|
Hi,
I have just started using OPENSSL-0.9.5a. To begin with I
compiled the files "cli.cpp" and "serv.cpp" from the
"demos/ssl" directory (se below). They looked pretty simple. Maybe
these files are familiar? OK, they compiled without errors but when the client
tries to connect to the server "SSL_connect" returns -1. The client
can read the server certificate, but they cant establish a common cipher and
cant pass any data to each other through the SSL connection. I guess
"SSL_connect" takes care of the whole handshake-and-negotiation-thing
in the background, right? Something is obviously not correct. I was thinking
maybe there is some problem when the servers certificate is being verified at
the client side (this I believe is also done automatically when using
SSL_connect?). I've been trying to get it to work for quite some time now, but
without success.
There is also a file called "s_client.c" under the
"apps" directory. It uses some other functions not used in the
"cli.cpp" and "serv.cpp". Are these files just some sort of
skeletons not supposed to work or what??
The sockets im using with "cli.cpp" and
"serv.cpp" are blocking. Should one use non-blocking instead? There
seem to be a lot of discussions about that.
If would really appreciate if someone who read
this and knew the problem could answer. Im using Win NT4.0 (SP3).
Regards
Allan
client/server code....
*****client******
SSLeay_add_ssl_algorithms();
meth = SSLv2_client_method(); SSL_load_error_strings(); ctx = SSL_CTX_new (meth); create socket here etc..
ssl = SSL_new (ctx);
SSL_set_fd (ssl, sd);
err = SSL_connect(ssl);
printf ("SSL connection using %s\n", SSL_get_cipher
(ssl)); // this one outputs a cipher
printf("\ntrying to get server
cert...\n");
/* this part
works
server_cert = SSL_get_peer_certificate (ssl)
printf ("Server certificate:\n");
str = X509_NAME_oneline (X509_get_subject_name
(server_cert),0,0);
str = X509_NAME_oneline
(X509_get_issuer_name (server_cert),0,0);
printf ("\t issuer: %s\n", str); err = SSL_write (ssl, "hello!" ,
strlen("hello!")); // doesnt work
err = SSL_read (ssl, buf, sizeof(buf) - 1); //doesnt work
printf ("Got %d
chars:'%s'\n", err, buf); //doesnt
work
SSL_shutdown (ssl); ******server*********
SSL_load_error_strings();
SSLeay_add_ssl_algorithms(); meth = SSLv23_server_method();
ctx = SSL_CTX_new (meth); SSL_CTX_use_certificate_file(ctx, CERTF,
SSL_FILETYPE_PEM);
SSL_CTX_use_RSAPrivateKey_file(ctx, KEYF,
SSL_FILETYPE_PEM
SSL_CTX_check_private_key(ctx) // this works fine
create socket etc..
ssl = SSL_new
(ctx);
SSL_set_fd (ssl, sd); err = SSL_accept (ssl); /// accept returns 0 here. OK value i guess printf ("SSL connection using %s\n", SSL_get_cipher (ssl)); ///this outputs NONE err = SSL_read(ssl , buf, sizeof(buf) - 1); // doesnt
work
err = SSL_write (ssl, "I hear you.", strlen("I hear you.")); //Doesnt work |
