Hello once again,
here is my cut-down code as well as output.
Basically, the server fails after the line "// FAILS!!!" without the
client even connecting to it.
Does anybody have an idea ?
Many thanks
Florian
--
Output from server:
SSL PrivateKey opened successfully
LOG; Now accepting connections on fd...connection accepted.
LOG; Now accepting (ssl)...SSL Handshake (SSL_accept) failed - error code
0
SSH Handshake error 1= SSL_ERROR_SSLErr during Handshake from SSL error
queue: error:140C5042:SSL routines:SSL_UNDEFINED_FUNCTION:called a
function you should not call
Output from client:
SSL certificate opened successfully
LOG; Trying to connect (fd)...connected.
server.c
----------------------------------------------------
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <iostream.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include </usr/include/openssl/ssl.h>
#include </usr/include/openssl/err.h>
#include </usr/include/openssl/crypto.h>
#include </usr/include/openssl/x509.h>
#include </usr/include/openssl/pem.h>
#include <unistd.h>
#define certificate_file "/root/security/server.crt"
#define key_file "/root/security/server.key"
#define CA_FILE "/certs/1024scert.pem"
int main()
{
int m_fd;
SSL* m_ssl;
SSL_CTX* m_ctx;
SSL_library_init();
SSL_load_error_strings();
m_ctx=SSL_CTX_new(SSLv3_client_method());
if(!m_ctx)
{
cout << "failed to create SSL context" << endl;
}
m_ssl=SSL_new(m_ctx);
if(!m_ssl)
{
cout << "failed to create SSL structure" << endl;
}
if((SSL_use_PrivateKey_file(m_ssl,key_file,1))!=1)
{
cout << "SSL PrivateKey file error - did not open" << endl;
}
else
{
cout << "SSL PrivateKey opened successfully" << endl;
}
// Create socket.
if ((m_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1)
{
cout << "Failed to create socket." << endl;
}
// Assign a port adress to the socket.
struct sockaddr_in local_addr;
memset((char *) &local_addr, 0, sizeof(sockaddr_in)); // zero out local
address
local_addr.sin_family = AF_INET;
local_addr.sin_addr.s_addr = inet_addr("10.1.18.65");
local_addr.sin_port = 2000;
if (bind(m_fd, (struct sockaddr *) &local_addr, sizeof(local_addr)) ==
-1)
{
cout << "Failed to assign adress to socket." << endl;
}
// Start listening.
if (listen(m_fd, 128) == -1)
{
cout << "Failed to listen to port." << endl;
}
struct sockaddr_in rem_add;
socklen_t size(sizeof(sockaddr_in));
memset((char *)&rem_add, 0, size);
// Accept connections.
cout << "LOG; Now accepting connections on fd...";
if ((m_fd = accept(m_fd, (struct sockaddr *)&rem_add, &size)) == -1)
{
cout << "failed" << endl;
}
else
{
cout << "connection accepted."<< endl;
if(SSL_set_fd(m_ssl, m_fd)!=1) //Mask initial FD as SSL socket - from
here only use the ssl FD
{
cout << "Opening SSL connection FD failed" << endl;
}
cout << "LOG; Now accepting (ssl)...";
// FAILS!!!
int a(SSL_accept(m_ssl));
if(a==1) // Wait for SSL Handshake from the other side
{
cout << "SSL Handshake successful" << endl;
}
else
{
cout << "SSL Handshake (SSL_accept) failed - error code " << a <<
endl;
int length(0);
int errorCode = SSL_get_error(m_ssl, length);
cout << "SSH Handshake error " << errorCode << "= ";
switch (errorCode)
{
case SSL_ERROR_NONE: cout << "SSL_ERROR_NONE";
break;
case SSL_ERROR_ZERO_RETURN: cout << "SSL_ERROR_ZERO_RETURN";
break;
case SSL_ERROR_WANT_READ: cout << "SSL_ERROR_WANT_READ";
break;
case SSL_ERROR_WANT_WRITE: cout << "SSL_ERROR_WANT_WRITE";
break;
case SSL_ERROR_WANT_CONNECT: cout << "SSL_ERROR_WANT_CONNECT";
break;
case SSL_ERROR_WANT_ACCEPT: cout << "SSL_ERROR_WANT_ACCEPT";
break;
case SSL_ERROR_WANT_X509_LOOKUP: cout <<
"SSL_ERROR_WANT_X509_LOOKUP";
break;
case SSL_ERROR_SYSCALL: cout << "SSL_ERROR_SYSCALL";
break;
case SSL_ERROR_SSL: cout << "SSL_ERROR_SSL";
break;
}
unsigned long err(ERR_get_error());
cout << "Err during Handshake from SSL error queue: " <<
ERR_error_string(err, NULL) << endl;
}
}
}
----------------------------------------------------
client.c
----------------------------------------------------
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <iostream.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include </usr/include/openssl/ssl.h>
#include </usr/include/openssl/err.h>
#include </usr/include/openssl/crypto.h>
#include </usr/include/openssl/x509.h>
#include </usr/include/openssl/pem.h>
#include <unistd.h>
#define certificate_file "/root/security/server.crt"
#define key_file "/root/security/server.key"
#define CA_FILE "/certs/1024scert.pem"
enum messageType_e
{
MESSAGE_TYPE_REQUEST,
MESSAGE_TYPE_RETURN,
MESSAGE_TYPE_RESPONSE,
MESSAGE_TYPE_DATAGRAM
};
int main()
{
int m_fd;
SSL* m_ssl;
SSL_CTX* m_ctx;
SSL_library_init(); //FG: Initialize the SSL Libs
SSL_load_error_strings(); //FG: Load the error messages
// Create socket.
