To whomever may be able to give a a bit of advice,
I'm having extreme difficulty setting up an SSL connection between client and server when neither specifies a certificate and key file. Actually, the problem seems to be specific to the server. If I tell the server to use a cert and key, via the
SSL_CTX_use_certificate_file( ) and SSL_CTX_use_PrivateKey_file( )
methods, the connection works fine. The two communicate using DES, which is what I'm (currently) after. However, if I comment out the above two calls, there is a handshake failure. Apparently, the client fails to read in the header of one of the ASN1 objects (this is a rather new topic to me, "abstract syntax notation" for communicating digital objects). Here are the errors I get, on the client side:
5862:error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:139:
5862:error:0D09F006:asn1 encoding routines:d2i_X509:bad get asn1 object call:x_x509.c:97:address=537084824 offset=0
5862:error:1407E00B:SSL routines:SSL2_SET_CERTIFICATE:X509 lib:s2_clnt.c:891:
So it's obviously not reading the x509 object correctly unless if I don't give a file to "derive it" from, or at least that's how I'm interpreting it. On the server side, I simply get a "handshake error" (SSL2_READ).
Is there a simply way to tell OpenSSL not to worry about authentication at all? I don't want to use it, so there's no reason to specify a certificate and key file on either side. However, doing so causes my test apps to fail. Right now, I simply follow this pattern:
<set up TCP/IP connection via bind, listen, accept>
method = SSLv23_server_method();
context = SSL_CTX_new (method);
**SSL_CTX_use_certificate_file( context, certfile, SSL_FILETYPE_PEM);
**SSL_CTX_use_PrivateKey_file( context, keyfile, SSL_FILETYPE_PEM);
ssl_struct = SSL_new( context );
SSL_set_fd( ssl_struct, sd_from_above_ops );
if( SSL_accept( ssl_struct )
** These guys should be totally optional, but I fail if I omit them!!
Is there something I'm missing, that would allow me to leave out the certificate and key files? Any advice or sample code would be greatly appreciated!
David Azari
[EMAIL PROTECTED]
