I assume you mean do something like this in the Application client:
ctx = SSL_CTX_new( SSLv3_server_method() );
I tried this, SSL_connect/SSL_accept returns 0, with the following error:
328:error:140C5022:SSL routines:SSL_UNDEFINED_FUNCTION:called a
function you should not call:ssl_lib.c:1639:
I must be missing something. My client basically does the following:
SSL_library_init();
SSL_load_error_strings();
ctx = SSL_CTX_new( SSLv3_server_method() );
SSL_CTX_use_certificate_file( ctx, "cert", SSL_FILETYPE_PEM )
SSL_CTX_use_PrivateKey_file( ctx, "key", SSL_FILETYPE_PEM )
SSL_CTX_set_verify( ctx, ( SSL_VERIFY_NONE ), ssl_verify_callback );
SSL_CTX_set_verify_depth( ctx, 4 );
SSL_CTX_set_options( ctx, SSL_OP_ALL );
...connect to port...
SSL_new()
SSL_connect( ) /* returns 0 */
My server process does the following:
SSL_library_init();
SSL_load_error_strings();
ctx = SSL_CTX_new( SSLv3_client_method() );
SSL_CTX_load_verify_locations( ctx, "root.pem", NULL )
SSL_CTX_set_verify( ctx, ( SSL_VERIFY_NONE ), ssl_verify_callback );
SSL_CTX_set_verify_depth( ctx, 4 );
SSL_CTX_set_options( ctx, SSL_OP_ALL );
...bind to port...
SSL_new()
SSL_accept( ) /* returns 0 */
Any ideas as to what I might be doing wrong?
> Turn the handshake around. Make the Application client be the SSL
> Server; and the Application server be the SSL client.
>
>>
>> Is it possible to have a client process connect to the server process,
>> where the client presents a cert, but the server does not? I am
>> attempting to do so by setting the server to have the option
>> SSL_VERIFY_PEER, and the client to use SSL_VERIFY_NONE. The server
>> loads a root cert, and should verify that the cert the client presents
>> is sane.
>>
>> The problem I'm having is that the handshake is failing as follows:
>>
>> CONNECTED(00000003)
>> 11186:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3
>> alert
>> handshake failure:s23_clnt.c:455:
>>
>> It seems the connecting process is maybe still expecting the server to
>> present a cert? Just to test the code in question, I made the server
>> load a cert and key, and then the client could connect. I've also
>> tried
>> connecting to the server process with s_client ( which defaults to
>> SSL_VERIFY_NONE ) and that fails with the same error.
>>
>> Any ideas?
>>
>> --
>> Brian Wotring ( [EMAIL PROTECTED] )
>> PGP KeyID: 0x9674763D
>>
>> ______________________________________________________________________
>> OpenSSL Project http://www.openssl.org
>> User Support Mailing List [EMAIL PROTECTED]
>> Automated List Manager [EMAIL PROTECTED]
>>
>
>
>
> Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available
> now!!!
> The Kermit Project @ Columbia University SSH, Secure Telnet, Secure
> FTP, HTTP
> http://www.kermit-project.org/ Secured with MIT Kerberos,
> SRP, and
> [EMAIL PROTECTED] OpenSSL.
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
>
--
Brian Wotring ( [EMAIL PROTECTED] )
PGP KeyID: 0x9674763D
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
