sslContext = SSL_CTX_new( SSLv23_server_method() );
if ( sslContext == NULL ){
if ( sslErrorLog ) ERR_print_errors_fp( sslErrorLog );
BUG0( throwing JJSocketException - 4 )
throw JJSocketException( "SSL_CTX_new failed. Check ssl error log." );
}
if ( SSL_CTX_use_certificate_file( sslContext, CERTKEYFILE.c_str(), SSL_FILETYPE_PEM ) != 1 ){
if ( sslErrorLog ) ERR_print_errors_fp( sslErrorLog );
SSL_CTX_free( sslContext );
BUG0( throwing JJSocketException - 5 )
throw JJSocketException( "SSL_CTX_use_certificate_file failed. Check ssl error log." );
}
pass = (char *)PASSWORD.c_str();
SSL_CTX_set_default_passwd_cb( sslContext, password_cb );
if ( SSL_CTX_use_RSAPrivateKey_file( sslContext, PRIVKEYFILE.c_str(), SSL_FILETYPE_PEM ) != 1 ){
if ( sslErrorLog ) ERR_print_errors_fp( sslErrorLog );
SSL_CTX_free( sslContext );
BUG0( throwing JJSocketException - 6 )
throw JJSocketException( "SSL_CTX_use_RSAPrivateKey_file failed. Check ssl error log." );
}
const char* host = NULL; // OR given as extra parameter!!!!!
const int backlog = 10; // OR given as extra parameter!!!!! struct sockaddr_in sockname;
memset( (char *)&sockname, 0, sizeof(sockname) ); struct hostent * hostinfo;
if (host == NULL){
hostinfo = NULL;
}
else if ( (hostinfo = gethostbyname(host)) == NULL ){
BUG0( throwing JJSocketException - 7 )
throw JJSocketException( "Cannot find host" );
} if ( (socketHdlM = socket(AF_INET, SOCK_STREAM, 0)) == -1 ){
BUG0( throwing JJSocketException - 8 )
throw JJSocketException("Cannot open socket");
}BUG1( socket, %d, socketHdlM )
const int on = 1;
setsockopt( socketHdlM, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on) ); if ( hostinfo != NULL ){
struct in_addr *addp = (struct in_addr *)*(hostinfo->h_addr_list);
sockname.sin_addr = *addp;
}
else{
sockname.sin_addr.s_addr = INADDR_ANY;
} sockname.sin_family = AF_INET;
sockname.sin_port = htons( port );if ( (bind(socketHdlM, (struct sockaddr *)&sockname, sizeof(sockname))) == -1 ){
close( socketHdlM );
BUG0( throwing JJSocketException - 9 )
throw JJSocketException( "Cannot bind port" );
}
listen( socketHdlM, backlog );
int newsockHdl = ::accept( socketHdlM, 0, 0 );
if ( newsockHdl == -1 ){
BUG0( throwing JJSocketException - 1 )
string error( strerror(errno) );
string message( "Unable to accept client connection. Error: " + error );
throw JJSocketException( error );
}
BUG1( connection, %d, newsockHdl )
if ( sslContext != NULL ){
int ssl_error_code;
ssl = SSL_new( sslContext );
if ( ssl == NULL ){
if ( sslErrorLog ) ERR_print_errors_fp( sslErrorLog );
BUG0( throwing JJSocketException - 2 )
close( newsockHdl );
throw JJSocketException( "SSL_new failed. Check ssl error log." );
}
BUG2( ssl, %x, ssl, %x, sslContext )
if ( SSL_set_fd( ssl, socketHdlM ) == 0 ){
if ( sslErrorLog ) ERR_print_errors_fp( sslErrorLog );
BUG0( throwing JJSocketException - 3 )
close( newsockHdl );
throw JJSocketException( "SSL_set_fd failed. Check ssl error log." );
}
BUG2( ssl, %x, ssl, %x, sslContext )
if ( (ssl_error_code = SSL_accept( ssl )) <= 0 ){
char buf[1024];
int err = SSL_get_error(ssl, ssl_error_code);
cerr << "err = " << err << endl;
ERR_error_string( err, buf );BUG0( throwing JJSocketException - 4 )
close( newsockHdl );
BUG1( ssl, %x, ssl )
throw JJSocketException( "SSL_accept failed. Check ssl error log." );
}
Francis.Vanhemmens wrote:
Did you do something like :
SSL_METHOD *meth = NULL;
.// do some inits, maybe even mutlithread support . // load error strings, load algorithms
.
meth = SSLv3_server_method(); // operational implementation of accept is in there.
if (....SSL_CTX_new(meth))....
if you are both server and client in your application you need SSLv3_method(), only client SSLv3_client_method()
you have same fonctions if you need to use SSLv2 or both SSLv2 and v3 => SSLv23
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
