Hi,
I'm building a simple ssl server but I'm having trouble getting the handshake
to work.
I'm using the openssl s_client to verify my tls1 handshake and using the
server.pem file that came with openssl0.8.9k.
I must be missing something critical as I get the alert 40 for failed handshake.
I've included my code below and build instructions for completeness.
build: gcc ssls.c -g -o ssls.exe -I. -L"ssllib" -lssl32 -leay32 -lws2_32
#include "openssl/ssl.h"
#include
#include
#include
#include
void main()
{
u_long imode = 0;
SSL_CTX *ctx;
SSL *ssl;
char *seed;
short int seed_sz = 100;
BIO *sbio, *bbio, *acpt, *out;
int s, fd;
SOCKET sk;
SOCKADDR_IN sa;
WSADATA neto;
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
ctx=SSL_CTX_new(TLSv1_server_method());
SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM);
seed = malloc(sizeof(char)*100);
SSL_library_init();
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
if(!RAND_seed(seed, seed_sz))
goto bad_ssl;
ctx=SSL_CTX_new(TLSv1_server_method());
if(ctx == NULL)
goto bad_ssl;
ssl=SSL_new(ctx);
if(ssl == NULL)
goto bad_ssl;
SSL_set_accept_state(ssl);
if(!SSL_CTX_load_verify_locations(ctx, "server.pem", NULL) )
goto bad_ssl;
if(!SSL_CTX_use_certificate_file(ctx, "server.pem", SSL_FILETYPE_PEM))
goto bad_ssl;
if(!SSL_CTX_use_PrivateKey_file(ctx, "server.pem", SSL_FILETYPE_PEM))
goto bad_ssl;
if (!SSL_CTX_check_private_key(ctx))
goto bad_ssl;
free(seed);
/* SSL Network stuff */
/*windows network*/
if (WSAStartup(MAKEWORD(2,2), &neto)!=0)
goto bad_ssl;
sk = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if(sk == SOCKET_ERROR)
goto bad_ssl;
sa.sin_addr.S_un.S_addr = INADDR_ANY;
sa.sin_family = AF_INET;
sa.sin_port = htons(8080);
if(bind(sk, (SOCKADDR*)&sa, sizeof(sa))== SOCKET_ERROR)
goto bad_ssl;
if(listen(sk,5)== SOCKET_ERROR)
goto bad_ssl;
fd = accept(sk, (struct sockaddr *)&sa, NULL);
if(fd == INVALID_SOCKET)
goto bad_ssl;
/*END windows network -----------------------*/
SSL_CTX_set_options(ctx,SSL_OP_ALL);
SSL_CTX_set_mode(ctx,SSL_MODE_AUTO_RETRY);
SSL_accept(ssl);
if(!SSL_set_fd(ssl,fd))
goto bad_ssl;
while(1)
{
if(SSL_accept(ssl) == 1)
printf("connected!");
}
return;
bad_ssl:
free(seed);
printf("\nError SSL INIT\n");
}
_________________________________________________________________
Stay in the loop and chat with friends, right from your inbox!
http://go.microsoft.com/?linkid=9671354______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
