Hello everyone:
I want to use openssl to write a communication program,and have complie the
demo programs in \demo\ssl sucessfully on Linux. But when I put almost the
same programs to windows 2000 by VC6.0 ,the client always fail when doing
SSL_connect() ,
(the server part is ok).I have try it for almost a week and can not find the real
problem :-( .I found the openssl s_client command have no problem,but I can not
find the differnce between s_client.c and my program.
I have read lots of documents that I think nessary, I hope somebody can help me
to point out the real problems.
Thanks in advance.
here`s my problem(In fact it`s just the demo program "cli.cpp" in demos\ssl . And
lthe cert and key is OK):
#include <stdio.h>
#include <stdlib.h>
#include <memory.h>
#include <errno.h>
#include <sys/types.h>
#include <winsock2.h>
#include <openssl/rsa.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include "apps.h"
#define CERTF "client.crt"
#define KEYF "client.key"
#define CACERT "ca.crt"
#define PORT 1111
#define SERVER_ADDR "127.0.0.1"
#define CHK_NULL(x) if ((x)==NULL) exit (1)
#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
int main ()
{
int err;
int sd;
struct sockaddr_in sa;
SSL_CTX* ctx;
SSL* ssl;
X509* server_cert;
char* str;
char buf [4096];
SSL_METHOD *meth;
/* BIO *sbio;*/
WSADATA wsaData;
if(WSAStartup(MAKEWORD(2,2),&wsaData) != 0){
printf("WSAStartup()fail:%d\n",GetLastError());
return -1;
}
OpenSSL_add_ssl_algorithms();
SSL_load_error_strings();
meth = SSLv23_client_method();
ctx = SSL_CTX_new (meth);
CHK_NULL(ctx);
SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL);
SSL_CTX_load_verify_locations(ctx,CACERT,NULL);
if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) {
ERR_print_errors_fp(stderr);
exit(3);
}
if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) {
ERR_print_errors_fp(stderr);
exit(4);
}
if (!SSL_CTX_check_private_key(ctx)) {
printf("Private key does not match the certificate public key\n");
exit(5);
}
/* ----------------------------------------------- */
/* Create a socket and connect to server using normal socket calls. */
sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(sd, "socket");
memset (&sa, '\0', sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = inet_addr (SERVER_ADDR); /* Server IP */
sa.sin_port = htons (PORT); /* Server Port number */
err = connect(sd, (struct sockaddr*) &sa,
sizeof(sa));
CHK_ERR(err, "connect");
/* ----------------------------------------------- */
/* Now we have TCP conncetion. Start SSL negotiation. */
ssl = SSL_new (ctx);
CHK_NULL(ssl);
/*What does it mean?*/
sbio=BIO_new_socket(sd,BIO_NOCLOSE);
SSL_set_bio(ssl,sbio,sbio);
SSL_set_connect_state(ssl);
SSL_set_fd (ssl, sd);
err = SSL_connect (ssl);
CHK_SSL(err);
/* Following two steps are optional and not required for
data exchange to be successful. */
/* Get the cipher - opt */
printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
/* Get server's certificate (note: beware of dynamic allocation) - opt */
server_cert = SSL_get_peer_certificate (ssl);
CHK_NULL(server_cert);
printf ("Server certificate:\n");
str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0);
CHK_NULL(str);
printf ("\t subject: %s\n", str);
Free (str);
str = X509_NAME_oneline (X509_get_issuer_name (server_cert),0,0);
CHK_NULL(str);
printf ("\t issuer: %s\n", str);
Free (str);
/* We could do all sorts of certificate verification stuff here before
deallocating the certificate. */
X509_free (server_cert);
/* --------------------------------------------------- */
/* DATA EXCHANGE - Send a message and receive a reply. */
printf("Begin SSL data exchange\n");
err = SSL_write (ssl, "Hello World!", strlen("Hello World!")); CHK_SSL(err);
err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);
buf[err] = '\0';
printf ("Got %d chars:'%s'\n", err, buf);
SSL_shutdown (ssl); /* send SSL/TLS close_notify */
/* Clean up. */
close (sd);
SSL_free (ssl);
SSL_CTX_free (ctx);
}
/* EOF - cli.cpp */
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
