Am 23.05.2014 14:16, schrieb Subrata Dasgupta:
Hello Sir / Madam,
I am very much new to openssl programming. I want to make a TCP
connection secure using openssl. I do not want to use any certificate
or keys.. Is it possible to make a TCP connection secure without using
certificate or keys?? I am using openssl-0.9.7a.
To make a TCP connection secure I have changed two example files of
the openssl-0.9.7a source code under demo/ssl. I am attaching those
changed files with this email. I changed those files to avoid
certificate and keys related openssl calls.. But server and client
both are giving following errors.. Please please help..
Hello Subrata,
if you don't use a certificate at least for your server you won't get a
secure connection. At least not with OpenSSL.
You'll have to create a certificate and keys, but you can create a self
signed certificate
(https://www.google.de/search?q=create+self+signed+certificate) or use
some free certificate provider, like for example http://www.cacert.org
The server has to use the private keys (check SSL_CTX_use_PrivateKey*)
and offer the certificate to the client (SSL_CTX_use_certificate*), then
you may at least get your test setup running.
Of course, a certificate alone will not guarantee a "secure" connection,
but explaining how to get a connection secured for production use is
above my available time... :-\
Hope it helps
Ted
;)
In Server ...
Connection from 100007f, port 8fc0
SSL connection using (NONE)
7778:error:140EC0E5:SSL routines:SSL2_READ_INTERNAL:ssl handshake
failure:s2_pkt.c:143:
In Client ...
7779:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too
long:asn1_lib.c:138:
7779:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object
header:tasn_dec.c:928:
7779:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested
asn1 error:tasn_dec.c:304:Type=X509
7779:error:1407E00B:SSL routines:SSL2_SET_CERTIFICATE:X509
lib:s2_clnt.c:1050:
Below are the openssl library calls made by the server..
SSL_library_init();
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
meth = SSLv23_server_method();
ctx = SSL_CTX_new (meth);
ssl = SSL_new (ctx);
SSL_set_fd (ssl, sd);
err = SSL_accept (ssl);
SSL_read (ssl, buf, sizeof(buf) - 1);
err = SSL_write (ssl, "I hear you.", strlen("I hear you."));
SSL_free (ssl);
SSL_CTX_free (ctx);
In client following calls are made...
SSL_library_init();
SSLeay_add_ssl_algorithms();
meth = SSLv2_client_method();
SSL_load_error_strings();
ctx = SSL_CTX_new (meth);
ssl = SSL_new (ctx);
SSL_set_fd (ssl, sd);
err = SSL_connect (ssl);
err = SSL_write (ssl, "Hello World!", strlen("Hello World!"));
CHK_SSL(err);
err = SSL_read (ssl, buf, sizeof(buf) - 1);
SSL_shutdown (ssl);
SSL_free (ssl);
SSL_CTX_free (ctx);
Thanks
Subrata
<http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/signatureline.htm@Middle?>
Get your own *FREE* website, *FREE* domain & *FREE* mobile app with
Company email.
*Know More >*
<http://track.rediff.com/click?url=___http://businessemail.rediff.com/company-email-hosting-services?sc_cid=sign-1-10-13___&cmp=host&lnk=sign-1-10-13&nsrv1=host>
--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26
