Hi, I'm having trouble with some code that tries to set a verify
callback. I've written a short program which demonstrates the problem.
The symptom is this: if I call SSL_set_verify(...) then the SSL_connect
call fails (but SSL_set_verify is not called!). If I call
SSL_CTX_set_verify(...) with the same function everything works as
expected.
Thanks for the help,
Erik
----------------
#include <assert.h>
#include <errno.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "openssl/e_os.h"
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/rand.h>
int my_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
{
printf("my_verify_callback\n");
return preverify_ok;
}
int main(void)
{
int len;
SSL *ssl;
BIO *bio, *out;
SSL_CTX *ctx;
char tmpbuf[1024];
SSL_library_init();
SSL_load_error_strings();
ERR_load_crypto_strings();
ERR_load_SSL_strings();
OpenSSL_add_all_algorithms();
ctx = SSL_CTX_new(SSLv23_client_method());
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, my_verify_callback);
bio = BIO_new_ssl_connect(ctx);
BIO_get_ssl(bio, &ssl);
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
/* comment out this line, and it will work */
SSL_set_verify(ssl, SSL_VERIFY_PEER, my_verify_callback);
BIO_set_conn_hostname(bio, "www.amazon.com:https");
BIO_set_nbio(bio, 0);
SSL_connect(ssl);
out = BIO_new_fp(stdout, BIO_NOCLOSE);
BIO_puts(bio, "GET / HTTP/1.0\n\n");
for(;;) {
len = BIO_read(bio, tmpbuf, 1024);
if(len <= 0) break;
BIO_write(out, tmpbuf, len);
}
BIO_free_all(bio);
BIO_free(out);
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
