I got it working last night - with some tinkering and secret sauce. First,
I have to say that I have never touched openSSL or libWWW before last week,
so I was kind of fumbling around in the dark.
I assume you have the openSSL shim for libWWW? I used w3c-libwww-ssl-1.0.1.
Once this is built, I used the secureget sample.
The things I had to change (someone tell me if I have done the wrong thing).
1. the default app context in the libWWW shim uses a diffent default client
method than openssl.exe. I could connect to a secure site with the
openssl.exe sample, but not with secure get. it was rejecting the minor
protocol version. I made the following change in HTSSL.c HTSSL_init:
#if !defined(NO_SSL2) && !defined(NO_SSL3)
meth=SSLv23_client_method();
#elif !defined(NO_SSL3)
meth=SSLv3_client_method();
#elif !defined(NO_SSL2)
meth=SSLv2_client_method();
#else
// Original code
meth = TLSv1_client_method();
#endif
2. openssl.exe uses SSL_VERIFY_NONE as the cert verification mode. the shim
was using SSL_VERIFY_PEER, which was rejecting the cert (from
www.verisign.com). I changed HTSSL_init t:
/* Set the certificate verification callback */
// SSL_CTX_set_verify(app_ctx, SSL_VERIFY_PEER, verify_callback);
3. I am running WIN32 platforms, and the PRNG rand stuff was complaining
about not enough entropy. So I folded in the app_rand.c code from the
openssl samples into libWWW and called
PUBLIC BOOL HTSSL_init (void)
{
app_RAND_load_file(NULL, 0);
....
}
Poof - it started working.
I would appreciate if if someone would tell me if I did something to cause
things to be send in the clear :-). To took me an hour our so to unwind my
hair from the state machine code......
- oh yeah, here was the real confidence booster in the middle of my
head-banging:
/* Not sure what this does */
SSL_CTX_set_session_cache_mode(app_ctx, SSL_SESS_CACHE_CLIENT);
I certainly don't know what this does, but apparently neither does the
author.
Thanks,
George Peden, Team Lead
PassEdge, Corp.
-----Original Message-----
From: Alan Batie [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 03, 2000 1:27 PM
To: [EMAIL PROTECTED]
Subject: Forward: libwww Web client?
*Now* someone asks :-)
----- Forwarded message from Paul Douglas <[EMAIL PROTECTED]> -----
Date: Fri, 03 Mar 2000 13:32:39 -0500
From: Paul Douglas <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: libwww Web client?
Hello,
I'm trying to find out whether anyone has ported OpenSSL into the Libwww
Web client (used by Amaya).. and if so where can I find it?
Thanks,
Paul
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
----- End forwarded message -----
--
Alan Batie ------ What goes up, must come down.
[EMAIL PROTECTED] \ / Ask any system administrator.
+1 503-466-8407 (voice) \ / --unknown
D0 D2 39 0E 02 34 D6 B4 \/ 5A 41 21 8F 23 5F 08 9D
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
