>Are you using non-blocking sockets?
> Lutz
No, I am using blocking sockets...
Ragnar
-------------------------------------------
int ClientConnectionType::connectToHost()
{
int err = 0;
struct sockaddr_in sa;
X509* server_cert;
char* str;
SSL_METHOD *meth;
/* ************************************** *\
* Windows socket initialization *
* ************************************** */
WORD wVersionRequested;
WSADATA wsaData;
try
{
wVersionRequested = MAKEWORD( 2, 2 );
err = WSAStartup( wVersionRequested, &wsaData );
if ( err != 0 )
{
throw new Exception("Could not find a usable WinSock DLL.");
}
/* ----------------------------------------------- */
/* Create a socket and connect to server using normal socket calls. */
m_oSocket = socket (AF_INET, SOCK_STREAM, 0);
CHK_ERR(m_oSocket, "socket");
memset (&sa, '\0', sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = inet_addr (m_sHostName); /* Server IP */
sa.sin_port = htons(m_iPort); /* Server Port number */
err = connect(m_oSocket, (struct sockaddr*) &sa, sizeof(sa));
CHK_ERR(err, "connect");
/*Now we have TCP/IP connection, start SSL negotiations*/
if(m_iType > 1)
{
OpenSSL_add_all_algorithms();
//meth = SSLv3_client_method();
meth = TLSv1_client_method();
SSL_load_error_strings();
m_pCtx = SSL_CTX_new (meth);
RAND_screen();
CHK_NULL(m_pCtx);
CHK_SSL(err);
m_pSSL = SSL_new (m_pCtx);
CHK_NULL(m_pSSL);
SSL_set_fd (m_pSSL, m_oSocket);
//SSL_CTX_set_options(m_pCtx,SSL_OP_NO_TLSv1);
SSL_CTX_set_verify(m_pCtx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify);
if(err)ERR_print_errors_fp(stdout);
if(m_iType > 2)
{
char cert_file[256];
strcpy(cert_file, m_sKeyPath);
strcat(cert_file, m_sOwnCert);
char key_file[256];
strcpy(key_file, m_sKeyPath);
strcat(key_file, m_sOwnKey);
if(SSL_CTX_use_certificate_file(m_pCtx,cert_file,SSL_FILETYPE_PEM) <= 0)
{
printf("unable to get certificate from '%s'\n",cert_file);
throw new Exception("connectToHostException\n");
}
SSL_CTX_set_default_passwd_cb(m_pCtx, passwProc);
if(SSL_CTX_use_PrivateKey_file(m_pCtx,key_file,SSL_FILETYPE_PEM) <= 0)
{
ERR_print_errors_fp(stdout);
printf("unable to get private key from '%s'\n",key_file);
throw new Exception("connectToHostException\n");
}
if(!SSL_CTX_check_private_key(m_pCtx))
{
printf("Private key does not match the certificate public key\n");
throw new Exception("connectToHostException\n");
}
}
if ((!SSL_CTX_load_verify_locations(m_pCtx,m_sCACert,m_sKeyPath)) ||
(!SSL_CTX_set_default_verify_paths(m_pCtx)))
{
printf("error setting default verify locations\n");
ERR_print_errors_fp(stdout);
}
ERR_print_errors_fp(stdout);
err = SSL_connect(m_pSSL);
if (err == -1)
{
ERR_print_errors_fp(stdout);
throw new Exception("SSL_connect failed\n");
}
int retcode = 0;
int retval = SSL_get_error(m_pSSL, retcode);
char buffer[256];
ERR_error_string(retval, buffer);
ERR_print_errors_fp(stdout);
fprintf(stdout, "SSL connection established. \n");
/* SSL_renegotiate(m_pSSL);
int i=SSL_do_handshake(m_pSSL);
ERR_print_errors_fp(stdout);
printf("SSL_do_handshake -> %d\n",i);*/
/* Following two steps are optional and not required for
data exchange to be successful. */
/* Get the cipher - opt */
printf ("SSL connection using %s\n", SSL_get_cipher (m_pSSL));
/* Get server's certificate (note: beware of dynamic allocation) - opt */
server_cert = SSL_get_peer_certificate (m_pSSL); CHK_NULL(server_cert);
printf ("Server certificate:\n");
str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0);
CHK_NULL(str);
printf ("\t subject: %s\n", str);
Free (str);
str = X509_NAME_oneline (X509_get_issuer_name (server_cert),0,0);
CHK_NULL(str);
printf ("\t issuer: %s\n", str);
Free (str);
/* We could do all sorts of certificate verification stuff here before
deallocating the certificate. */
X509_free (server_cert);
}
}
catch(Exception* e)
{
disconnect();
printf("Exception caught in connectToHost\n");
printf("%s\n", e->getMsg());
throw e;
}
return m_oSocket;
}
- Re: SSL alert number 10 raggi
- Re: SSL alert number 10 Lutz Jaenicke
- Re: SSL alert number 10 raggi
- Re: SSL alert number 10 Lutz Jaenicke
- Re: SSL alert number 10 raggi
- Re: SSL alert number 10 Lutz Jaenicke
