>Can we move this discussion to talk about the latest OpenSSL version?
>Here's my an update client & server sides that will establish a connection
>with a certificate & key called 'dummy_cert.pem' and 'key.pem':
I've tried using your code, and I get the following error messages from the
server. Can you help me ?
28423:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:628:
28423:error:140C5009:SSL routines:SSL_use_certificate_file:missing asn1
eos:ssl_rsa.c:143:
28423:error:1408A0C0:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
cipher:s3_srvr.c:732:
Note that I'm doing this on an ISP. They have ssl loaded in /usr/local/ssl,
but I don't have read or execute access to any of it. They said that if
I want to use SSL, I neede to install it in my personal directory, which
I did. the program only worked when the *.pem files were in the same
directory as the executable.
My application is a simple cgi program that needs to connect to a credit
card company, send some data using SSL, and then receive a response.
Since I've had no luck with the client talking to the remote credit card
company computer, I decided to at least see if I could talk to my own
ssl server, based on the code you posted to the mailing list.
Here is the server code:
---------
/* server.c */
#include <stdio.h>
#include <stdlib.h>
#include <ssl.h>
#include <sys/socket.h>
#include <errno.h>
#include <unistd.h>
#include <string.h>
#include <resolv.h>
#include <evp.h>
#include <err.h>
/* compile with:
gcc -o server server.c -lssl -lcrypto
*/
#define PORT 1415
int main(int argc, char **argv) {
char buffer[10240];
SSL_CTX * ctx;
SSL * con;
int listener, socksize, s;
struct sockaddr_in addr;
struct sockaddr sock;
SSL_load_error_strings();
CRYPTO_malloc_init();
SSLeay_add_all_algorithms();
ctx = SSL_CTX_new(SSLv23_server_method());
con = SSL_new( ctx );
listener = socket(AF_INET, SOCK_STREAM, 0);
if (listener < 0) return printf("Unable to create socket.\n");
addr.sin_family = AF_INET;
addr.sin_addr.s_addr = INADDR_ANY;
addr.sin_port = htons(PORT);
if (bind(listener, (struct sockaddr *) &addr, sizeof(addr)) < 0)
return printf("Can't bind: %s.\n", strerror(errno));
if (listen(listener, 5) < 0) return printf("Can't listen.\n");
if ((s = accept(listener, &sock, &socksize)) < 0) return printf("Can't
accept.\n");
printf("connection made\n");
SSL_set_fd(con,s);
ERR_print_errors_fp(stderr);
printf("1\n");
SSL_use_RSAPrivateKey_file(con, "privkey.pem", SSL_FILETYPE_PEM);
ERR_print_errors_fp(stderr);
SSL_use_certificate_file(con, "bestrents.pem", SSL_FILETYPE_PEM);
ERR_print_errors_fp(stderr);
SSL_accept(con);
ERR_print_errors_fp(stderr);
printf("ssl accept \n");
SSL_read( con, buffer, sizeof(buffer));
printf("SSL read '%s'\n",buffer);
SSL_write( con, "abcdefghijklmnopqrstuvwxyz", 26);
SSL_free( con );
return 1;
}
-------
the client has lots of cgi form processing, but after thats done, I
makeConnection(), then writeData(), receiveReply(), and closeConnection().
which are all routines listed below:
------
#include <stdlib.h>
#include <stdio.h>
#include <ssl.h>
#include <sys/socket.h>
#include <resolv.h>
#include <errno.h>
#include <unistd.h>
#include <string.h>
#include <evp.h>
#include <err.h>
#include "define.h"
#include "echo.h"
#define PORT 443
#define TEST_PORT 1415
#define HOST "wwws.echo-inc.com"
#define URL "wwws.echo-inc.com/scripts/INR200.EXE"
static unsigned char ip[4] = {209,204,227,17};
static SSL_CTX * ctx;
static SSL * con;
static int s;
Boolean makeConnection( void )
{
struct sockaddr_in sin;
struct hostent *hp;
SSL_METHOD *meth=NULL;
unsigned long fionbio_enabled = 1;
int i;
long addr;
SSL_load_error_strings();
CRYPTO_malloc_init();
SSLeay_add_all_algorithms();
ctx = SSL_CTX_new( SSLv23_client_method() );
con = SSL_new( ctx );
hp = gethostbyname( HOST );
if( hp == NULL ) {
printf("<p>Server host %s unknown\n", HOST );
return False;
}
s =socket(AF_INET, SOCK_STREAM, 0);
if( s < 0 ) {
printf("<p>error creating socket\n");
return False;
}
sin.sin_family = AF_INET;
/*
sin.sin_port = htons( PORT );
bcopy( hp->h_addr, &sin.sin_addr, hp->h_length );
*/
sin.sin_port = htons( TEST_PORT );
addr=(unsigned long)
((unsigned long)ip[0]<<24L)|
((unsigned long)ip[1]<<16L)|
((unsigned long)ip[2]<< 8L)|
((unsigned long)ip[3]);
sin.sin_addr.s_addr=htonl(addr);
if( connect(s, (struct sockaddr *)&sin, sizeof(sin) ) < 0 ) {
printf("<p>error making connection\n");
close( s );
s = 0;
return False;
}
SSL_set_fd(con,s);
ERR_print_errors_fp(stderr);
SSL_connect(con);
ERR_print_errors_fp(stderr);
return True;
}
void writeData( char * buffer, long buf_length )
{
SSL_write( con, buffer, buf_length );
}
int receiveReply( char * buffer, long max_buf_size )
{
return SSL_read( con, buffer, max_buf_size );
}
void closeConnection( void )
{
SSL_free( con );
}
-------
the complete response from the server is :
connection made
1
Enter PEM pass phrase:
28423:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:628:
28423:error:140C5009:SSL routines:SSL_use_certificate_file:missing asn1
eos:ssl_rsa.c:143:
28423:error:1408A0C0:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
cipher:s3_srvr.c:732:
ssl accept
SSL read ''
Any help you can provide would be greatly appreciated.
Thanks
Tim Fogarty
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
