Y are u initializing the ssl lib twice(SSL_library_init()). Go through the txt document that i have attached to this mail. That should help you. U need to set ssl to fd(SSL_set_fd) before calling SSL_accept().
-----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Irfan Gulamali Sent: 18 July 2009 11:19 To: openssl-users@openssl.org Subject: simple ssl server Hi, I'm building a simple ssl server but I'm having trouble getting the handshake to work. I'm using the openssl s_client to verify my tls1 handshake and using the server.pem file that came with openssl0.8.9k. I must be missing something critical as I get the alert 40 for failed handshake. I've included my code below and build instructions for completeness. build: gcc ssls.c -g -o ssls.exe -I. -L"ssllib" -lssl32 -leay32 -lws2_32 #include "openssl/ssl.h" #include #include #include #include void main() { u_long imode = 0; SSL_CTX *ctx; SSL *ssl; char *seed; short int seed_sz = 100; BIO *sbio, *bbio, *acpt, *out; int s, fd; SOCKET sk; SOCKADDR_IN sa; WSADATA neto; SSL_load_error_strings(); SSL_library_init(); OpenSSL_add_all_algorithms(); ctx=SSL_CTX_new(TLSv1_server_method()); SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM); seed = malloc(sizeof(char)*100); SSL_library_init(); OpenSSL_add_all_algorithms(); SSL_load_error_strings(); if(!RAND_seed(seed, seed_sz)) goto bad_ssl; ctx=SSL_CTX_new(TLSv1_server_method()); if(ctx == NULL) goto bad_ssl; ssl=SSL_new(ctx); if(ssl == NULL) goto bad_ssl; SSL_set_accept_state(ssl); if(!SSL_CTX_load_verify_locations(ctx, "server.pem", NULL) ) goto bad_ssl; if(!SSL_CTX_use_certificate_file(ctx, "server.pem", SSL_FILETYPE_PEM)) goto bad_ssl; if(!SSL_CTX_use_PrivateKey_file(ctx, "server.pem", SSL_FILETYPE_PEM)) goto bad_ssl; if (!SSL_CTX_check_private_key(ctx)) goto bad_ssl; free(seed); /* SSL Network stuff */ /*windows network*/ if (WSAStartup(MAKEWORD(2,2), &neto)!=0) goto bad_ssl; sk = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if(sk == SOCKET_ERROR) goto bad_ssl; sa.sin_addr.S_un.S_addr = INADDR_ANY; sa.sin_family = AF_INET; sa.sin_port = htons(8080); if(bind(sk, (SOCKADDR*)&sa, sizeof(sa))== SOCKET_ERROR) goto bad_ssl; if(listen(sk,5)== SOCKET_ERROR) goto bad_ssl; fd = accept(sk, (struct sockaddr *)&sa, NULL); if(fd == INVALID_SOCKET) goto bad_ssl; /*END windows network -----------------------*/ SSL_CTX_set_options(ctx,SSL_OP_ALL); SSL_CTX_set_mode(ctx,SSL_MODE_AUTO_RETRY); SSL_accept(ssl); if(!SSL_set_fd(ssl,fd)) goto bad_ssl; while(1) { if(SSL_accept(ssl) == 1) printf("connected!"); } return; bad_ssl: free(seed); printf("\nError SSL INIT\n"); } _________________________________________________________________ Stay in the loop and chat with friends, right from your inbox! http://go.microsoft.com/?linkid=9671354_________________________________ _____________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
/*****************OPENSSL API USAGE***********************/ Author: Vivek S Date: 5-11-2008 Below mentioned are the tasks that are to be taken care of in the client and server for openssl to work properly NOTE: This is my personal experience and no guarentees are provided. /*********************************************************/ ////SERVER//// 1)Initialize openssl library through a call to SSL_library_init(). 2)(optional) Load all the algorithms, ciphers, digests and error strings by calling OpenSSL_add_all_algorithms(), OpenSSL_add_all_ciphers() OpenSSL_add_all_digests(), SSL_load_error_strings(). Recommended. 3)Initialize SSL_METHOD object by a call to SSL*_server_method(). 4)Initialize SSL_CTX object by a call to SSL_CTX_new(SSL_METHOD*), the parameter to this call is the SSL_METHOD object initialized in the previous step. **VERY IMPORTANT** 5)specify the certificate to be used through a call to SSL_CTX_use_certificate_*(). **VERY IMPORTANT** 6)specify the private key to be used through a call to SSL_CTX_use_PrivateKey_*(). 7)(optional) Check the validitiy of the private key used in the previous step by a call to SSL_CTX_check_private_key(). This step is optional, but helps in knowing wheather we are using the right private key or not. 8)Load the list of trusted CA's through a call to SSL_load_client_CA_*(). This step only loads the names of CA's from a certificate file or another source. The next step is necessary in order for the server to be able to send the list to the client. 9)Prepare the list of CA's loaded in the previous step to be sent to the client by calling SSL_CTX_set_client_CA_list(). 10)After the call to accept()....create a SSL object by caling SSL_new(). 11)(optional) prepare the list of ciphers that can be used SSL_set_cipher_list()...both the client and server should have any one of these ciphers in common. 12)(optional) set client verification criteria by calling SSL_set_verify(). **VERY IMPORTANT** 13)Make the newely created SSL object to point to scoket object returned by the call to accept() by using SSL_set_fd(). 14)call SSL_accept() which initiates the SSL handshake if there is a corresponding call to SSL_connect() by a client. 15) use SSL_read() or SSL_write() as necesary if the SSL_accept() call succeeds. ////CLIENT//// 1)Initialize openssl library through a call to SSL_library_init(). 2)(optional) Load all the algorithms, ciphers, digests and error strings by calling OpenSSL_add_all_algorithms(), OpenSSL_add_all_ciphers() OpenSSL_add_all_digests(), SSL_load_error_strings(). Recommended. 3)Initialize SSL_METHOD object by a call to SSL*_client_method(). 4)Initialize SSL_CTX object by a call to SSL_CTX_new(SSL_METHOD*), the parameter to this call is the SSL_METHOD object initialized in the previous step. **VERY IMPORTANT** 5)specify the certificate to be used through a call to SSL_CTX_use_certificate_*(). 6)After the call to connect()....create a SSL object by caling SSL_new(). 7)(optional) prepare the list of ciphers that can be used SSL_set_cipher_list()...both the client and server should have any one of these ciphers in common. **VERY IMPORTANT** 8)Make the newely created SSL object to point to socket object returned by the call to accept() by using SSL_set_fd(). 9)Call SSL_connect() which initiates the SSL handshake with the server. 10)Use SSL_read() or SSL_write() as necesary if the SSL_accept() call succeeds. /*********************************************************/ NOTE: The above mentioned steps can be used in a different order than mentioned above. All suggestions and comments are welcome. Happy Coding :-)
