hello!

Ive written some code that must function both as client and server. The
server part works fine, since the server is also a webserver ive
verified that the serverpart is able to verify a client by importing a
cert into Navigotor and using Navigator to connect to the server. Now I
want the server to contact another instance of the same server (on
another machine). The context I use is created by NET_ssl_ctx_new
(somewhat edited below for readability). NET_vp_ssl_connect is supposed
to return a BIO so that I can write stuff to the server e.g. command for
changing how the server behaves. No errors are thrown, but when I try to
use the BIO returned by NET_vp_ssl_connect it throws an error.

I am wondering do I need to do something else? I have browsed the
s_client.c code but found no clues on what I do wrongly.

SSL_CTX *
NET_ssl_ctx_new(SCR_ctx *scr_ctx) {
  unsigned char *sid_ctx;
  SSL_CTX *ssl_ctx;
  
  SSL_load_error_strings();
  SSL_library_init();
  
  ssl_ctx = SSL_CTX_new(SSLv23_server_method());
  SSL_CTX_load_verify_locations(ssl_ctx, scr_ctx->cafile,
                                      scr_ctx->capath);

  SSL_CTX_use_certificate_file(ssl_ctx, scr_ctx->certfile,
SSL_FILETYPE_PEM);
  SSL_CTX_use_PrivateKey_file(ssl_ctx, scr_ctx->keyfile,
SSL_FILETYPE_PEM);

  SSL_CTX_set_session_id_context(ssl_ctx, (void*)&sid_ctx, 
                                      (unsigned int)sizeof(sid_ctx));
  SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, NULL);
  
  scr_ctx->ssl_ctx = ssl_ctx;
  return ssl_ctx;
}

BIO *
NET_vp_ssl_connect(char *host, unsigned short port, SCR_ctx *scr_ctx)
{
  int fd;
  struct hostent *srv;
  struct sockaddr_in addr;
  SSL *ssl = 0;
  BIO *ssl_bio;

  if ((srv = gethostbyname(host)) == 0) {
    goto NET_vp_ssl_connect_FATAL_ERROR;
  }

  if ((fd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
    goto NET_vp_ssl_connect_FATAL_ERROR;
  }
  addr.sin_family = AF_INET;
  addr.sin_port = htons(port);
  memcpy(&addr.sin_addr.s_addr, srv->h_addr_list[0], 4);

  if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
    goto NET_vp_ssl_connect_FATAL_ERROR;
  }
  if ((ssl = SSL_new(scr_ctx->ssl_ctx)) == NULL) {
    goto NET_vp_ssl_connect_FATAL_ERROR;
  }
  if (SSL_set_fd(ssl, fd) == -1) {
    goto NET_vp_ssl_connect_FATAL_ERROR;
  }
  if (SSL_connect(ssl) == -1) {
    goto NET_vp_ssl_connect_FATAL_ERROR;    
  }

  if ((ssl_bio = BIO_new(BIO_f_ssl())) == NULL) {
    goto NET_vp_ssl_connect_FATAL_ERROR;
  }
  BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE);
  return ssl_bio;

NET_vp_ssl_connect_FATAL_ERROR:
  if (ssl_bio != NULL) { BIO_free(ssl_bio); }
  if (ssl != 0) { SSL_free(ssl); }
  if (fd != -1) { close(fd); }
  return NULL;
}
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to