Hello,
>
> About SSL_connect() quit with exception, actually I don't think it's
> a compatibility problem.
> Because I have done "make install" OpenSSL only once, and never done
> update or re-install. By the way, the version being used is 0.9.8b.
> I have attached SSLOpen() source code at the end of this mail. It's
> a test souce code, so I haven't done cert check strictly, you can find
> certPath and privateKey are all NULL.
> As said before, when execute SSL_connect(), the application will
> exit without any error description on the stderr.
> Please help me checking it.
> Thanks a lot!
I've attached simple test program, try to compile:
$ gcc -o ssl3 ssl3.c -lssl
and run. to check errors.
Marek Marcola <[EMAIL PROTECTED]>
#include <stdio.h>
#include <openssl/ssl.h>
#define CA_FILE "./cacert.pem"
#define CERT_FILE "./cert.pem"
#define KEY_FILE "./key.pem"
/**
* TLS connection info callback.
*
* @param ssl TLS connection socket
* @param type connection type
* @param val connection info
* @return none
*/
static void tls_connection_info_cb(const SSL * ssl, int type, int val)
{
if (type & SSL_CB_LOOP) {
printf("tls_state: %s: %s\n",
type & SSL_ST_CONNECT ? "connect" :
type & SSL_ST_ACCEPT ? "accept" : "undefined", SSL_state_string_long(ssl));
}
if (type & SSL_CB_ALERT) {
printf("tls_alert: %s:%s: %s\n",
type & SSL_CB_READ ? "read" : "write",
SSL_alert_type_string_long(val), SSL_alert_desc_string_long(val));
}
}
int main()
{
BIO *bio;
SSL *ssl;
SSL_CTX *ctx = NULL;
//char *ciph = "AES256-SHA:AES128-SHA";
char *ciph = "DHE-RSA-AES256-SHA";
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
RAND_load_file("/dev/urandom", 1024);
printf("crypto lib: %s\n", SSLeay_version(SSLEAY_VERSION));
if ((ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) {
goto err;
}
SSL_CTX_set_verify_depth(ctx, 4);
if (SSL_CTX_load_verify_locations(ctx, CA_FILE, NULL) != 1) {
goto err;
}
if (SSL_CTX_set_default_verify_paths(ctx) != 1) {
goto err;
}
if (SSL_CTX_use_certificate_chain_file(ctx, CERT_FILE) != 1) {
goto err;
}
if (SSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM) <= 0) {
goto err;
}
if (!SSL_CTX_check_private_key(ctx)) {
goto err;
}
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
if (SSL_CTX_set_cipher_list(ctx, ciph) != 1) {
goto err;
}
SSL_CTX_set_info_callback(ctx, tls_connection_info_cb);
if ((bio = BIO_new_connect("127.0.0.1:10443")) == NULL) {
goto err;
}
if (BIO_do_connect(bio) <= 0) {
goto err;
}
if ((ssl = SSL_new(ctx)) == NULL) {
goto err;
}
SSL_set_bio(ssl, bio, bio);
if (SSL_connect(ssl) <= 0) {
goto err;
}
printf(" the cipher used by the client : %s\n", SSL_get_cipher(ssl));
if (SSL_write(ssl, "test 123\n", 9) <= 0) {
goto err;
}
SSL_shutdown(ssl);
return (0);
err:
if (ctx != NULL) {
SSL_CTX_free(ctx);
}
ERR_print_errors_fp(stderr);
return (1);
}
