Hello evrybody,
My SSL client is write for ssleay 0.9.0c, and I try to use my ssl
client with openssl 0.9.5a. The compilation and the link are made
successfully but when I want get a page from the radisson web site
(www.radisson.com) I get the following message:
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:error in SSLv3 write client key exchange A
Connect error
but, when I use ssleay 0.9.0c library, I get the page.
Question:
1. What have functions change between ssleay 0.9.0c and openssl
0.9.5a ?
2. Am I forgot something ?
I appreciate any help that you can give me on this.
Nicolas Delahaye
Software Engineer
www.imediation.com
[EMAIL PROTECTED]
My function that does not work with openssl 0.9.5a but work with
ssleay 0.9.0c:
int imssl_client(int s, char* header, char* answer)
{
int off=0;
SSL *ssl=NULL;
SSL_CTX *ctx=NULL;
int ret=1;
int prexit = 0;
SSL_METHOD *meth=NULL;
int status=0;
printf("**************************************************************
****\n");
printf("*** Start Ssl Client
***\n");
printf("**************************************************************
****\n");
printf("-- Start Init
-----------------------------------------------\n");
meth=SSLv3_client_method();
printf("------ End SSLv3_client_method()\n");
c_quiet=0;
/*if i use ssleay i need put SSLeay_add_ssl_algorithms()*/
OpenSSL_add_ssl_algorithms();
printf("------ End OpenSSL_add_ssl_algorithms();\n");
/* Load all errors string used by the SSL lib */
SSL_load_error_strings();
printf("------ End SSL_load_error_strings();\n");
/* New SSL context */
ctx=SSL_CTX_new(meth);
if (ctx == NULL)
{
printf("Context null\n");
goto end;
}
printf("------ End SSL_CTX_new();\n");
/* Put all options because all options use some workarround
(SSLeay is bugged -- I don't think it --)!*/
SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
printf("------ End SSL_CTX_set_options();\n");
SSL_CTX_set_info_callback(ctx,ssl_info_callback);
/* Push the verify certificate function in the ssl context */
/* SSL_CTX_set_verify(ctx,verify,verify_callback);
if (!set_cert_stuff(ctx,cert_file,key_file))
goto end;
printf("------ End SSL_CTX_set_verify();\n");
*/
/* Create a SSL structure from the ssl context*/
ssl=SSL_new(ctx);
printf("------ End SSL_new();\n");
printf("-- End Init
-------------------------------------------------\n");
if( SSL_set_fd(ssl, s) != 1)
{
/* error */
printf( "SSL_set_fd\n");
if(ssl)
{
SSL_free( ssl );
}
if(ctx)
{
SSL_CTX_free(ctx);
ctx = NULL;
}
ret= -1;
goto end;
}
printf("-- Start Connect
-------------------------------------------------\n");
if (SSL_connect(ssl)<= 0 )
{
printf("Connect error\n");
ret= -1;
goto end;
}
if ( SSL_get_peer_certificate( (SSL *) ssl )==NULL)
{
printf("Get Certificate error\n");
ret= -1;
goto end;
}
if(!SSL_in_init(ssl))
{
status = SSL_write(ssl, header, strlen(header));
}
if(status == 0)
{
/* Read the answer */
status = SSL_read(ssl, answer, BUFSIZZ);
}
else
{
ret= -1;
goto end;
}
ret = status;
SSL_shutdown(ssl);
SHUTDOWN(SSL_get_fd(ssl));
ret=0;
end:
if(prexit) print_stuff(NULL,ssl,1);
if (ssl != NULL) SSL_free(ssl);
if (ctx != NULL) SSL_CTX_free(ctx);
return (ret);
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
