Hi, Thank you for the input; I now have a working simple server. I've attached it for future references if anyone is interested in this form.
Irfan ---------------------------------------- > Subject: RE: simple ssl server > Date: Fri, 17 Jul 2009 23:49:35 -0700 > From: viv...@chelsio.com > To: openssl-users@openssl.org > > Y are u initializing the ssl lib twice(SSL_library_init()). Go through > the txt document that i have attached to this mail. That should help > you. U need to set ssl to fd(SSL_set_fd) before calling SSL_accept(). > > -----Original Message----- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Irfan Gulamali > Sent: 18 July 2009 11:19 > To: openssl-users@openssl.org > Subject: simple ssl server > > > Hi, > > I'm building a simple ssl server but I'm having trouble getting the > handshake to work. > I'm using the openssl s_client to verify my tls1 handshake and using the > server.pem file that came with openssl0.8.9k. > > I must be missing something critical as I get the alert 40 for failed > handshake. > I've included my code below and build instructions for completeness. > > build: gcc ssls.c -g -o ssls.exe -I. -L"ssllib" -lssl32 -leay32 -lws2_32 > > #include "openssl/ssl.h" > #include > #include > #include > #include > > void main() > { > > u_long imode = 0; > SSL_CTX *ctx; > SSL *ssl; > char *seed; > short int seed_sz = 100; > BIO *sbio, *bbio, *acpt, *out; > int s, fd; > SOCKET sk; > SOCKADDR_IN sa; > WSADATA neto; > > SSL_load_error_strings(); > SSL_library_init(); > OpenSSL_add_all_algorithms(); > ctx=SSL_CTX_new(TLSv1_server_method()); > SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM); > > seed = malloc(sizeof(char)*100); > > SSL_library_init(); > OpenSSL_add_all_algorithms(); > SSL_load_error_strings(); > > if(!RAND_seed(seed, seed_sz)) > goto bad_ssl; > > ctx=SSL_CTX_new(TLSv1_server_method()); > if(ctx == NULL) > goto bad_ssl; > ssl=SSL_new(ctx); > if(ssl == NULL) > goto bad_ssl; > SSL_set_accept_state(ssl); > > if(!SSL_CTX_load_verify_locations(ctx, "server.pem", NULL) ) > goto bad_ssl; > > if(!SSL_CTX_use_certificate_file(ctx, "server.pem", SSL_FILETYPE_PEM)) > goto bad_ssl; > > if(!SSL_CTX_use_PrivateKey_file(ctx, "server.pem", SSL_FILETYPE_PEM)) > goto bad_ssl; > > if (!SSL_CTX_check_private_key(ctx)) > goto bad_ssl; > > free(seed); > /* SSL Network stuff */ > /*windows network*/ > if (WSAStartup(MAKEWORD(2,2), &neto)!=0) > goto bad_ssl; > sk = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); > if(sk == SOCKET_ERROR) > goto bad_ssl; > sa.sin_addr.S_un.S_addr = INADDR_ANY; > sa.sin_family = AF_INET; > sa.sin_port = htons(8080); > if(bind(sk, (SOCKADDR*)&sa, sizeof(sa))== SOCKET_ERROR) > goto bad_ssl; > > if(listen(sk,5)== SOCKET_ERROR) > goto bad_ssl; > fd = accept(sk, (struct sockaddr *)&sa, NULL); > if(fd == INVALID_SOCKET) > goto bad_ssl; > /*END windows network -----------------------*/ > SSL_CTX_set_options(ctx,SSL_OP_ALL); > SSL_CTX_set_mode(ctx,SSL_MODE_AUTO_RETRY); > SSL_accept(ssl); > if(!SSL_set_fd(ssl,fd)) > goto bad_ssl; > > while(1) > { > if(SSL_accept(ssl) == 1) > printf("connected!"); > } > return; > bad_ssl: > free(seed); > printf("\nError SSL INIT\n"); > > } > _________________________________________________________________ > Stay in the loop and chat with friends, right from your inbox! > http://go.microsoft.com/?linkid=9671354_________________________________ > _____________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org _________________________________________________________________ More storage. Better anti-spam and antivirus protection. Hotmail makes it simple. http://go.microsoft.com/?linkid=9671357
ssls.c
Description: Binary data