssl);       /* Get certificates (if available) */
    if ( cert != NULL )
    {
        cerr << "Server certificates:" << endl ;
        line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
        if(line != NULL)
        {
    cerr << "Subject : " <<  line << endl ;
    free(line);
    line = NULL ;
        }
        line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
        if(line != NULL)
        {
    cerr << "Issuer : " << line << endl ;
    free(line);
    line = NULL ;
        }
        X509_free(cert);
    }
    else
    {
        cerr << "No Certificate" << endl ;
    }
    return 0 ;
}

SSL *MyClass::setupSession(SSL_CTX *ctx, int fd, int inc)
{
    if(fd == -1 || ctx == NULL)
    {
        cerr << "Invalid argument " << endl ;
        return NULL ;
    }
    SSL *ssl = SSL_new(ctx) ;
    if(ssl == NULL)
    {
        cerr << "Unable to create session! SSL_new() - failed!" << endl ;
        return NULL ;
    }
    SSL_set_fd(ssl, fd) ;
    show(ssl) ;
    if(SSL_accept(ssl) == -1)
    {
        cerr << "Accept Failed!" << endl ;
        SSL_shutdown(ssl) ;
        SSL_free(ssl) ;
        return NULL ;
    }
    return ssl ;

}


SSL *MyClass::handleConnection(SSL_CTX *ctx, int fd,int inc)
{

    memset(request1 buffer);
    memset(request2 buffer);
    SSL *ssl = setupSession(ctx, fd, inc) ;
    if(ssl == NULL)
    {
        cerr << "Unable to establish session" << endl ;
        uclose(fd) ;
        SSL_CTX_free(ctx) ;
        return -1 ;
    }

    if( uisreadable(fd, 5000) > 0 && (readb = SSL_read(ssl, message, 200)) > 0)
    {
        cerr << "Read : " << readb << " Bytes" << endl ;
        ss << message;
        request1Size = readb ;
        cerr << "request1:: " << message << endl ;
    } else {
        memset(buf,0x00,sizeof(buf)) ;
        SSL_write(ssl, failure, strlen(failure)) ;
        SSL_shutdown(ssl) ;
        SSL_free(ssl) ;
        uclose(fd) ;
        exit(EXIT_SUCCESS) ;
    }
    cerr << "Writing : response" << success << endl ;
    nbytes =    SSL_write(ssl, success, strlen(success)) ;
    cerr << "Wrote " << nbytes << endl ;
    if(nbytes <= 0)
    {
        ERR_print_errors_fp(stderr) ;
        SSL_shutdown(ssl) ;
        SSL_free(ssl) ;
        uclose(fd) ;
        exit(EXIT_SUCCESS) ;
    }
    util::hex2byte(message, request1, request1Size) ;
    util::hexprint(request1,request1Size) ;
    int total = 0 ;
    while( total <= request2_max_size && uisreadable(fd, 2000) > 0 && (readb = SSL_read(ssl, buf, sizeof(buf))) > 0)
    {
        cerr << "Read : " << readb << " Bytes" << endl ;
        memcpy(request2+total, buf, readb) ;
        total += readb ;
    }

    ....
    do some processing
    ....
    nbytes = SSL_write(ssl, final_response, final_response_size) ;
    cerr << "Generated Size: " << final_response_size << endl;
    cerr << "Write Size: " << nbytes << endl ;

    if(nbytes <= 0)
    {
        ERR_print_errors_fp(stderr) ;
    }
    SSL_shutdown(ssl) ;
    SSL_free(ssl) ;
    uclose(fd) ;
    exit(EXIT_SUCCESS) ;
}


// utility functions
int uisreadable(int fd, int ms)
{
    USOCK_VERIFY(fd,-1) ;
    fd_set recvfds ;
    FD_ZERO(&recvfds) ;
    FD_SET(fd, &recvfds) ;
    struct timeval to = { ms/1000, 1000000 * ((int)ms%1000) } ;
    int ret = select(1+fd, &recvfds,0,0,(ms > 0 ? &to : NULL) ) ;
    return ret ;
}
int uiswritable(int fd, int ms)
{
    USOCK_VERIFY(fd,-1) ;
    fd_set wrfds ;
    FD_ZERO(&wrfds) ;
    FD_SET(fd, &wrfds) ;
    struct timeval to = { ms/1000, 1000000 * ((int)ms%1000) } ;
    return select(1+fd, 0,&wrfds,0,(ms > 0 ? &to : NULL) ) ;
}

好的，我通过使用单个方法调用重新编写JNI中的所有内容并将C服务器业务逻辑作为库加载来解决了此问题。

这样，我可以减少很多开销，并且现在更快，更轻松了。