Help,
It seems to me after looking throught the openSSL library code and most of
the examples provided(and the email archives), that most of the support in
this library is geared towards the server side of the SSL mechanism. What I
need help in, seems to me to be a very simple yet common task. I need to
know 'how-to', say via a command line utility which takes as command line
arguments: a 'destination ip address', a 'certificate filename', a 'key
filename', a 'send data filename', and a 'response data filename'. The
utility does no authentication of the server(speed issue), yet is able to
encrypt and send the 'send datafile' and decrypted the response into the
'response datafile'. The reason for the command-line type utility, is that
I need a cross-platform means(without the need for a browser) to send a data
file via HTTPS/SSL from various clients(some of the are old legacy systems)
to various servers.
I guess the most frustrating issue is the lack of documentation on-line or
off-line (function name lists is of little help), and searching through
e-mail archives for tid-bits here and there is very tedious. Also the
returning of a value of '-1' for almost every error code does no help when
trying to figure out what your doing wrong(even the use of SSL_get_error
isn't much help when it reflects the most recent,outer-layer error). I'm
including a couple portions of the code I have in my utility. I'm trying to
add the client certificate and key portions to the utility, but it seems
that I' having little success. Prior to adding the cert/key info,
everything seem to be working OK till the SSL_connect call when it started
to handshake with my test server to get the client cert/key info. Any help
that anyone could provide would be greatly welcomed. Till then, I'll just
keep plodding along....
Doug Putz
John Deere Information Systems
(309) 765-2458
[EMAIL PROTECTED]
#ifdef _WIN32
TOCON("Starting-up windows socket support\n");
if (initWinsock(fLog)==0)
{
FULL("Unable to startup windows socket support\n");
}
#endif
/* --------------------------------------------------- */
// begin
/* --------------------------------------------------- */
// Initialize the SSL environment
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
meth = SSLv23_client_method();
ctx = SSL_CTX_new(meth);
if (NULL == ctx)
{
// Log error and cleanup
FULL("Unable to create SSL CTX\n");
goto cleanup;
}
if
(!SSL_CTX_use_certificate_file(ctx,config.szCERTFilename,SSL_FILETYPE_PEM))
{
// Log error and cleanup
FULL("Invalid CERT file\n");
goto cleanup;
}
else if
(!SSL_CTX_use_PrivateKey_file(ctx,config.szKEYFilename,SSL_FILETYPE_PEM))
{
// Log error and cleanup
FULL("Invalid KEY file\n");
goto cleanup;
}
SSL_CTX_set_session_id_context(ctx, (const unsigned char
*)&session_id_context, sizeof session_id_context);
/* --------------------------------------------------- */
// Create a socket and connect to server using normal socket calls.
/* --------------------------------------------------- */
sd = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
if (INVALID_SOCKET == sd)
{
// log and clean up
FULL("Unable to create socket\n");
goto cleanup;
}
// Figure out what we are going to bind to
memset(&myname, 0, sizeof(myname));
myname.sin_family = AF_INET;
// See if they actually want to bind to a specific IP
if (strcmp(config.szLocalIP, "ADDR_ANY") == 0)
{
myname.sin_addr.s_addr = ADDR_ANY;
}
else
{
myname.sin_addr.s_addr = inet_addr(config.szLocalIP);
}
myname.sin_port = htons((unsigned short)atoi(config.szLocalPort));
if (bind(sd, (struct sockaddr *) &myname, sizeof(myname)) == -1)
{
FULL("Unable to bind locally\n");
goto cleanup;
}
memset (&sa, '\0', sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = inet_addr(config.szIP); /*
config-> Server IP */
sa.sin_port = htons((unsigned short)atoi(config.szPort)); /*
config-> Server Port number */
err = connect(sd, (struct sockaddr*) &sa, sizeof(sa));
if (-1 == err)
{
// Log error and cleanup
FULL("Unable to create connection\n");
goto cleanup;
}
/* --------------------------------------------------- */
// Send Proxy information if available
/* --------------------------------------------------- */
if (strlen(config.szProxy) > 0)
{
// build proxy connection
send (sd, config.szProxy, strlen(config.szProxy),0);
// Perform the read
int err = recv(sd,buf,BLOCK_SIZE,0);
buf[err] = '\0';
if (buf[9]=='4' && buf[10]=='0' && buf[11]=='7')
{
FULL("PROXY AUTH FAILED - 407\n");
goto cleanup;
}
if (buf[9]!='2' || buf[10]!='0' || buf[11]!='0')
{
FULL("PROXY CLEAR FAIL - 407\n");
goto cleanup;
}
}
/* --------------------------------------------------- */
// Now we have TCP conncetion. Start SSL negotiation.
/* --------------------------------------------------- */
ssl = SSL_new (ctx);
if (NULL == ssl)
{
// Log error and cleanup
FULL("Unable to create SSL\n");
goto cleanup;
}
SSL_set_fd (ssl, sd);
err = SSL_connect(ssl);
if (err < 0)
{
// Log error and cleanup
code = SSL_get_error(ssl,err);
sprintf(buf,"Unable to connect SSL[%d]\n",code);
FULL(buf);
goto cleanup;
}
/* --------------------------------------------------- */
// We could do all sorts of certificate verification stuff here
/* --------------------------------------------------- */
/* --------------------------------------------------- */
// DUMP sendfile into socket
/* --------------------------------------------------- */
...
I'm using SSL_write to send the file
...
/* --------------------------------------------------- */
// READ response from socket and WRITE to responsefile
/* --------------------------------------------------- */
...
I'm using SSL_read to get the response
...
/* --------------------------------------------------- */
SSL_shutdown (ssl); /* send SSL/TLS close_notify */
/* --------------------------------------------------- */
// Clean up.
/* --------------------------------------------------- */
cleanup:
TOCON("Cleanning Up\n");
if (sd != INVALID_SOCKET)
#ifdef _WIN32
closesocket(sd);
#else
close(sd);
#endif
if (ssl != NULL)
SSL_free(ssl);
if (ctx != NULL)
SSL_CTX_free(ctx);
if (fLog != NULL)
CLOSE(fLog);
if (fSend != NULL)
CLOSE(fSend);
if (fResponse != NULL)
CLOSE(fResponse);
#ifdef _WIN32
TOCON("Shutting-down windows socket support\n");
WSACleanup();
#endif
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
