Re: OpenSSL with Winsock

Wed, 09 Jun 2010 06:21:44 -0700 

Hi,
I am not sure if it helps but it seems that you forgot to define locking functions which are crucial for system working in multi-threaded environment. 
Take a look at:
http://www.openssl.org/docs/crypto/threads.html
Regards,
AW

havent forge pisze:

Hi,
I'm new to OpenSSL and trying to implement a simple multi-thread http/https server with winsock for educational purposes. It works fine for http requests but when handling https requests program crashes at SSL_read(ssl_client, buf, size) function call. I've seen that after calling the SSL_set_fd(ssl_client, client_fd) function client_fd is set to NULL but ssl_client has a valid value,I checked the API for SSL_set_fd but no word about this. also searched the web but can not find anything useful. Do you have any idea about this problem?
I've put Openssl initialization part and association part between socket and ssl structure of my code below. 
Thanks


#define CERT_FILE "cert.crt"
// Global variable
SSL_CTX *_ssl_client_ctx;


// ============================================
// SSL Initialization part in the main function.

SSL_library_init();
SSL_load_error_strings();
_ssl_client_ctx = SSL_CTX_new(SSLv23_server_method());
if(_ssl_client_ctx == NULL ) { 
dump_err("SSL_CTX_new");
return -1;
}

if (SSL_CTX_use_certificate_file(_ssl_client_ctx, CERT_FILE,
SSL_FILETYPE_PEM) <= 0)
{
dump_err("SSL_CTX_use_certificate_file");
return -1;
}
if (SSL_CTX_use_PrivateKey_file(_ssl_client_ctx, CERT_FILE,
SSL_FILETYPE_PEM) <= 0)
{
dump_err("SSL_CTX_use_PrivateKey_file");
return -1;
}
if (!SSL_CTX_load_verify_locations(_ssl_client_ctx,CERT_FILE, NULL)) { dump_err(1, "SSL_CTX_load_verify_locations"); 
return -1;
}
if (SSL_CTX_check_private_key(_ssl_client_ctx) <= 0)
{
dump_err(1, "SSL_CTX_check_private_key");
return -1;
}
// ============================================


// Function used by threads
int init_ssl_client(SOCKET client_fd,  SSL* ssl_client) {

ssl_client = SSL_new(_ssl_client_ctx);
printf("client_init - SSL_new -- ssl_client:%d, _ssl_client_ctx: %d\n", *ssl_client,*_ssl_client_ctx); 
if(SSL_set_fd(ssl_client, client_fd) <= 0)
{
dump_err("client_init -- SSL_set_fd");
}
printf("client_init - SSL_set_fd -- ssl_client:%d , client_fd:%d, _ssl_client_ctx: %d\n", *ssl_client, client_fd, *_ssl_client_ctx); if (SSL_accept(ssl_client) <= 0) { 
dump_err("client_init - SSL_accept");
return -1;
}

return 0;
}


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to