if ((m_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1)
{
cout << "Failed to create non-secure socket." << endl;
}
struct sockaddr_in remote_addr;
// SSL_CTX *ssl_ctx_server = SSL_CTX_new(SSLv23_server_method());
m_ctx=SSL_CTX_new(SSLv3_client_method()); //FG: create a secure
context
if(!m_ctx)
{
cout << "failed to create SSL context" << endl;
}
m_ssl=SSL_new(m_ctx);
if(!m_ssl)
{
cout << "failed to create SSL structure" << endl;
}
if((SSL_use_certificate_file(m_ssl,certificate_file,1))!=1) //FG:
Define SSL certificate to use
{
cout << "SSL certificate file error - did not open" << endl;
}
else
{
cout << "SSL certificate opened successfully" << endl;
}
memset((char *) &remote_addr, 0, sizeof(sockaddr_in)); // zero out
local address
remote_addr.sin_family = AF_INET;
//remote_addr.sin_addr.s_addr =
m_context->getConfiguration().m_ipAddress;
//remote_addr.sin_port = htons(m_context->getConfiguration().m_port);
remote_addr.sin_addr.s_addr = inet_addr("10.1.18.65");
remote_addr.sin_port = 2000;
cout << "LOG; Trying to connect (fd)...";
if (connect(m_fd, (struct sockaddr *)&remote_addr, sizeof remote_addr)
== -1)
{
cout << "Failed to connect secure channel. Channel not open." << endl;
}
else
{
cout << "connected." << endl;
}
if(SSL_set_fd(m_ssl, m_fd)!=1) //Mask initial FD as SSL socket -
from here only use the ssl FD
{
cout << "Opening SSL connection FD failed" << endl;
}
sleep(10);
cout << "LOG; Trying to connect (ssl)...";
if(SSL_connect(m_ssl)!=1) //Connect SSL socket
{
cout << "connecting SSL socket failed" << endl;
}
else
{
cout << "connected." << endl;
}
// FORK.
int length(0);
while (true)
{
// Extract message type.
messageType_e messageType;
if ((length = SSL_read(m_ssl, &messageType, sizeof(messageType_e))) < 0)
{
int errorCode = SSL_get_error(m_ssl, length);
cout << "Channel State error " << errorCode << "=" << endl;
switch (errorCode)
{
case SSL_ERROR_NONE: cout << "SSL_ERROR_NONE";
break;
case SSL_ERROR_ZERO_RETURN: cout << "SSL_ERROR_ZERO_RETURN";
break;
case SSL_ERROR_WANT_READ: cout << "SSL_ERROR_WANT_READ";
break;
case SSL_ERROR_WANT_WRITE: cout << "SSL_ERROR_WANT_WRITE";
break;
case SSL_ERROR_WANT_CONNECT: cout << "SSL_ERROR_WANT_CONNECT";
break;
case SSL_ERROR_WANT_ACCEPT: cout << "SSL_ERROR_WANT_ACCEPT";
break;
case SSL_ERROR_WANT_X509_LOOKUP: cout <<
"SSL_ERROR_WANT_X509_LOOKUP";
break;
case SSL_ERROR_SYSCALL: cout << "SSL_ERROR_SYSCALL";
break;
case SSL_ERROR_SSL: cout << "SSL_ERROR_SSL";
break;
}
unsigned long err(ERR_get_error());
cout << "Err from SSL error queue: " << ERR_error_string(err, NULL)
<< endl;
}
}
}
----------------------------------------------------
Girish Venkatachalam wrote:
> --- Florian G otter <[EMAIL PROTECTED]> wrote:
>
> > Hello everybody !
> >
> > I have a problem witht the SSL_accept / handshake
> > which i could not
> > resolve with the help of the net / colleagues /
> > time.
> >
> > Having written a small server / client, it gives the
> > following output
> > (debug info generated by me with the help of
> > SSL_get_error ):
> >
> > SSL PrivateKey opened successfully
> > Rate set to 100000
> > Waiting for client...
> > Waiting for client...
> > SSL Handshake (SSL_accept) failed - error code 0
> > SSL_ERROR_SSLErr during Handshake from SSL error
> > queue:
> > error:140C5042:SSL
> > routines:SSL_UNDEFINED_FUNCTION:called a function
> > you
> >
> > should not call
> > SSL_ERROR_SSLErr from SSL error queue:
> > error:140C5042:SSL
> > routines:SSL_UNDEFINED_FUNCTION:called a function
> > you should not call
> >
> > Does anybody know what could be the cause of the
> > error:140C5042:SSL
> > routines:SSL_UNDEFINED_FUNCTION:called a function
> > you
> > should not call respectively the SSL Handshake error
> > ?
> > The certificate as well as the private key seem to
> > load fine - does this
> > mean that they are correct ? - Is there a problem
> > with the certificate /
> > key ? - Could the problem be somewhere else ?
> >
> > Many thanks
>
> If you could be kind enough to post the client and
> server source code, I could gladly debug it for you.
> :-)
>
> regards,
> Girish
> >
> > Florian G otter
> >
> >
> >
> ______________________________________________________________________
> > OpenSSL Project
> > http://www.openssl.org
> > User Support Mailing List
> > openssl-users@openssl.org
> > Automated List Manager
> > [EMAIL PROTECTED]
> >
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
