hello!
Ive written some code that must function both as client and server. The
server part works fine, since the server is also a webserver ive
verified that the serverpart is able to verify a client by importing a
cert into Navigotor and using Navigator to connect to the server. Now I
want the server to contact another instance of the same server (on
another machine). The context I use is created by NET_ssl_ctx_new
(somewhat edited below for readability). NET_vp_ssl_connect is supposed
to return a BIO so that I can write stuff to the server e.g. command for
changing how the server behaves. No errors are thrown, but when I try to
use the BIO returned by NET_vp_ssl_connect it throws an error.
I am wondering do I need to do something else? I have browsed the
s_client.c code but found no clues on what I do wrongly.
SSL_CTX *
NET_ssl_ctx_new(SCR_ctx *scr_ctx) {
unsigned char *sid_ctx;
SSL_CTX *ssl_ctx;
SSL_load_error_strings();
SSL_library_init();
ssl_ctx = SSL_CTX_new(SSLv23_server_method());
SSL_CTX_load_verify_locations(ssl_ctx, scr_ctx->cafile,
scr_ctx->capath);
SSL_CTX_use_certificate_file(ssl_ctx, scr_ctx->certfile,
SSL_FILETYPE_PEM);
SSL_CTX_use_PrivateKey_file(ssl_ctx, scr_ctx->keyfile,
SSL_FILETYPE_PEM);
SSL_CTX_set_session_id_context(ssl_ctx, (void*)&sid_ctx,
(unsigned int)sizeof(sid_ctx));
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, NULL);
scr_ctx->ssl_ctx = ssl_ctx;
return ssl_ctx;
}
BIO *
NET_vp_ssl_connect(char *host, unsigned short port, ��SCR_ctx *scr_ctx)
{
int fd;
struct hostent *srv;
struct sockaddr_in addr;
SSL *ssl = 0;
BIO *ssl_bio;
if ((srv = gethostbyname(host)) == 0) {
goto NET_vp_ssl_connect_FATAL_ERROR;
}
if ((fd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
goto NET_vp_ssl_connect_FATAL_ERROR;
}
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
memcpy(&addr.sin_addr.s_addr, srv->h_addr_list[0], 4);
if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
goto NET_vp_ssl_connect_FATAL_ERROR;
}
if ((ssl = SSL_new(scr_ctx->ssl_ctx)) == NULL) {
goto NET_vp_ssl_connect_FATAL_ERROR;
}
if (SSL_set_fd(ssl, fd) == -1) {
goto NET_vp_ssl_connect_FATAL_ERROR;
}
if (SSL_connect(ssl) == -1) {
goto NET_vp_ssl_connect_FATAL_ERROR;
}
if ((ssl_bio = BIO_new(BIO_f_ssl())) == NULL) {
goto NET_vp_ssl_connect_FATAL_ERROR;
}
BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE);
return ssl_bio;
NET_vp_ssl_connect_FATAL_ERROR:
if (ssl_bio != NULL) { BIO_free(ssl_bio); }
if (ssl != 0) { SSL_free(ssl); }
if (fd != -1) { close(fd); }
return NULL;
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
