Hi.
I must say I mostly guess how it should look like, so I hope you'll
correct me if I'm wrong (so that I can fix my programs :)
1) init ssl:
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
SSLv3_client_method();
SSL_CTX_new();
2) set it up
SSL_CTX_sess_set_cache_size(...); // not neccessary
SSL_CTX_set_options(blah, ...); // not neccessary
SSL_CTX_use_certificate_file(...);
SSL_CTX_use_PrivateKey_file(...);
3) set up verification
SSL_CTX_set_verify(...);
SSL_CTX_load_verify_locations(...);
SSL_CTX_set_default_verify_paths(...);
SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
// I'm not really sure what the command above does any more :)
3a) write your verify callback (this may be optional step but I always
do that)
4) now you can happily start listening:
socket, bind, listen
5) accept a connection:
accept
SSL_set_accept_state();
and in read loop:
if (!SSL_is_init_finished(con))
{
if ((i=SSL_accept(con)) <= 0)
{
if (BIO_sock_should_retry(i))
{
// retry
}
else
{
// fail
}
}
}
// okay, now you can...
SSL_read(...); SSL_write(...);
6) close the connection
This one is tough for me:
SSL_shutdown(con);
shutdown(SSL_get_fd(con), 2);
close(SSL_get_fd(con));
// is it correct? or am I screwing something up?
Hope it helps. I think you're doing mostly the same, but I cannot find
any SSLeay_add_ssl_algorithms() among your functions.
Any comments are welcome and I thank for them in advance.
Jan
Sean O'Dell wrote:
>Can anyone give me the basic steps to writing a listen server using OpenSSL?
>I've already got a listen server working without SSL, and I've been able to
>get OpenSSL to connect and talk to a secure http server (as a test), so I
>surely must be close. Here are the basic steps I'm taking now (it fails at
>SSL_accept):
>
>CreateSocket
>Listen
>Accept
>SSLv2_server_method
>SSL_load_error_strings
>ERR_load_ERR_strings
>SSL_CTX_new
>SSL_new
>SSL_CTX_set_default_passwd_cb
>SSL_CTX_set_default_passwd_cb_userdata
>SSL_CTX_use_certificate_file
>SSL_CTX_use_PrivateKey_file
>SSL_get_certificate
>EVP_PKEY_copy_parameters
>SSL_set_accept_state
>SSL_set_fd
>SSL_accept
>
> -Sean
>
>---
>Celtech Software Making advanced software easy and fun to use
> www.celsoft.com [EMAIL PROTECTED]
> 818-347-2875
>
--
Jan Fedak talk:[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
Linux - the ultimate NT Service Pack.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
