Hi,
I have been trying to make my server comaptible for
both SSLv2 and SSLv3. But I have not been able to make
it. The code I use is the following one.
/********************************************/
/* step 1 */
SSL_library_init();
/* step 2 */
ctx = SSL_CTX_new(SSLv23_client_method());
/* step 3 */
SSL_CTX_set_default_passwd_cb_userdata(ctx, (void *)
SSLPassword);
SSL_CTX_set_default_passwd_cb(ctx, PEMPasswdCB);
/* step 4 */
if
(!SSL_CTX_use_certificate_file(ctx,SSLCertFilePathStr,
SSL_FILETYPE_PEM)) {
warn("ERROR: In Reading certificate file: %s",
SSLCertFilePathStr);
warn("SSL_CTX_use_certificate_file");
return -1;
}
/* step 5 */
if (!SSL_CTX_use_RSAPrivateKey_file(ctx,
SSLCertFilePathStr,SSL_FILETYPE_PEM)) {
warn("ERROR: Reading certificate file for RSA:
%s\n", SSLCertFilePathStr);
warn("SSL_CTX_use_RSAPrivateKey_file\n");
return -1;
}
/* step 6 */
if (!SSL_CTX_check_private_key(ctx)) {
warn("Private key does not match the
certificate");
return -1;
}
/*****************************************/
All the above code works fine but when it comes to
accept a conenction if client generates SSLv3 reqiest
I get no proble but if it generates SSlv2 (40-bit
encryption) I am getting follwing error at teh
statement SSL_accept(ssl);
Error is "SSL_ERROR_SSL"....
NOw If I change the statement to
ctx = SSL_CTX_new(SSLv2_server_method());
It only works for SSLv2 requests......
Could anybody tell me what am I missing....
-- Nilesh
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
