Hi All,
I have a Win program that communicates securely with one of our servers. We
are still running SSLeay-0.8.1. (Don't touch something when it works, unless
you must). We want to support PKCS#12 files in our client and I had to
upgrade to OpenSSL-0.9.3.a (the server guys are also in the process). So
currently I want to make a SSLv3 connection (TLS disabled) to the server.
The SSL output indicate that the client did not provide a certificate and
closes the connection (server is set to verify). This sonnection did work
when I was still using 0.8.1.
Any suggestions?
Thanks
Leon
Here is some code
// CTX
ctx = SSL_CTX_new(SSLv23_method());
// This is newly added to disble TLSv1 (not in 0.8.1 code)
SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_TLSv1);
SSL_CTX_set_timeout(ctx, CTX_TIMEOUT);
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_BOTH);
SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
SSL_CTX_set_verify(ctx, SSL_VERIFY_CLIENT_ONCE | SSL_VERIFY_PEER,
verify_callback);
SSL_CTX_load_verify_locations(ctx, NULL, CaPath);
SSL_CTX_set_default_verify_paths(ctx);
// SLL
ssl = SSL_new(ctx);
SSL_set_connect_state(lpLink->ssl);
SSL_set_fd(ssl, Socket); // ..give socket to ssl
SSL_CTX_use_certificate(ctx, X509_dup(gPubCert));
SSL_CTX_use_RSAPrivateKey(ctx, RSAPrivateKey_dup(gRsaKey));
n = SSL_connect(ssl);
:
:
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
