Re: Strange bug in connecting to server
Hi "sslclient.h" missing.. don't u mind sending that file. Best regards, sujith __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Strange bug in connecting to server
Hi,
I'm trying to create an library for transfering special info between
an client and a webserver. But I have run into some strange problems.
I can connect to all kinds of webservers but one is allways failing.
I've debugged with returning the sslstate within the program, giving me:
Before connect
Before ssl connect
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:error in SSLv3 read server hello A
SSL connect failed
Out
If I run the openssl program using the s_client option I can get
it to work... What am i doing wrong ???
Source code:
testssl.c :
This is just for testing
#include
int main (int argc, char **argv)
{
char ticket[10];
int t=0;
char call[] = "GET /\n\n";
char host[] = "www.paynet.no";
int port = 443;
memset(ticket,0,10);
sendSSL(call, strlen(call), ticket, 10, host, port);
printf("Out %s\n", ticket);
}
sslclient.c :
Here all the work is done
/*
* An SSL simple client
*
* This is a simple client. The client will try to open a socket
* on a specified port. This socket is hereafter read until
*
*/
#include
#include
#ifdef WINNT
#include
#else
#include
#include
#include
#endif
// #include
#include "ssl.h"
#include "sslclient.h"
#define PROTOCOL "tcp"
#define MESSAGE_EXTEND 2048
static char sslclient_error_[4096];
static char *skeyphrase;
int verify_callback(int, X509_STORE_CTX*);
void apps_ssl_info_callback(SSL *, int, int);
/**
* Callback for getting key
*/
int returnKey(keybuf, maxlength, verify)
char *keybuf;
int maxlength;
int verify;
{
if(maxlength>strlen(skeyphrase)) {
memcpy(keybuf,skeyphrase,strlen(skeyphrase));
return strlen(skeyphrase);
}
else
return -1;
}
/* Verify if passphrase works for keyfile */
int verifyKey(char* keyfile, char* passphrase)
{
SSL_METHOD *meth=NULL;
SSL_CTX *ctx=NULL;
int t=0;
skeyphrase = passphrase;
SSLeay_add_ssl_algorithms();
if((meth=SSLv3_client_method()) &&
(ctx=SSL_CTX_new(meth)))
{
SSL_CTX_set_default_passwd_cb(ctx,*returnKey);
t = SSL_CTX_use_RSAPrivateKey_file(ctx, keyfile, SSL_FILETYPE_PEM);
if (ctx) SSL_CTX_free(ctx);
}
return (t>0);
}
/**
* Send a ssl message
*
* This involves to open a port to the host set by setPGWPort and
* setPGWHostName. The data to be sendt should be stored in 'buf' of
* and the length of buf is passed to the function in 'length'.
*
* The return from the PGW is put into a buffer structure.
*
* It is the responsibillity of the caller to free both the buffer structure
* and the buffer within (the buf element)
*
*/
int sendSSL(sbuf,slength,mbuf,mlength,hostname,port)
char *sbuf,*mbuf;
int slength,mlength;
char *hostname;
int port;
{
/* --- VARIABLE DECLARATION --- */
int t,tt,size;
int fd,c_ret;
struct protoent *pe;
struct hostent *he;
struct sockaddr_in sin;
char *tmp;
// Method for the correct ssl version
SSL_METHOD *meth=NULL;
// create an SSL structure
SSL *con = NULL;
SSL_CTX *ctx=NULL;
X509*server_cert;
char*str;
int r;
/* --- CODE START --- */
#ifdef WINNT
struct WSAData wsa_state;
int wsa_init_done=0,err;
memset(&wsa_state,0,sizeof(wsa_state));
if (WSAStartup(0x0101,&wsa_state)!=0)
{
err=WSAGetLastError();
return(0);
}
#endif
// -- Establish plain socket connection
pe = getprotobyname(PROTOCOL);
// Open a new socket
fd = socket(AF_INET,SOCK_STREAM,pe->p_proto);
if(fd==-1) {
sprintf(sslclient_error_,
"Could not create new socket");
goto error;
}
// Get the PGWHostName
if(hostname == NULL) {
sprintf(sslclient_error_,"PGWHostName not set");
goto error;
}
he = gethostbyname(hostname);
if(he == NULL || he->h_addr == NULL) {
sprintf(sslclient_error_,
"Could not gethostbyname for host:%s",hostname);
goto error;
}
sin.sin_family = AF_INET;
sin.sin_port = htons(port);
memcpy((void *)&sin.sin_addr, (void *)he->h_addr, he->h_length);
#ifdef DEBUG
printf("Before connect\n");
#endif
c_ret = connect(fd,(struct sockaddr *)&sin, sizeof(sin));
if(c_ret==-1){
sprintf(sslclient_error_,
"Could not connect to port %d",port);
goto error;
}
// -- Establish ssl on top of the socket
// Add algorithms
//OpenSSL_add_ssl_algorithms();
SSLeay_add_ssl_algorithms();
// Set the method to SSLv3
meth=SSLv3_client_method();
// Create a new context for communication
ctx=SSL_CTX_new(meth);
SSL_load_error_strings();
if (ctx == NULL) {
Re: Strange bug in connecting to server
On Mon, Aug 20, 2001 at 03:18:20PM +0200, Carsten Rhod Gregersen wrote: > Hi, > > I'm trying to create an library for transfering special info between > an client and a webserver. But I have run into some strange problems. > > I can connect to all kinds of webservers but one is allways failing. > > I've debugged with returning the sslstate within the program, giving me: > > Before connect > Before ssl connect > SSL_connect:before/connect initialization > SSL_connect:SSLv3 write client hello A > SSL_connect:error in SSLv3 read server hello A > SSL connect failed > Out > > If I run the openssl program using the s_client option I can get > it to work... What am i doing wrong ??? You are using SSLv3 only. s_client by default uses SSLv2 compatible client hello messages and supports SSLv2, SSLv3 and TLSv1. Try 's_client -ssl3' and see, whether it still succeeds. Probably the server only supports SSLv2 (it may also enforce TLSv1, but this is not likely). Best regards, Lutz PS. Query the error queue for more information. -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Strange bug in connecting to server
Hi,
I'm trying to create an library for transfering special info between
an client and a webserver. But I have run into some strange problems.
