I'm developing a client that talks to a Netscape server using a Thawte
cert. I have the Thawte root cert, and upon connecting to the server, I
need to verify the cert. The s_client example seems much too involved.
Here is what I have so far, any help would be appreciated.:
...
int secure_socket = 0;
int bytes_read = 0;
int bytesSent = 0;
int totalRead = 0;
char *cert = NULL;
char buffer[MAX_MESSAGE_LENGTH] = "\0";
char thawte_cert_file = "thawte.pem";
SSL_CTX* ctx = NULL;
SSL_METHOD *meth = NULL ;
SSL* ssl = NULL;
X509* server_cert = NULL;
/* initialize the receive buffer. */
incoming[0] = '\0';
SSLeay_add_ssl_algorithms();
meth = SSLv2_client_method();
ctx = SSL_CTX_new( meth );
secure_socket = connect_to_host_on_port( remote_host, remote_port );
/* don't continue if we can't connect to server. */
if( secure_socket == 0 )
{
log_error( "cannot make SSL connection to remote machine: %s:%d,
aborting.", remote_host, remote_port );
return -1;
}
/* ----------------------------------------------- */
/* Now we have TCP conncetion. Start SSL negotiation. */
ssl = SSL_new( ctx );
SSL_set_fd( ssl, secure_socket );
SSL_connect( ssl );
server_cert = SSL_get_peer_certificate( ssl );
cert = X509_NAME_oneline( X509_get_subject_name( server_cert ),0,0 );
DEBUG( "\t subject: %s\n", cert );
Free( cert );
cert = X509_NAME_oneline( X509_get_issuer_name ( server_cert ),0,0 );
DEBUG("\t issuer: %s\n", cert );
Free( cert );
/**********************************************/
/* CERTIFICATE VERIFICATION. ??? ? ? ? ? ?? */
/**********************************************/
X509_free( server_cert );
/* WRITE REQUEST GOES HERE. */
/* READ RESPONSE GOES HERE. */
/* Clean up. */
SSL_shutdown( ssl );
close_socket( secure_socket );
SSL_free( ssl );
SSL_CTX_free( ctx );
/* END SSL STUFF */
--
| Brian Wotring ( [EMAIL PROTECTED] )
| Fort Nocs, Inc.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
