Netmeisters,
I would appreciate your help with the following, although it is not
strictly (or not only) and OpenSSL problem.
I am trying to connect a Pocket PC to a Linux server. The Pocket PC uses
Schannel (which on the PPC apparently includes SSLv2 and SSLv3 but not
TLS) and the Linux server has OpenSSL. At this point I am just trying to
get small test programs to work. For the server, the test program is a
slightly modified version of the sserver program from Rescorla's book. I
have included most of the code from the client below, if it matters, but
basically all this does is make a socket, turn on SSL on the socket,
and tell the security functions to use SSLv3 protocols. The server
program also should be using SSLv3, because of a call to SSLv3_method().
Here is what ssldump reports:
New TCP connection #2: net-204-140.dhcp.mcw.edu(1499) -
dp1.derm.mcw.edu(9734) 2 1 0.1544 (0.1544) CS Handshake
ClientHello
Version 3.0
cipher suites
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
compression methods
NULL
2 2 0.1548 (0.0003) SC Alert
level fatal
value handshake_failure
20.1552 (0.0003) SC TCP FIN
20.1574 (0.0022) CS TCP FIN
and here is what I get from sserver:
SSL accept error
31654:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
cipher:s3_srvr.c:772:
According to the table in the back of Rescorla's book, OpenSSL does
support these suites, but the names (as listed in his book anyway) are
different; they begin with TLS rather than SSL.
If I dont try to set the client for SSLv3 but just leave it at the
default something similar happens anyway.
Any suggestions would be much appreciated.
Matthew Fleming, MD
Associate Professor
Dept. of Dermatology
Medical College of Wisconsin
E-mail: [EMAIL PROTECTED]
S-mail:
Dept. of Dermatology
Medical College of Wisconsin
8701 Watertown Plank Rd.
Milwaukee, WI 53226
Phone:414.456.4072
Fax:414.456.6518
Windows CE code:
DWORD optval = SO_SEC_SSL;
err=setsockopt(s, SOL_SOCKET, SO_SECURE, (LPSTR)optval,
sizeof(optval));
if (err==SOCKET_ERROR) {
errmsg.Format(_T(Error in setsockopt for SO_SECURE
%d), WSAGetLastError());
MessageBox(errmsg);
}
DWORD dwBytes;
SSLPROTOCOL protocol;
protocol.dwProtocol=SSL_PROTOCOL_SSL3;
protocol.dwVersion=0;
protocol.dwFlags=0;
SSLPROTOCOLS protocols;
protocols.ProtocolList[0]=protocol;
protocols.dwCount=1;
err = WSAIoctl( s,
SO_SSL_SET_PROTOCOLS,
protocols,
sizeof(protocols),
NULL,
0,
dwBytes,
NULL,
NULL);
if (SOCKET_ERROR==err)
{
errmsg.Format(_T(Error in setting protocol %d),
WSAGetLastError());
MessageBox(errmsg);
}
//register certificate validation callback
SSLVALIDATECERTHOOK hfunc;
hfunc.HookFunc = certificate_validation_procedure;
hfunc.pvArg = NULL;
err = WSAIoctl( s,
SO_SSL_SET_VALIDATE_CERT_HOOK,
hfunc,
sizeof(hfunc),
NULL,
0,
dwBytes,
NULL,
NULL);
if (SOCKET_ERROR==err)
{
errmsg.Format(_T(Error in registering certificate
validation callback %d), WSAGetLastError());
MessageBox(errmsg);
}
// do name resolution
hostent *pHostent;
pHostent=gethostbyname(dp1.derm.mcw.edu);
memcpy(tcpaddr.sin_addr,pHostent-h_addr_list[0],sizeof(IN_ADDR));
//or not
//tcpaddr.sin_addr.s_addr=inet_addr(141.106.204.30);
int res=connect(s, (SOCKADDR *)tcpaddr, sizeof(tcpaddr));
if (res==SOCKET_ERROR) {
CString err;
err.Format(_T(Connection error %d\n),
WSAGetLastError());
MessageBox(err);
}
send(s, ch, 1, 0);
__
OpenSSL Project