473,725 Members | 1,782 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

OpenSSL C++; Problem with Certificates

2 New Member
Explanation:
I wrote a simple openssl server using code from basic examples. I tried it out with several browsers like firefox, opera, ie and safari. With firefox i get the certificate and then the html site. But with the other browsers I got either no html page at all or got the site just after loading the browser twice. I dont know if the problem are the certificates or the c++ code.

Platform / OS / Version:
IDE: embeddedVisualC ++
Platform: Windows CE 5.0

Key Generation
openssl genrsa -out server-key.pem 1024
openssl req -new -x509 -key server-key.pem -out cert.pem -days 365

Sourcecode
Expand|Select|Wrap|Line Numbers
  1. SSLServer::SSLServer(char *cFile, char *kFile, int port) {
  2.  
  3.   PORT = port;
  4.   SSL_library_init();
  5.   CreateCTX();
  6.   LoadCerts(cFile, kFile);
  7.  
  8.   // Get the server started.
  9.   BindPort();
  10.   CheckClients();
  11. }
  12.  
  13. void SSLServer::CheckClients() {
  14.     //Auf Verbindung warten und Client Socket zuweisen
  15.     printf ("Auf Verbindung warten........................");
  16.     clientSocket=accept(serverSocket,NULL,NULL);
  17.     if(clientSocket==INVALID_SOCKET){
  18.         printf ("FEHLER\n");
  19.     }else{
  20.         printf("OK\n");
  21.     }
  22.  
  23.     SSL *ssl;                            // Zeiger auf SSL Objekt
  24.     ssl = SSL_new(ctx);                    // Objekt erstellen mit Kontext aus CreateCTX()
  25.     SSL_set_fd(ssl, clientSocket);        // ssl objekt mit file descriptor verbinden
  26.     //int fd = SSL_get_fd(ssl);            // gibt den file descriptor zurück, welcher mit dem SSL objekt verbunden ist.
  27.  
  28.     if(SSL_accept(ssl) == -1) {
  29.         printf("Fehler ssl accept\n");
  30.     }else{
  31.         printf("Ok bei ssl accept\n");
  32.  
  33.         // Beschreibung der Verschlüsselung. Nur zu Informationszwecken.
  34.         char cipdesc[128];
  35.         SSL_CIPHER *sslciph = SSL_get_current_cipher(ssl);             
  36.         SSL_CIPHER_description(sslciph, cipdesc, sizeof(cipdesc));    
  37.         printf("Descr: %s\n", cipdesc);
  38.  
  39.         char buff[1024];
  40.         // Wait for data to be sent.
  41.         int bytes = SSL_read(ssl, buff, sizeof(buff));
  42.         buff[bytes] = '\0';
  43.  
  44.         // Show the browser request.
  45.         printf("recv: %s\n", buff);
  46.  
  47.         // Send the html reply.
  48.         SSL_write(ssl, REPLY, strlen(REPLY));
  49.  
  50.     }
  51.      // Tell the client we are closing the connection.
  52.     SSL_shutdown(ssl);
  53.  
  54.     // We do not wait for a reply, just clear everything.
  55.     SSL_free(ssl);
  56. }
  57.  
  58. void SSLServer::BindPort(void) {
  59.     //ServerSocket erstellen
  60.     printf ("Erstelle ServerSocket.......................");
  61.     serverSocket = socket(AF_INET,SOCK_STREAM,0);
  62.     if(serverSocket == INVALID_SOCKET){
  63.         printf ("FEHLER\n");
  64.     }else{
  65.         printf ("OK\n");
  66.     }
  67.  
  68.     //ServerSocket binden
  69.     printf ("Binde ServerSocket...........................");
  70.     memset(&addr,0,sizeof(SOCKADDR_IN));
  71.     addr.sin_family=AF_INET;
  72.     addr.sin_port=htons(PORT);
  73.     addr.sin_addr.s_addr=ADDR_ANY;
  74.  
  75.     long rc;
  76.     rc=bind(serverSocket,(SOCKADDR*)&addr,sizeof(SOCKADDR_IN));
  77.  
  78.     if(rc == SOCKET_ERROR){
  79.         printf ("FEHLER\n");
  80.     }else{
  81.         printf ("OK\n");
  82.     }
  83.  
  84.     //ServerSocket in listenmodus
  85.     printf ("Setze ServerSocket in listenmodus............");
  86.     rc=listen(serverSocket,backlog);
  87.     if(rc==SOCKET_ERROR){
  88.         printf ("FEHLER\n");
  89.     }else{
  90.         printf ("OK\n");
  91.     }
  92.  
  93. }
  94.  
  95. void SSLServer::CreateCTX(void) {
  96.     printf("Create CTX\n");
  97.   // The method describes which SSL protocol we will be using.
  98.   SSL_METHOD *method;
  99.  
  100.   // Load algorithms and error strings.
  101.   OpenSSL_add_all_algorithms();
  102.   SSL_load_error_strings();
  103.  
  104.   // Compatible with SSLv2, SSLv3 and TLSv1
  105.   method = SSLv23_server_method();
  106.  
  107.   // Create new context from method.
  108.   ctx = SSL_CTX_new(method);
  109.   if(ctx == NULL) {
  110.     ERR_print_errors_fp(stderr);
  111.     _exit(1);
  112.   }
  113. }
  114.  
  115. /* Load the certification files, ie the public and private keys. */
  116. void SSLServer::LoadCerts(char *cFile, char *kFile) {
  117.     printf("Load Certs\n");
  118.   if ( SSL_CTX_use_certificate_chain_file(ctx, cFile) <= 0) {
  119.     ERR_print_errors_fp(stderr);
  120.     _exit(1);
  121.   }
  122.   if ( SSL_CTX_use_PrivateKey_file(ctx, kFile, SSL_FILETYPE_PEM) <= 0) {
  123.     ERR_print_errors_fp(stderr);
  124.     _exit(1);
  125.   }
  126.  
  127.   // Verify that the two keys goto together.
  128.   if ( !SSL_CTX_check_private_key(ctx) ) {
  129.     fprintf(stderr, "Private key is invalid.\n");
  130.     _exit(1);
  131.   }
  132. }
  133.  
  134.  
Hope someone could help. Its very importand for me cause its for a school project.
Thanks
Nov 13 '07 #1
1 4936
pawnee
2 New Member
I've reduced the code to the part where the problem probably appears.

