Closed noraj closed 8 years ago
I would almost say the self signed certificate is rejected. You can avoid this by setting SSL_CTX_set_verify
I took a look at openssl doc, ssl_ctx_set_verify and added SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
between
ctx = SSL_CTX_new(SSLv3_server_method());
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
load_certificate(ctx, cert, key);
But I still have the same error.
I understand that SSL_CTX_set_verify
is for the certificate and SSL_set_verify
if for the clients so I added SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL);
but now have a seg fault.
I also tried to override the callback :
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, krx_ssl_verify_peer);
with
int krx_ssl_verify_peer(int ok, X509_STORE_CTX* ctx) {
return 1;
}
But I stil have [error] client connection faild.
OK I find where does it come from : TELNET can't handle ssl so instead of use telnet I used openssl client :
openssl s_client -connect 127.0.0.1:5000
and it worked
Yes telnet is not capable of handling SSL. You can also have a look at netcat
Hi @yorickdewid,
I launched the server, launched a user.
User :
Server :
But when I run a command both user and server crash.
So
if(SSL_accept(cli->ssl) == -1)
is not respected.In the main cli->ssl is initialized like that :
Is that the way ctx is loaded that is wrong or my certificate/key are not correct ?
I created my cert and key with this command :