I'm trying to connect to a site that wants the full certificate chain.
Connecting from the command line works perfectly.
Using the code fragment below gives an error when I try to read the first
packet (using receiveData, which just sits in a loop), and the server
indicates that I have a "BAD" certificate (usually signifies that it can't
find the chain).
Does anybody have a working example of this????
Unfortunately, this is the only example that even gets close, and it uses
BIO instead of sockets. As BIO is essentially undocumented, I'm in the
dark...
Thanks!
----------------------------------------------------------------------------
--------
void handleConnection(char *param)
{
int i, err;
char *buf;
char *host_port;
char *commands [4] = {"create", "check", "info", "delete"};
char *xml_command;
char *xml_login;
struct greeting_message *greeting;
struct server_message *serverMessage;
xmlDocPtr xml_stream;
xmlNsPtr ns;
xmlNodePtr cur;
SSL_CTX *ctx;
SSL *ssl;
SSL_METHOD *meth;
BIO *out;
BIO *ssl_bio;
/* SSL stuff */
OpenSSL_add_ssl_algorithms();
meth = SSLv3_client_method();
ctx = SSL_CTX_new(meth);
CHK_NULL(ctx);
SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
err = SSL_CTX_use_certificate_file(ctx, remote->pemcert,
SSL_FILETYPE_PEM);
CHK_SSL(err);
err = SSL_CTX_use_PrivateKey_file(ctx, remote->pemprivatekey,
SSL_FILETYPE_PEM);
CHK_SSL(err);
err = SSL_CTX_load_verify_locations(ctx, remote->pemcacert, NULL);
CHK_SSL(err);
err = SSL_CTX_set_default_verify_paths(ctx);
CHK_SSL(err);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
NULL);
ssl = SSL_new(ctx);
CHK_NULL(ssl);
SSL_set_connect_state(ssl);
ssl_bio = BIO_new(BIO_f_ssl());
BIO_set_ssl(ssl_bio, ssl, BIO_NOCLOSE);
host_port = (char *)malloc(sizeof(char) * 100);
memset(host_port, '\0', 100);
sprintf(host_port, "%s:%s", remote->remoteHost,remote->remotePort);
printf("%s:%s\n", remote->remoteHost,remote->remotePort);
out = BIO_new(BIO_s_connect());
BIO_set_conn_hostname(out, host_port);
BIO_set_nbio(out, 1);
out = BIO_push(ssl_bio, out);
/* When connection is made the server sends greeting message
First get the greeting message, parse it and login. */
buf = receiveData(out);
/* Initialize gnome-xml parser */
initializeXML(&xml_stream, &ns, &cur, buf);
parseServerGreeting(&xml_stream, &cur, &greeting);
printf("%s\n", greeting->server);
printf("%s\n\n", greeting->date);
/* Build the login xml structure to send to server */
xml_login = buildLoginXML();
printf("Sending login message...\n");
sendData(out, xml_login);
printf("Response from server\n");
/* Receive the login response from server and parse. */
buf = receiveData(out);
initializeXML(&xml_stream, &ns, &cur, buf);
if(parseServerMessage(&xml_stream, &cur, &serverMessage) == -1)
{
printf("Error: %s\n code: %d\n", serverMessage->message_text,
serverMessage->response_code);
exit(1);
}
/* show message from server */
printf("Response text: %s\n", serverMessage->message_text);
printf("Response code: %d\n\n", serverMessage->response_code);
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
