Hi,
I am using below code to get domain name/server name from IP address on Mac
OS X. But SSL_get_peer_certificateis returning empty certificate for
twitter and some of the https sites.
This problem I am facing from Yesterday. After Yosemite release.
Log:
----------------------------------------------------
22:33:44 SSLUtil::ConnectToServerAsync in progress 23.52.67.194
22:33:45 **** successfully connected and got file descriptor 1
22:33:45 SSLUtil::ConnectToServerAsync connect success 36
22:33:45 SSL_ERROR_WANT_READ
22:33:45 sockstate read 4
22:33:45 SOCKET_OPERATION_OK
22:33:45 SSLUtil::RetrieveNameUsingSSL certificate empty
-----------------------------------------------
Source code:
bool SSLUtil::RetrieveNameUsingSSL(int &sock , std::string &serverName)
{
serverName="";
SSL_library_init();
SSL_METHOD *meth=SSLv3_method();
SSL_CTX *sslctx=SSL_CTX_new(meth);
if(!sslctx)
{
//printf("SSL_CTX_new failed");
MCLOG("SSLUtil::RetrieveNameUsingSSL SSL_CTX_new failed ");
//close(sock);
return false;
}
SSL_CTX_set_verify(sslctx,SSL_VERIFY_NONE,NULL);
SSL *ssl =SSL_new(sslctx);
if(!ssl)
{
//printf("SSL_new failed\n"); close(sock);
MCLOG("SSLUtil::RetrieveNameUsingSSL SSL_new failed ");
//exit(4);
return false;
}
int status=SSL_set_fd(ssl,sock);
if(!status)
{
//printf("SSL_set_fd failed\n"); close(sock);
//exit(5);
MCLOG("SSLUtil::RetrieveNameUsingSSL SSL_set_fd failed ");
return false;
}
status = SSL_connect(ssl);
int error=SSL_get_error(ssl,status);
//printf("Error %d\n",error);
switch(error)
{
case SSL_ERROR_NONE:
//printf("connect successful\n");
break;
case SSL_ERROR_ZERO_RETURN:
//printf("peer close ssl connection \n");
break;
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
{
time_t seconds;
time_t future;
time_t now;
seconds = time(NULL);
future = seconds + 2;
MCLOG("SSLUtil::RetrieveNameUsingSSL Before SSL_ERROR_WANT_READ
& SSL_ERROR_WANT_WRITE");
while(error == SSL_ERROR_WANT_READ || error ==
SSL_ERROR_WANT_WRITE)
{
status = SSL_connect(ssl);
if(!WaitOnSocket(sock,TIMEOUT_SERVER))
{
MCLOG("WaitOnSocket func failed");
break;
}
now = time(NULL);
if(now > future)
{
MCLOG("*** break");
break;
}
error=SSL_get_error(ssl,status);
if(error == SSL_ERROR_NONE)
{
MCLOG("SSL_ERROR_NONE");
break;
}
}
}
break;
default:
MCLOG("SSLUtil::RetrieveNameUsingSSL failed ",error);
//printf("connect error is %d\n",error);
break;
}
X509* server_cert = SSL_get_peer_certificate (ssl);
if (server_cert != NULL)
{
//MessageLog.Write("Server certificate");
//str = X509_NAME_oneline(X509_get_subject_name(server_cert),0,0);
X509_NAME * name = X509_get_subject_name(server_cert);
char str[512] = {} ;
X509_NAME_get_text_by_NID(name, NID_commonName, str, 512);
if(str != NULL)
{
serverName = str;
//MessageLog.Write("Domain name :", str);
//MessageLog.Write("Successfully fetched the certificate");
}
else
{
MCLOG("SSLUtil::RetrieveNameUsingSSL server name empty ");
}
X509_free (server_cert);
}
else
{
MCLOG("SSLUtil::RetrieveNameUsingSSL certificate empty ");
}
if(ssl)
{
error = SSL_shutdown(ssl);
if(error == -1)
{
//MessageLog.Write("Failed to do SSLShutdown");
MCLOG("SSLUtil::RetrieveNameUsingSSL SSLShutdown failed ");
}
// Free the SSL structure
//MessageLog.Write("free SSL structure");
SSL_free(ssl);
}
// Free the SSL_CTX structure
if(sslctx)
{
SSL_CTX_free(sslctx);
}
return (!serverName.empty());
}
Why I am getting empty certificate?? I tried adding cipher
"SSL_set_cipher_list(ssl,"SSL_RSA_WITH_RC4_128_SHA);
Thanks and Regards,
Madhavi G.
