i'm implementing a simple client server message program with ssl on windows
98 using Visual C++ 6.0. Although I can compiled the openssl-0.9.4 without
any error under a VC workspace, I encounter errors when i test it with
test.bat in the ms directory. when i do the test, i'm in out32dll directory.
By the way, After i compile openssl, I go to demos directory, copy cli.cpp
and serv.cpp to my new two VC workspaces and make a little change in the
code to make it compile under windows that use winsock 1.1. I also copy
"server.pem" from demoCA to my workspace.
I got an error around ssl_connect/ssl_accept line. this is my code.
Do i miss any step?
I have no idea about it!!!
//------------client--------------//
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
SSLeay_add_all_algorithms();
meth = SSLv2_client_method();
ctx = SSL_CTX_new (meth);
/* ----------------------------------------------- */
/* Create a socket and connect to server using normal socket calls. */
if ((sd = socket(AF_INET,SOCK_STREAM,0))<0)
AfxMessageBox("Socket Error");
memset((char *) &sa, 0, sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_port = htons(6669);
sa.sin_addr.S_un.S_addr = inet_addr("127.0.0.1");
err = connect(sd, (struct sockaddr*) &sa,
sizeof(sa)); CHK_ERR(err, "connect");
/* ----------------------------------------------- */
/* Now we have TCP conncetion. Start SSL negotiation. */
ssl = SSL_new (ctx); CHK_NULL(ssl);
SSL_set_fd (ssl, sd);
err = SSL_connect(ssl); // <<<<<< Error here <<<<<<<//
CHK_SSL(err);
/* Following two steps are optional and not required for
data exchange to be successful. */
/* Get the cipher - opt */
sprintf (tmp,"SSL connection using %s\n", SSL_get_cipher (ssl));
AfxMessageBox(tmp);
/* Get server's certificate (note: beware of dynamic allocation) - opt */
server_cert = SSL_get_peer_certificate (ssl); CHK_NULL(server_cert);
sprintf (tmp,"Server certificate:\n");
AfxMessageBox(tmp);
str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0);
CHK_NULL(str);
sprintf (tmp,"\t subject: %s\n", str);
AfxMessageBox(tmp);
Free (str);
str = X509_NAME_oneline (X509_get_issuer_name (server_cert),0,0);
CHK_NULL(str);
sprintf (tmp,"\t issuer: %s\n", str);
AfxMessageBox(tmp);
Free (str);
/* We could do all sorts of certificate verification stuff here before
deallocating the certificate. */
X509_free (server_cert);
/* --------------------------------------------------- */
/* DATA EXCHANGE - Send a message and receive a reply. */
err = SSL_write (ssl, "Hello World!", strlen("Hello World!"));
CHK_SSL(err);
err = SSL_read (ssl, buf, sizeof(buf) - 1);
CHK_SSL(err);
buf[err] = '\0';
sprintf (tmp,"Got %d chars:'%s'\n", err, buf);
AfxMessageBox(tmp);
SSL_shutdown (ssl); /* send SSL/TLS close_notify */
/* Clean up. */
closesocket (sd);
SSL_free (ssl);
SSL_CTX_free (ctx);
// Server..
CRYPTO_malloc_init();
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
SSLeay_add_all_algorithms();
meth= SSLv23_server_method();
ctx = SSL_CTX_new(meth);
if (SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM)<=0)
{
exit(3);
}
if (SSL_CTX_use_RSAPrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM)<=0)
{
exit(4);
}
if (!SSL_CTX_check_private_key(ctx))
{
fprintf(stderr,"Private key does not match the certificate public key\n");
exit(5);
}
if ((sock_listen = socket(AF_INET,SOCK_STREAM,0))<0)
{
AfxMessageBox("Unable to create socket.");
}
//---- Set Address Structure
memset((char *)&addr_Srv,0,sizeof(addr_Srv));
addr_Srv.sin_family = AF_INET;
addr_Srv.sin_addr.S_un.S_addr = htons(INADDR_ANY);
addr_Srv.sin_port = htons(6669);
//--- Bind Socket to Port OTPPORT
if (bind(sock_listen,(sockaddr*)&addr_Srv,sizeof(addr_Srv)) <0)
{
AfxMessageBox("Error: bind() failed.");
closesocket(sock_listen);
}
memset(&addr_Cli,0,sizeof(addr_Cli));
clilen = sizeof(addr_Cli);
/* Listening for 1 connection */
if(listen(sock_listen,5)==SOCKET_ERROR)
AfxMessageBox("Listen Error");
sd=accept(sock_listen,(sockaddr*)&addr_Cli,&clilen);
if (sd==SOCKET_ERROR)
{
AfxMessageBox("socket accept error");
exit(1);
}
closesocket(sock_listen);
sprintf (buf,"Connection from %s, port %d\n",
inet_ntoa(addr_Cli.sin_addr), addr_Cli.sin_port);
AfxMessageBox(buf);
/* ----------------------------------------------- */
/* TCP connection is ready. Do server side SSL. */
AfxMessageBox("Start SSL_new");
ssl = SSL_new (ctx);
CHK_NULL(ssl);
SSL_set_fd (ssl, sd);
err = SSL_accept (ssl);
CHK_SSL(err);
/* Get the cipher - opt */
sprintf (buf,"SSL connection using %s\n", SSL_get_cipher (ssl));
AfxMessageBox(buf);
/* Get client's certificate (note: beware of dynamic allocation) - opt */
client_cert = SSL_get_peer_certificate (ssl);
if (client_cert != NULL) {
AfxMessageBox("Client certificate:");
str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
CHK_NULL(str);
printf ("\t subject: %s\n", str);
Free (str);
str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0);
CHK_NULL(str);
printf ("\t issuer: %s\n", str);
Free (str);
/* We could do all sorts of certificate verification stuff here before
deallocating the certificate. */
X509_free (client_cert);
} else
AfxMessageBox("Client does not have certificate.");
/* DATA EXCHANGE - Receive message and send reply. */
char tmp[255];
err = SSL_read (ssl, buf, sizeof(buf)); //CHK_SSL(err);
buf[err] = '\0';
sprintf (tmp,"Got %d chars:'%s'\n", err, buf);
AfxMessageBox(tmp);
err = SSL_write (ssl, "I hear you.", strlen("I hear you."));
//CHK_SSL(err);
AfxMessageBox("I hear you");
/* Clean up. */
closesocket (sd);
SSL_free (ssl);
SSL_CTX_free (ctx);
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
