有關TLS socket error -452:SL_ESECCLOSED
TI 您好:
我最近用CC3200為client建立了一個TLS socket的連線,
下面是我建立連線的code
-----------------------------------------------------------------------------------------------
long lRetVal = -1;
SlSockAddrIn_t sLocalAddr;
//filling the TCP server socket address
sLocalAddr.sin_family = SL_AF_INET;
sLocalAddr.sin_port = sl_Htons((unsigned short)WEB_PORT);
SlDateTime_t dateTime = {0};
_i8 configLen = sizeof(SlDateTime_t);
_i8 configOpt = SL_DEVICE_GENERAL_CONFIGURATION_DATE_TIME;
char method = SL_SO_SEC_METHOD_TLSV1_2;
long cipher = SL_SEC_MASK_TLS_RSA_WITH_AES_256_CBC_SHA;
SlSockSecureFiles_t SecureFiles;
SecureFiles.secureFiles[0] = 0; // mapping private key, 0 file not exist
SecureFiles.secureFiles[1] = 0; // mapping certificate, 0 file not exist
SecureFiles.secureFiles[2] = 0; /*129*/// mapping CA, 0 file not exist
SecureFiles.secureFiles[3] = 0; // mapping certificate, 0 file not exist
int iAddrSize;
unsigned int uiIP;
dateTime.sl_tm_day = DATE;
dateTime.sl_tm_mon = MONTH;
dateTime.sl_tm_year = YEAR;
dateTime.sl_tm_hour = HOUR;
dateTime.sl_tm_min = MINUTE;
dateTime.sl_tm_sec = SECOND;
// Set time for CA
lRetVal = sl_DevSet(SL_DEVICE_GENERAL_CONFIGURATION,
SL_DEVICE_GENERAL_CONFIGURATION_DATE_TIME,
sizeof(SlDateTime_t),
(_u8 *)(&dateTime));
if ( lRetVal < 0 )
{
//error
Message("Set time fail \n\r");
return NPI_LNX_FAILURE;
}
// Create secure socket
sNPIlisten = sl_Socket(SL_AF_INET,SL_SOCK_STREAM, SL_SEC_SOCKET);
if( sNPIlisten < 0 )
{
// error
Message("Create Socket fail \n\r");
return NPI_LNX_FAILURE;
}
// Force specific method
lRetVal = sl_SetSockOpt(sNPIlisten, SL_SOL_SOCKET, SL_SO_SECMETHOD, &method, sizeof(method));
if ( lRetVal < 0 )
{
//error
Message("Set method fail \n\r");
return NPI_LNX_FAILURE;
}
// // Force specific cipher (optional)
lRetVal = sl_SetSockOpt(sNPIlisten, SL_SOL_SOCKET, SL_SO_SECURE_MASK, &cipher, sizeof(cipher));
if ( lRetVal < 0 )
{
//error
Message("Set cipher fail \n\r");
return NPI_LNX_FAILURE;
}
// Mapping the TLS/SSL Files/Variables
lRetVal = sl_SetSockOpt(sNPIlisten, SL_SOL_SOCKET, SL_SO_SECURE_FILES, & SecureFiles, sizeof(SecureFiles));
//lRetVal = sl_SetSockOpt(sNPIlisten, SL_SOL_SOCKET, SL_SO_SECURE_FILES_CA_FILE_NAME, SL_SSL_CA_CERT, strlen(SL_SSL_CA_CERT));
if ( lRetVal < 0 )
{
//error
Message("Set TLS/SSL Files fail \n\r");
return NPI_LNX_FAILURE;
}
//Get IP by DNS
// lRetVal = sl_NetAppDnsGetHostByName(g_dnsWeb, strlen((const char *)g_dnsWeb), (unsigned long*)&uiIP, SL_AF_INET);
// if ( lRetVal < 0 )
// {
// //error
// Message("Get IP fail \n\r");
// return NPI_LNX_FAILURE;
// }
// avoid "Address already in use" error message
uiIP = (int)WEB_ID;
sLocalAddr.sin_addr.s_addr = sl_Htonl(uiIP);
iAddrSize = sizeof(SlSockAddrIn_t);
Message("C0");
RELEASE_PRINT("\n\ Connect to IP address [%d.%d.%d.%d] in the browser \n\r",
SL_IPV4_BYTE(sLocalAddr.sin_addr.s_addr,3),SL_IPV4_BYTE(sLocalAddr.sin_addr.s_addr,2),
SL_IPV4_BYTE(sLocalAddr.sin_addr.s_addr,1),SL_IPV4_BYTE(sLocalAddr.sin_addr.s_addr,0));
lRetVal = connect(sNPIlisten, (SlSockAddr_t *)&sLocalAddr, iAddrSize);
-------------------------------------------------------------------------------------------------------------------------------------
Server的部分設定Connection timeout 86400秒.
可以成功連線上去(有warning :SL_ESECSNOVERIFY (-453) /* Connected without server verification */)
且可以正常send與recv。
但是靜置240秒後,recv會收到error -452 : SL_ESECCLOSED的錯誤訊息。
若是一直發訊息則不會出現。
想請問
1. SL_ESECCLOSED ->secure layrer is closed by other size , tcp is still connected 是甚麼意思?
2. 如何讓TLS一直保持連線,不會因為靜置而斷掉?
有人知道原因嗎??
这个是不是你的服务器会有一个timeout, 如果你长时间没有数据交互,它就会把你断掉?
因為Server不是自己用的,但對方說"Server的部分設定Connection timeout 86400秒."
所以我才覺得是不是CC3200中除了5分鐘的keep alive外還有其他可能會中斷socket連線的設定.
所以CC3200中除了5分鐘的keep alive外還有其他的中斷連線設定嗎?