Re: SSL server refusing connection : ECONNREFUSED

[Ladar Levison]

The book "Network Security with OpenSSL" has a several simple 
client/server examples you can look at. The examples are explained in 
the book, but you grab the code at:

http://www.opensslbook.com/code.html
and the tarball

http://www.opensslbook.com/NSwO-1.3.tar.gz

Ladar



On 11/16/11 11:30 PM, Manish Jain wrote:

Hello,

I am new to openssl and trying to create a demo client and server 
which use SSL v3. But the server, for some reason I cannot figure out, 
always refuses connections wth the client reporting errno as 
ECONNREFUSED.

Can somebody please help me out with what might be the problem ? 
Relevant portions of sources for server and client are available below.

Thank you &
Regards
Manish Jain
bourne.ident...@hotmail.com

//server
    SSL_METHOD * lpmethod = SSLv3_method();
    SSL_CTX * lpctx = SSL_CTX_new(lpmethod);

    int result = SSL_CTX_use_certificate_chain_file(lpctx, CERT_FILE);
    assert(result > 0);

    result = SSL_CTX_use_PrivateKey_file(lpctx, KEY_FILE, 
SSL_FILETYPE_PEM);
    assert(result > 0);

    result = SSL_CTX_check_private_key(lpctx);
    assert(result != 0);

    sockaddr_in addr;

    int sock = socket(AF_INET, SOCK_STREAM, 0);
    sockaddr_in sin;
    int val = 1;

    memset((char *)&addr, 0, sizeof(addr));
    addr.sin_addr.s_addr=INADDR_ANY;
    addr.sin_family = AF_INET;
    addr.sin_port = htons(PORT);
    setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val));

    bind(sock, (sockaddr *) &sin, sizeof(sin));
    result = listen(sock,5);
    std::cout << "listen returned " << result << std::endl;

    int new_sock = accept(sock, 0, 0);

//client :
    SSL_library_init();
    SSL_load_error_strings();

    SSL_METHOD * lpmethod = SSLv3_method();
    SSL_CTX * lpctx = SSL_CTX_new(lpmethod);

    int result = SSL_CTX_use_certificate_chain_file(lpctx, CERT_FILE);
    assert(result > 0);

    result = SSL_CTX_use_PrivateKey_file(lpctx, KEY_FILE, 
SSL_FILETYPE_PEM);
    assert(result > 0);

    result = SSL_CTX_check_private_key(lpctx);
    assert(result != 0);

    SSL_CTX_set_verify(lpctx, SSL_VERIFY_PEER, 0);

    sockaddr_in addr;

    memset((char *) &addr, 0, sizeof(addr));
    addr.sin_addr.s_addr = inet_addr("127.0.0.1");
    addr.sin_family = AF_INET;
    addr.sin_port = htons(8888);

    int sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
    assert(sock > 0);

    result = connect(sock, (struct sockaddr *)&addr, sizeof(addr));