Hi,
About SSL_connect() quit with exception, actually I don't think it's a
compatibility problem.
Because I have done "make install" OpenSSL only once, and never done
update or re-install. By the way, the version being used is 0.9.8b.
I have attached SSLOpen() source code at the end of this mail. It's a test
souce code, so I haven't done cert check strictly, you can find certPath and
privateKey are all NULL.
As said before, when execute SSL_connect(), the application will exit
without any error description on the stderr.
Please help me checking it.
Thanks a lot!
Best Regards,
Cruise Zou
-------------------source code begin----------------------------------
czInt SSLOpen(RecvCtrl *ctrl)
{
SSL *ssl;
czInt result;
SSLOption *pOpt = &(ctrl->sslOpt);
pOpt->sslCert = NULL;
pOpt->sslCertCheck = 0;
pOpt->sslCertPath =NULL;
pOpt->sslKey = NULL;
//SSL Initialization
SSLeay_add_ssl_algorithms();
_meth = SSLv23_client_method();
SSL_load_error_strings();
_ctx = SSL_CTX_new(_meth);
if(_ctx == NULL)
{
result = SSL_ERROR_CREATE_NEW_CTX;
ERR_print_errors_fp(stderr);
return result;
}
if (pOpt->sslCertCheck)
{
SSL_CTX_set_verify(_ctx, SSL_VERIFY_PEER, SSL_ck_verify_callback);
if(pOpt->sslCertPath)
{
result = SSL_CTX_load_verify_locations(_ctx, pOpt->sslCertPath, 0);
if(!result)
{
result = SSL_ERROR_LOAD_VERIFY_LOCATION;
SSL_load_error_strings();
return result;
}
}
}
else
{
SSL_CTX_set_verify(_ctx, SSL_VERIFY_PEER, SSL_nock_verify_callback);
}
if( pOpt->sslCert || pOpt->sslKey )
{
if(!pOpt->sslKey)
pOpt->sslKey = pOpt->sslCert;
if( !pOpt->sslCert )
pOpt->sslCert = pOpt->sslKey;
result = SSL_CTX_use_certificate_chain_file(_ctx, pOpt->sslCert);
if(!result)
{
result = SSL_ERROR_LOAD_CERT_CHAIN_FILE;
ERR_print_errors_fp(stderr);
return result;
}
result = SSL_CTX_use_PrivateKey_file(_ctx, pOpt->sslKey,
SSL_FILETYPE_PEM);
if(!result)
{
result = SSL_ERROR_LOAD_PRIVATE_KEY_FILE;
ERR_print_errors_fp(stderr);
return result;
}
}
/* This static is for the verify callback */
_ssl_server_cname = ctrl->serverName;
/* Connect the TCP socket*/
ctrl->sock = SockOpen(ctrl->serverName, ctrl->popPort);
/* Connect the SSL socket */
pSSL = SSL_new(_ctx);
if(pSSL == NULL)
{
result = SSL_ERROR_CREATE_NEW_SSL_OBJECT;
ERR_print_errors_fp(stderr);
return result;
}
sbio = BIO_new_socket(ctrl->sock, BIO_NOCLOSE);
SSL_set_bio(pSSL, sbio, sbio);
result = SSL_connect(pSSL);
if( result <= 0 )
{
result = SSL_ERROR_CONNECT_TO_SERVER;
ERR_print_errors_fp(stderr);
return result;
}
return 0;
}
-------------------source code end------------------------------------
On 11/28/06, Marek Marcola <[EMAIL PROTECTED]> wrote:
Hello,
>
> I can initialise SSL correctly now.
> But when SSL_connect(), my application will crash, without any error
> description on stderr.
> what has happened?
I think that you there may be incompatibility between headers
and library.
1) Check "how may" versions you have installed, for example
on FC5:
$ rpm -qa | grep openssl
openssl-0.9.8a-5.4
openssl-devel-0.9.8a-5.4
openssl097a-0.9.7a-4.2.2
$ rpm -ql openssl-0.9.8a-5.4 | grep lib
/lib/libcrypto.so.0.9.8a
/lib/libcrypto.so.6
/lib/libssl.so.0.9.8a
/lib/libssl.so.6
$ rpm -ql openssl097a-0.9.7a-4.2.2 | grep lib
/lib/libcrypto.so.0.9.7a
/lib/libssl.so.0.9.7a
$ ll /lib | egrep 'ssl|crypto'
-rwxr-xr-x 1 root root 1150688 Sep 5 18:22 libcrypto.so.0.9.7a
-rwxr-xr-x 1 root root 1249612 Sep 28 22:37 libcrypto.so.0.9.8a
lrwxrwxrwx 1 root root 19 Oct 21 22:45 libcrypto.so.4 ->
libcrypto.so.0.9.7a
lrwxrwxrwx 1 root root 19 Oct 23 20:02 libcrypto.so.6 ->
libcrypto.so.0.9.8a
-rwxr-xr-x 1 root root 232696 Sep 5 18:22 libssl.so.0.9.7a
-rwxr-xr-x 1 root root 281244 Sep 28 22:37 libssl.so.0.9.8a
lrwxrwxrwx 1 root root 16 Oct 21 22:45 libssl.so.4 ->
libssl.so.0.9.7a
lrwxrwxrwx 1 root root 16 Oct 23 20:02 libssl.so.6 ->
libssl.so.0.9.8
2) Check version of your "system" OpenSSL header:
$ grep OPENSSL_VERSION_TEXT /usr/include/openssl/*
opensslv.h:#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8a-fips 11 Oct
2005"
opensslv.h:#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8a 11 Oct 2005"
3) Check that your program is linked with OpenSSL library
version compatible with your C headers (ssl3 - binary program):
$ ldd ssl3 | egrep 'ssl|crypto'
libssl.so.6 => /lib/libssl.so.6 (0x4c4e3000)
libcrypto.so.6 => /lib/libcrypto.so.6 (0x4c2d3000)
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
