first of all - you can initialize SSL context once per
process - and reuse it on every incoming or outgoing
connection request.
So you can remove :
SSL_library_init();
ERR_load_crypto_strings();
SSL_load_error_strings();
ssl_context = SSL_CTX_new( SSLv3_method() );
from your connect functions.
2. Next be sure that you compile with /MD
/multithreaded DLL/ switch /or MDd for Debug versions/
I suggest you to look into your
openssl-0.9.6\demos\ssl directory for a working sample
--- Bryan Bishop Whitehead <[EMAIL PROTECTED]>
wrote:
> I'm trying to learn how to use the OpenSSL library
> so I thought I'd make a
> very simple client/server app to get started.
>
> I first made 2 simple programs that do this: The
> server listens on a port,
> and when a connection comes it it will echo whatever
> is sent from the
> client. The Client connects to this port and sends
> whatever the user
> types. After I did that the next step (so I thought)
> would be
> simple: throw in ssl.
>
> This is the section of code (that is broken) on the
> server side that now
> handles the ssl stuff. The connection is already
> established and I have a
> file descriptor:
>
> int client_connect() {
> SSL_CTX *ssl_context;
> SSL *ssl_struct;
> int ret;
> SSL_library_init();
> ERR_load_crypto_strings();
> SSL_load_error_strings();
> ssl_context = SSL_CTX_new( SSLv3_method() );
> if ( ssl_context == NULL )
> exit(10);
> ssl_struct = SSL_new( ssl_context );
> if ( ssl_struct == NULL )
> exit(11);
> SSL_clear( ssl_struct );
> if ( ! SSL_set_fd ( ssl_struct, fd ) )
> exit(12);
> ERR_clear_error();
> ret = SSL_accept ( ssl_struct );
> if ( ret != 1 )
> {
> ERR_print_errors_fp(stdout);
> fflush(stdout);
> exit(13);
> }
> while ( SSL_read(ssl_struct, buf, BUFFSIZE - 1)
> > 0 )
> {
> printf("%s",buf);
> fflush(stdin);
> }
> SSL_shutdown(ssl_struct);
> close(fd);
> }
>
> This chuck of code bombs out at SSL_accept with:
> 15654:error:1408A0C1:SSL
> routines:SSL3_GET_CLIENT_HELLO:no shared
> cipher:s3_srvr.c:858:
>
> The client portion is this:
>
> int server_connect() {
> /* SSL vars */
> SSL_CTX *ssl_context;
> SSL *ssl_struct;
> int ret;
> DSA key;
> SSL_library_init();
> ERR_load_crypto_strings();
> SSL_load_error_strings();
> ssl_context = SSL_CTX_new( SSLv3_method() );
> ssl_struct = SSL_new( ssl_context );
> SSL_clear( ssl_struct );
> SSL_set_fd ( ssl_struct, sd );
> ret = SSL_connect ( ssl_struct );
> if ( ret != 1 )
> {
> ERR_print_errors_fp(stdout);
> fflush(stdout);
> exit(10);
> }
> while ( fgets(buf, BUFFSIZE - 1, stdin) )
> SSL_write( ssl_struct, buf, BUFFSIZE - 1 );
> SSL_shutdown( ssl_struct );
> close(sd);
> }
>
> This one bombs out on SSL_connect with this
> error: 15707:error:14094410:SSL
> routines:SSL3_READ_BYTES:sslv3 alert
> handshake failure:s3_pkt.c:1031:SSL alert number 40
>
>
> the man page for ssl in the Description lists
> SSL_library_init, then
> SSL_CTX_new, SSL_new, SSL_set_fd, and finally
> SSL_accept/SSL_connect as
> the routines.
>
> I'm pretty sure I'm missing something major here,
> the part about
> SSL_CTX_new that says, "Various options regarding
> certificates, algorithms
> etc. can be set in this object." I can't seem to
> find the details to
> connect the dots....
>
> Any help would be greatly appreciated!
>
> I tried subscribing to the list, but I'm not getting
> a reply from
> majordomo. :( So please CC me just in case. Better
> to get 2 emails than
> none.
>
> -Bryan
>
>
______________________________________________________________________
> OpenSSL Project
> http://www.openssl.org
> User Support Mailing List
> [EMAIL PROTECTED]
> Automated List Manager
[EMAIL PROTECTED]
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
