Hello !
Here is again the complete code as of now.
The restricitions are removed so far.
Output from Server:
SSL PrivateKey opened successfully
LOG; Now accepting connections on fd...connection accepted.
LOG; Now accepting (ssl)...SSL Handshake (SSL_accept) failed - error
code -1
SSH Handshake error 1= SSL_ERROR_SSLErr during Handshake from SSL error
queue: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
cipher
Output from Client:
bin/Linux_2.6.4# ./testConsumer
SSL certificate opened successfully
LOG; Trying to connect (fd)...connected.
LOG; Trying to connect (ssl)...connecting SSL socket failed
Many thanks !
Florian
--
server.c
----------------------------------------------------
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <iostream.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include </usr/include/openssl/ssl.h>
#include </usr/include/openssl/err.h>
#include </usr/include/openssl/crypto.h>
#include </usr/include/openssl/x509.h>
#include </usr/include/openssl/pem.h>
#include <unistd.h>
#define certificate_file "/root/security/server.crt"
#define key_file "/root/security/server.key"
#define CA_FILE "/certs/1024scert.pem"
int main()
{
int m_fd;
SSL* m_ssl;
SSL_CTX* m_ctx;
SSL_library_init();
SSL_load_error_strings();
m_ctx=SSL_CTX_new(SSLv3_server_method());
if(!m_ctx)
{
cout << "failed to create SSL context" << endl;
}
m_ssl=SSL_new(m_ctx);
OpenSSL_add_all_algorithms();
if(!m_ssl)
{
cout << "failed to create SSL structure" << endl;
}
if((SSL_use_PrivateKey_file(m_ssl,key_file,1))!=1)
{
cout << "SSL PrivateKey file error - did not open" << endl;
}
else
{
cout << "SSL PrivateKey opened successfully" << endl;
}
// Create socket.
if ((m_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1)
{
cout << "Failed to create socket." << endl;
}
// Assign a port adress to the socket.
struct sockaddr_in local_addr;
memset((char *) &local_addr, 0, sizeof(sockaddr_in)); // zero out
local
address
local_addr.sin_family = AF_INET;
local_addr.sin_addr.s_addr = inet_addr("10.1.18.65");
local_addr.sin_port = 2000;
if (bind(m_fd, (struct sockaddr *) &local_addr, sizeof(local_addr)) ==
-1)
{
cout << "Failed to assign adress to socket." << endl;
}
// Start listening.
if (listen(m_fd, 128) == -1)
{
cout << "Failed to listen to port." << endl;
}
struct sockaddr_in rem_add;
socklen_t size(sizeof(sockaddr_in));
memset((char *)&rem_add, 0, size);
// Accept connections.
cout << "LOG; Now accepting connections on fd...";
if ((m_fd = accept(m_fd, (struct sockaddr *)&rem_add, &size)) == -1)
{
cout << "failed" << endl;
}
else
{
cout << "connection accepted."<< endl;
if(SSL_set_fd(m_ssl, m_fd)!=1) //Mask initial FD as SSL socket -
from
here only use the ssl FD
{
cout << "Opening SSL connection FD failed" << endl;
}
cout << "LOG; Now accepting (ssl)...";
// !!!
int a(SSL_accept(m_ssl));
if(a==1) // Wait for SSL Handshake from the other side
{
cout << "SSL Handshake successful" << endl;
}
else
{
cout << "SSL Handshake (SSL_accept) failed - error code " << a <<
endl;
int length(0);
int errorCode = SSL_get_error(m_ssl, length);
cout << "SSH Handshake error " << errorCode << "= ";
switch (errorCode)
{
case SSL_ERROR_NONE: cout << "SSL_ERROR_NONE";
break;
case SSL_ERROR_ZERO_RETURN: cout << "SSL_ERROR_ZERO_RETURN";
break;
case SSL_ERROR_WANT_READ: cout << "SSL_ERROR_WANT_READ";
break;
case SSL_ERROR_WANT_WRITE: cout << "SSL_ERROR_WANT_WRITE";
break;
case SSL_ERROR_WANT_CONNECT: cout << "SSL_ERROR_WANT_CONNECT";
break;
case SSL_ERROR_WANT_ACCEPT: cout << "SSL_ERROR_WANT_ACCEPT";
break;
case SSL_ERROR_WANT_X509_LOOKUP: cout <<
"SSL_ERROR_WANT_X509_LOOKUP";
break;
case SSL_ERROR_SYSCALL: cout << "SSL_ERROR_SYSCALL";
break;
case SSL_ERROR_SSL: cout << "SSL_ERROR_SSL";
break;
}
unsigned long err(ERR_get_error());
cout << "Err during Handshake from SSL error queue: " <<
ERR_error_string(err, NULL) << endl;
}
}
}
----------------------------------------------------
client.c
----------------------------------------------------
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <iostream.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include </usr/include/openssl/ssl.h>
#include </usr/include/openssl/err.h>
#include </usr/include/openssl/crypto.h>
#include </usr/include/openssl/x509.h>
#include </usr/include/openssl/pem.h>
#include <unistd.h>
#define certificate_file "/root/security/server.crt"
#define key_file "/root/security/server.key"
#define CA_FILE "/certs/1024scert.pem"
enum messageType_e
{
MESSAGE_TYPE_REQUEST,
MESSAGE_TYPE_RETURN,
MESSAGE_TYPE_RESPONSE,
MESSAGE_TYPE_DATAGRAM
};
int main()
{
int m_fd;
SSL* m_ssl;
SSL_CTX* m_ctx;
SSL_library_init(); //FG: Initialize the SSL Libs
SSL_load_error_strings(); //FG: Load the error messages
// Create socket.
