Hello,
> here is a part of the SSL related code from the client side containing
> all parameters used:
I've made some modifications to your code:
// CODE BEGIN
#include <stdio.h>
#include <openssl/ssl.h>
#define CA_FILE "./cacert.pem"
#define CERT_FILE "./cert.pem"
#define KEY_FILE "./key.pem"
int main()
{
BIO *bio;
SSL * ssl;
SSL_CTX * ctx = NULL;
char *ciph = "AES256-SHA:AES128-SHA";
//char *ciph = "XXX:YYY";
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
RAND_load_file("/dev/urandom", 1024);
printf("crypto lib: %s\n", SSLeay_version(SSLEAY_VERSION));
if( (ctx=SSL_CTX_new(SSLv23_method())) == NULL ){
goto err;
}
SSL_CTX_set_verify_depth(ctx,4);
if( SSL_CTX_load_verify_locations(ctx, CA_FILE,NULL) != 1 ){
goto err;
}
if( SSL_CTX_set_default_verify_paths(ctx) != 1 ){
goto err;
}
if( SSL_CTX_use_certificate_chain_file(ctx,CERT_FILE) != 1 ){
goto err;
}
if( SSL_CTX_use_PrivateKey_file(ctx , KEY_FILE, SSL_FILETYPE_PEM) <=
0 ){
goto err;
}
if(!SSL_CTX_check_private_key(ctx)) {
goto err;
}
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER , NULL);
if (SSL_CTX_set_cipher_list(ctx , ciph)!= 1 ){
goto err;
}
if( (bio = BIO_new_connect("127.0.0.1:10443")) == NULL){
goto err;
}
if( BIO_do_connect(bio) <= 0 ){
goto err;
}
if( (ssl = SSL_new(ctx)) == NULL ){
goto err;
}
SSL_set_bio(ssl, bio , bio);
if( SSL_connect(ssl) <= 0 ){
goto err;
}
printf( " the cipher used by the client : %s\n",
SSL_get_cipher(ssl));
if( SSL_write(ssl, "test 123\n" , 9) <= 0 ){
goto err;
}
return(0);
err:
if( ctx != NULL ){
SSL_CTX_free(ctx);
}
ERR_print_errors_fp(stderr);
return(1);
}
// CODE END
and this seems to work on 0.9.8a and 0.9.8b.
Try to run this on your system and check for errors.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