Expand|Select|Wrap|Line Numbers
  1.  
  2.  
  3. SSL *ssl;                            // Zeiger auf SSL Objekt
  4.  
  5. ssl = SSL_new(ctx);                    // Objekt erstellen mit Kontext aus CreateCTX()
  6.  
  7. SSL_set_fd(ssl, clientSocket);        // ssl objekt mit file descriptor verbinden
  8.  
  9.  
  10.  
  11.  
  12.  
  13. if(SSL_accept(ssl) == -1) {
  14.  
  15.     printf("Fehler ssl accept\n");
  16.  
  17. }else{
  18.  
  19.     printf("Ok bei ssl accept\n");
  20.  
  21.  
  22.  
  23.     char buff[1024];
  24.  
  25.     // Wait for data to be sent.
  26.  
  27.     int bytes = SSL_read(ssl, buff, sizeof(buff));
  28.  
  29.     buff[bytes] = '\0';
  30.  
  31.  
  32.  
  33.     // Send the html reply.
  34.  
  35.     SSL_write(ssl, REPLY, strlen(REPLY));
  36.  
  37.  
  38.  
  39.      // Tell the client we are closing the connection.
  40.  
  41.     SSL_shutdown(ssl);
  42.  
  43.  
  44.  
  45.     // We do not wait for a reply, just clear everything.
  46.  
  47.     SSL_free(ssl);
  48.  
  49. }
  50.  
  51.  
  52.  
The code terminates correctly, but with the internet explorer i got no content in the receive (SSL_read).
Nov 14 '07 #2

Sign in to post your reply or Sign up for a free account.

