OpenSSL with Winsock

Wed, 09 Jun 2010 03:56:27 -0700 

Hi,

I'm new to OpenSSL and trying to implement a simple multi-thread http/https
server with winsock for educational purposes. It works fine for http
requests but when handling https requests program crashes at
SSL_read(ssl_client, buf, size)
function call. I've seen that after calling the
SSL_set_fd(ssl_client, client_fd)
function client_fd is set to NULL but ssl_client has a valid value,I checked
the API for SSL_set_fd but no word about this. also searched the web but can
not find anything useful. Do you have any idea about this problem?

I've put Openssl initialization part and association part between socket and
ssl structure of my code below.

Thanks


#define CERT_FILE "cert.crt"
// Global variable
SSL_CTX *_ssl_client_ctx;


// ============================================
// SSL Initialization part in the main function.

SSL_library_init();
SSL_load_error_strings();
 _ssl_client_ctx = SSL_CTX_new(SSLv23_server_method());
if(_ssl_client_ctx == NULL )
 {
dump_err("SSL_CTX_new");
return -1;
 }

if (SSL_CTX_use_certificate_file(_ssl_client_ctx, CERT_FILE,
 SSL_FILETYPE_PEM) <= 0)
{
dump_err("SSL_CTX_use_certificate_file");
 return -1;
}
 if (SSL_CTX_use_PrivateKey_file(_ssl_client_ctx, CERT_FILE,
SSL_FILETYPE_PEM) <= 0)
 {
dump_err("SSL_CTX_use_PrivateKey_file");
return -1;
 }

if (!SSL_CTX_load_verify_locations(_ssl_client_ctx,CERT_FILE, NULL)) {
 dump_err(1, "SSL_CTX_load_verify_locations");
return -1;
}
 if (SSL_CTX_check_private_key(_ssl_client_ctx) <= 0)
{
 dump_err(1, "SSL_CTX_check_private_key");
return -1;
}
// ============================================


// Function used by threads
int init_ssl_client(SOCKET client_fd,  SSL* ssl_client) {

ssl_client = SSL_new(_ssl_client_ctx);
 printf("client_init - SSL_new -- ssl_client:%d, _ssl_client_ctx: %d\n",
*ssl_client,*_ssl_client_ctx);
if(SSL_set_fd(ssl_client, client_fd) <= 0)
 {
dump_err("client_init -- SSL_set_fd");
}
 printf("client_init - SSL_set_fd -- ssl_client:%d , client_fd:%d,
_ssl_client_ctx: %d\n", *ssl_client, client_fd, *_ssl_client_ctx);
if (SSL_accept(ssl_client) <= 0)
 {
dump_err("client_init - SSL_accept");
return -1;
 }

return 0;
}

Reply via email to