if ((m_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1)
{
cout << "Failed to create non-secure socket." << endl;
}
struct sockaddr_in remote_addr;
// SSL_CTX *ssl_ctx_server = SSL_CTX_new(SSLv23_server_method());
m_ctx=SSL_CTX_new(SSLv3_client_method()); //FG: create a secure
context
if(!m_ctx)
{
cout << "failed to create SSL context" << endl;
}
m_ssl=SSL_new(m_ctx);
if(!m_ssl)
{
cout << "failed to create SSL structure" << endl;
}
OpenSSL_add_all_algorithms();
if((SSL_use_certificate_file(m_ssl,certificate_file,1))!=1) //FG:
Define SSL certificate to use
{
cout << "SSL certificate file error - did not open" << endl;
}
else
{
cout << "SSL certificate opened successfully" << endl;
}
memset((char *) &remote_addr, 0, sizeof(sockaddr_in)); // zero out
local address
remote_addr.sin_family = AF_INET;
//remote_addr.sin_addr.s_addr =
m_context->getConfiguration().m_ipAddress;
//remote_addr.sin_port =
htons(m_context->getConfiguration().m_port);
remote_addr.sin_addr.s_addr = inet_addr("10.1.18.65");
remote_addr.sin_port = 2000;
cout << "LOG; Trying to connect (fd)...";
if (connect(m_fd, (struct sockaddr *)&remote_addr, sizeof
remote_addr)
== -1)
{
cout << "Failed to connect secure channel. Channel not open." << endl;
}
else
{
cout << "connected." << endl;
}
if(SSL_set_fd(m_ssl, m_fd)!=1) //Mask initial FD as SSL socket -
from here only use the ssl FD
{
cout << "Opening SSL connection FD failed" << endl;
}
sleep(10);
cout << "LOG; Trying to connect (ssl)...";
if(SSL_connect(m_ssl)!=1) //Connect SSL socket
{
cout << "connecting SSL socket failed" << endl;
}
else
{
cout << "connected." << endl;
}
// FORK.
int length(0);
while (true)
{
// Extract message type.
messageType_e messageType;
if ((length = SSL_read(m_ssl, &messageType, sizeof(messageType_e))) <
0)
{
int errorCode = SSL_get_error(m_ssl, length);
cout << "Channel State error " << errorCode << "=" << endl;
switch (errorCode)
{
case SSL_ERROR_NONE: cout << "SSL_ERROR_NONE";
break;
case SSL_ERROR_ZERO_RETURN: cout << "SSL_ERROR_ZERO_RETURN";
break;
case SSL_ERROR_WANT_READ: cout << "SSL_ERROR_WANT_READ";
break;
case SSL_ERROR_WANT_WRITE: cout << "SSL_ERROR_WANT_WRITE";
break;
case SSL_ERROR_WANT_CONNECT: cout << "SSL_ERROR_WANT_CONNECT";
break;
case SSL_ERROR_WANT_ACCEPT: cout << "SSL_ERROR_WANT_ACCEPT";
break;
case SSL_ERROR_WANT_X509_LOOKUP: cout <<
"SSL_ERROR_WANT_X509_LOOKUP";
break;
case SSL_ERROR_SYSCALL: cout << "SSL_ERROR_SYSCALL";
break;
case SSL_ERROR_SSL: cout << "SSL_ERROR_SSL";
break;
}
unsigned long err(ERR_get_error());
cout << "Err from SSL error queue: " << ERR_error_string(err, NULL)
<< endl;
}
}
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
