问题
After the appropriate initializations, here's an infinite loop to service incoming HTTPS requests, but only one connection per request (and assuming requests need only one read):
while TRUE do
begin // wait for incoming TCP connection
if listen(listen_socket, 100) 0 then continue; // listen failed
client_len := SizeOf(sa_cli);
sock := accept(listen_socket, @sa_cli, @client_len); // create socket for connection
if sock = INVALID_SOCKET then continue; // accept failed
ssl := SSL_new(ctx); // TCP connection ready, create ssl structure
if assigned(ssl) then
begin
SSL_set_fd(ssl, sock); // assign socket to ssl structure
if SSL_accept(ssl) = 1 then // handshake worked
begin
bytesin := SSL_read(ssl, buffer, sizeof(buffer)-1);
if bytesin > 0 then
begin
buffer[bytesin] := #0;
// decide on response here...
response := 'HTTP/1.0 200 OK'#13#10 + etc;
SSL_write(ssl, pchar(response)^, length(response));
end; // else read empty or failed
end; // else handshake failed
SSL_set_shutdown(ssl, SSL_SENT_SHUTDOWN or SSL_RECEIVED_SHUTDOWN);
CloseSocket(sock);
SSL_free(ssl);
end; // else ssl creation failed
end; // while
Is changing
if ssl_accept(ssl) = 1 then
to
while ssl_accept(ssl) = 1 do
all that's needed to correctly support default HTTP 1.1 keep-alive (ie, multiple requests per connection)?
回答1:
No. ssl_new()
and ssl_accept()
should be called only once per connection. Once a connection and negotiated an SSL session, there is no need to do it again. HTTP keep-alives are designed to avoid having to reconnect on each request. You need to loop your calls to ssl_read()
and SSL_write() instead.
Also, don't forget to check the client's HTTP version. HTTP 1.1 clients are expected to support keep-alives by default without having to ask for them. HTTP 1.0 and earlier clients have to explicitly include a 'Connection: keep-alive' request header instead. Either way, the server needs to send a 'Connection: close' or 'Connection: keep-alive' response header to inform the client whether the connection is being closed or is being kept open, respectively.
Basically, you need to implement this kind of model (pseudo-code):
while True do
begin
accept an incoming connection...
initialize SSL...
repeat
read a request...
if not Connected then Break;
KeepAlive := ((client is HTTP1.1+) and (request['Connection'] = '')) or (request['Connection'] = 'keep-alive');
prepare reply...
response['Connection'] := iif(KeepAlive, 'keep-alive', 'close');
send reply...
while KeepAlive and Connected;
cleanup SSL...
close socket...
end;
来源:https://stackoverflow.com/questions/6612599/does-changing-this-one-line-implement-persistent-keep-alive-connections