Hello, > > About SSL_connect() quit with exception, actually I don't think it's > a compatibility problem. > Because I have done "make install" OpenSSL only once, and never done > update or re-install. By the way, the version being used is 0.9.8b. > I have attached SSLOpen() source code at the end of this mail. It's > a test souce code, so I haven't done cert check strictly, you can find > certPath and privateKey are all NULL. > As said before, when execute SSL_connect(), the application will > exit without any error description on the stderr. > Please help me checking it. > Thanks a lot! I've attached simple test program, try to compile: $ gcc -o ssl3 ssl3.c -lssl and run. to check errors.
Marek Marcola <[EMAIL PROTECTED]>
#include <stdio.h> #include <openssl/ssl.h> #define CA_FILE "./cacert.pem" #define CERT_FILE "./cert.pem" #define KEY_FILE "./key.pem" /** * TLS connection info callback. * * @param ssl TLS connection socket * @param type connection type * @param val connection info * @return none */ static void tls_connection_info_cb(const SSL * ssl, int type, int val) { if (type & SSL_CB_LOOP) { printf("tls_state: %s: %s\n", type & SSL_ST_CONNECT ? "connect" : type & SSL_ST_ACCEPT ? "accept" : "undefined", SSL_state_string_long(ssl)); } if (type & SSL_CB_ALERT) { printf("tls_alert: %s:%s: %s\n", type & SSL_CB_READ ? "read" : "write", SSL_alert_type_string_long(val), SSL_alert_desc_string_long(val)); } } int main() { BIO *bio; SSL *ssl; SSL_CTX *ctx = NULL; //char *ciph = "AES256-SHA:AES128-SHA"; char *ciph = "DHE-RSA-AES256-SHA"; SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); RAND_load_file("/dev/urandom", 1024); printf("crypto lib: %s\n", SSLeay_version(SSLEAY_VERSION)); if ((ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) { goto err; } SSL_CTX_set_verify_depth(ctx, 4); if (SSL_CTX_load_verify_locations(ctx, CA_FILE, NULL) != 1) { goto err; } if (SSL_CTX_set_default_verify_paths(ctx) != 1) { goto err; } if (SSL_CTX_use_certificate_chain_file(ctx, CERT_FILE) != 1) { goto err; } if (SSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM) <= 0) { goto err; } if (!SSL_CTX_check_private_key(ctx)) { goto err; } SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); if (SSL_CTX_set_cipher_list(ctx, ciph) != 1) { goto err; } SSL_CTX_set_info_callback(ctx, tls_connection_info_cb); if ((bio = BIO_new_connect("127.0.0.1:10443")) == NULL) { goto err; } if (BIO_do_connect(bio) <= 0) { goto err; } if ((ssl = SSL_new(ctx)) == NULL) { goto err; } SSL_set_bio(ssl, bio, bio); if (SSL_connect(ssl) <= 0) { goto err; } printf(" the cipher used by the client : %s\n", SSL_get_cipher(ssl)); if (SSL_write(ssl, "test 123\n", 9) <= 0) { goto err; } SSL_shutdown(ssl); return (0); err: if (ctx != NULL) { SSL_CTX_free(ctx); } ERR_print_errors_fp(stderr); return (1); }