I can connect to all kinds of webservers but one is allways failing.
I've debugged with returning the sslstate within the program, giving me:
Before connect
Before ssl connect
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:error in SSLv3 read server hello A
SSL connect failed
Out
If I run the openssl program using the s_client option I can get
it to work... What am i doing wrong ???
Source code:
testssl.c :
#include
int main (int argc, char **argv)
{
char ticket[10];
int t=0;
char call[] = "GET /\n\n";
char host[] = "www.paynet.no";
int port = 443;
memset(ticket,0,10);
sendSSL(call, strlen(call), ticket, 10, host, port);
printf("Out %s\n", ticket);
}
sslclient.c :
/*
* An SSL simple client
*
* This is a simple client. The client will try to open a socket
* on a specified port. This socket is hereafter read until
*
*/
#include
#include
#ifdef WINNT
#include
#else
#include
#include
#include
#endif
// #include
#include "ssl.h"
#include "sslclient.h"
#define PROTOCOL "tcp"
#define MESSAGE_EXTEND 2048
static char sslclient_error_[4096];
static char *skeyphrase;
int verify_callback(int, X509_STORE_CTX*);
void apps_ssl_info_callback(SSL *, int, int);
/**
* Callback for getting key
*/
int returnKey(keybuf, maxlength, verify)
char *keybuf;
int maxlength;
int verify;
{
if(maxlength>strlen(skeyphrase)) {
memcpy(keybuf,skeyphrase,strlen(skeyphrase));
return strlen(skeyphrase);
}
else
return -1;
}
/* Verify if passphrase works for keyfile */
int verifyKey(char* keyfile, char* passphrase)
{
SSL_METHOD *meth=NULL;
SSL_CTX *ctx=NULL;
int t=0;
skeyphrase = passphrase;
SSLeay_add_ssl_algorithms();
if((meth=SSLv3_client_method()) &&
(ctx=SSL_CTX_new(meth)))
{
SSL_CTX_set_default_passwd_cb(ctx,*returnKey);
t = SSL_CTX_use_RSAPrivateKey_file(ctx, keyfile, SSL_FILETYPE_PEM);
if (ctx) SSL_CTX_free(ctx);
}
return (t>0);
}
/**
* Send a ssl message
*
* This involves to open a port to the host set by setPGWPort and
* setPGWHostName. The data to be sendt should be stored in 'buf' of
* and the length of buf is passed to the function in 'length'.
*
* The return from the PGW is put into a buffer structure.
*
* It is the responsibillity of the caller to free both the buffer structure
* and the buffer within (the buf element)
*
*/
int sendSSL(sbuf,slength,mbuf,mlength,hostname,port)
char *sbuf,*mbuf;
int slength,mlength;
char *hostname;
int port;
{
/* --- VARIABLE DECLARATION --- */
int t,tt,size;
int fd,c_ret;
struct protoent *pe;
struct hostent *he;
struct sockaddr_in sin;
char *tmp;
// Method for the correct ssl version
SSL_METHOD *meth=NULL;
// create an SSL structure
SSL *con = NULL;
SSL_CTX *ctx=NULL;
X509*server_cert;
char*str;
int r;
/* --- CODE START --- */
#ifdef WINNT
struct WSAData wsa_state;
int wsa_init_done=0,err;
memset(&wsa_state,0,sizeof(wsa_state));
if (WSAStartup(0x0101,&wsa_state)!=0)
{
err=WSAGetLastError();
return(0);
}
#endif
// -- Establish plain socket connection
pe = getprotobyname(PROTOCOL);
// Open a new socket
fd = socket(AF_INET,SOCK_STREAM,pe->p_proto);
if(fd==-1) {
sprintf(sslclient_error_,
"Could not create new socket");
goto error;
}
// Get the PGWHostName
if(hostname == NULL) {
sprintf(sslclient_error_,"PGWHostName not set");
goto error;
}
he = gethostbyname(hostname);
if(he == NULL || he->h_addr == NULL) {
sprintf(sslclient_error_,
"Could not gethostbyname for host:%s",hostname);
goto error;
}
sin.sin_family = AF_INET;
sin.sin_port = htons(port);
memcpy((void *)&sin.sin_addr, (void *)he->h_addr, he->h_length);
#ifdef DEBUG
printf("Before connect\n");
#endif
c_ret = connect(fd,(struct sockaddr *)&sin, sizeof(sin));
if(c_ret==-1){
sprintf(sslclient_error_,
"Could not connect to port %d",port);
goto error;
}
// -- Establish ssl on top of the socket
// Add algorithms
//OpenSSL_add_ssl_algorithms();
SSLeay_add_ssl_algorithms();
// Set the method to SSLv3
meth=SSLv3_client_method();
// Create a new context for communication
ctx=SSL_CTX_new(meth);
SSL_load_error_strings();
if (ctx == NULL) {
sprintf(sslclient_error_,
"Could not create new CTX structure");
goto error;
}
SSL_CTX_set_timeout(ctx, 3);
SSL_CTX_set_options(ctx,0);
SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
