Hi there,
Can anyone help me about this? I am using openssl 0.9.6c and I compiled
the binaries by myself using VC6 SP5. OS is Windows 2000 SP2.
openssl.exe runs fine without any problems.
I am trying the sample in "<OPENSSLDIR>/demos/sll" on Windows. I added
WSAStartup()/WSACleanup() to the sample code, generated key pairs and
certificates using openssl.exe, compiled the program using /MD flag. But
I still got the error when calling SSL_CTX_use_certificate_file():
1764:error:02001003:system library:fopen:No such
process:.\crypto\bio\bss_file.c:245:fopen('servcert.pem','rb')
1764:error:20074002:BIO routines:FILE_CTRL:system
lib:.\crypto\bio\bss_file.c:247:
1764:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system
lib:.\ssl\ssl_rsa.c:513:
The servcert.pem is in the same directory where the executable is.
The following is the sample code:
/***********************
* SSL Server sample *
***********************/
#include <stdio.h>
#include <windows.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#define CHK_NULL(x) if ((x)==NULL) exit (1)
#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr);
exit(2); }
void main ()
{
int err;
int listen_sd;
int sd;
struct sockaddr_in sa_serv;
struct sockaddr_in sa_cli;
size_t client_len;
SSL_CTX * ctx;
SSL * ssl;
X509 * client_cert;
char * str;
char buf [4096];
WSADATA wsaData;
/*
* all kinds of initialization
*/
// winsock
WSAStartup (0x0101, &wsaData);
// ssl initialization
SSL_load_error_strings (); // load error strings
SSL_library_init (); // initialize ssl
RAND_screen (); // initialize random seed
// initialize SSL_CTX object for ssl server
ctx = SSL_CTX_new (SSLv23_server_method());
CHK_NULL(ctx);
// certificate
err = SSL_CTX_use_certificate_file(ctx, "servcert.pem",
SSL_FILETYPE_PEM);
if (err <= 0) {
ERR_print_errors_fp (stderr);
exit(3);
}
// private key
err = SSL_CTX_use_PrivateKey_file(ctx, "servkeys.pem",
SSL_FILETYPE_PEM);
if (err <= 0) {
ERR_print_errors_fp (stderr);
exit(4);
}
// match private key with certificate
err = SSL_CTX_check_private_key(ctx);
if (!err) {
fprintf(stderr,"Private key does not match the certificate
public key\n");
exit(5);
}
/*
* prepare server socket
*/
// create socket
listen_sd = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP);
CHK_ERR(listen_sd, "socket");
// bind
memset (&sa_serv, 0x00, sizeof(sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
sa_serv.sin_port = htons (1111); /* Server Port
number */
err = bind(listen_sd, (struct sockaddr*) &sa_serv, sizeof (sa_serv));
CHK_ERR(err, "bind");
// listen
err = listen (listen_sd, 5);
CHK_ERR(err, "listen");
client_len = sizeof(sa_cli);
// accept
sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len);
CHK_ERR(sd, "accept");
// close the listening socket
closesocket (listen_sd);
// print connection info
printf ("Connection from %lx, port %x\n", sa_cli.sin_addr.s_addr,
sa_cli.sin_port);
/*
* ssl negotiation
*/
// start server side ssl negotiation
ssl = SSL_new (ctx);
CHK_NULL(ssl);
SSL_set_fd (ssl, sd);
err = SSL_accept (ssl);
CHK_SSL(err);
// optional - get the cipher
printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
// optional - get client certificate
client_cert = SSL_get_peer_certificate (ssl);
if (client_cert != NULL) {
printf ("Client certificate:\n");
str = X509_NAME_oneline (X509_get_subject_name (client_cert),
0, 0);
CHK_NULL(str);
printf ("\t subject: %s\n", str);
free (str);
str = X509_NAME_oneline (X509_get_issuer_name (client_cert),
0, 0);
CHK_NULL(str);
printf ("\t issuer: %s\n", str);
free (str);
/* verification process here ... */
X509_free (client_cert);
} else
printf ("Client does not have certificate.\n");
/*
* data exchange using ssl
*/
// read a message
err = SSL_read (ssl, buf, sizeof(buf) - 1);
CHK_SSL(err);
buf[err] = '\0';
printf ("Got %d chars:'%s'\n", err, buf);
// send a reply
err = SSL_write (ssl, "I hear you.", strlen("I hear you."));
CHK_SSL(err);
/*
* clean up
*/
closesocket (sd);
SSL_free (ssl);
SSL_CTX_free (ctx);
WSACleanup();
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