Similar topics

0
2730
by: User1001 | last post by:
I have been trying to enable/use specific OpenSSL extensions that I use in generating certificates manually, via PHP5 + php5-openssl module/extension. Filling out the "configargs" array with 'x509_extensions' and/or 'req_extensions' fails to generate/sign a certificate with the desired X.509 extensions included in the signed certificate. The extensions in my "openssl.cnf" file work just fine with manual OpenSSL commands. Also, I am...
2
5284
by: Christopher Murtagh | last post by:
Greetings, I'm trying to build 7.3.4 and I've come across two problems, one during the configure and the other afterward. Problem 1) Trying to build with openssl support gives this: ../configure --with-openssl --enable-odbc --with-perl --enable-multibyte
17
10031
by: cpptutor2000 | last post by:
Could some C guru please help me? I have a simple piece of code as: #include <stdio.h> #include <stdlib.h> #include <openssl/rand.h> int main(){ unsigned char temp; RAND_bytes(temp, 4);
0
1488
by: K.S.Sreeram | last post by:
NCrypt 0.6.4 (http://tachyon.in/ncrypt/) NCrypt is a wrapper for OpenSSL built using Pyrex. Although this is the first public release, NCrypt has been under development for the last one year, and is being used in production software. The following OpenSSL features have been wrapped: - hash algorithms (md5, sha1, sha256, etc.) - symmetric ciphers (aes256, aes128, 3des, blowfish etc.) - public key crypto with RSA
1
15235
by: laredotornado | last post by:
Hello, I downloaded PHP 4.4.4 and am trying to install for Apache 2 on Fedora Core 5. However when trying to configure with openssl, I get this error, configure: error: Cannot find OpenSSL's <evp.h> That file is located in /usr/include/openssl/evp.h but when I put the directory in the configure option
4
6596
by: Patrick | last post by:
Hello, I'm currently trying the OpenSSL Library, but I got some problems. I want to create a server and client application that communicate through the OpenSSL API, but this code doesn't work. I tried to understand the error messages but for me they aren't useful. And now I'm here and hope that somebody has experience and can tell me the error. This is the Code for the server: #define _CRT_SECURE_NO_DEPRECATE
0
1297
by: szsoft | last post by:
Hello, I have the following problem: If I build a X.509 v3 Certificate for Using in OutlookXP (Encryption and Sign), I can only sign my messages but I can't encrypt it. OutlookXP tell me that my Encryption is incompatible or not supported, if I send one to me self. Then I can only send the message in plaintext. Which Encryption Algorithm are supported or what for an Encryption is compatible with this Product?` Thanks!
5
7959
by: Chuck Anderson | last post by:
I run Apache 2.0.55, and Php (both 4.4.1 and 5.2.5) on my home PC (Windows XP). One of the scripts that I run daily needs to access a secure URL (https://..............). When I am running Php4, it can open the file. However, when I run Php5 I (now) get this error message: "Unable to find the wrapper "https" - did you forget to enable it when you configured PHP?" This is new. Last time I messed with this, I merely got:
4
4883
by: Tan | last post by:
Hi folk, I'm trying to install latest OpenSSL version in VS2008 Express Edition on WinXP. I have downloaded and installed the redistributable for VC+ +2008 (including SP1), and also installed the latest version of pre-compiled version of OpenSSL from /www.shininglightpro.com/products/ Win32OpenSSL.html website. So AFAIK there is no need for Perl script compilation and NASM, MASM issue as long as I have the pre-compiled binaries. If I'm...
0
8747
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9392
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
1
9162
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
9091
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
8069
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
6694
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
4505
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
4773
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
2
2619
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.