yorickdewid
commented
8 years ago I would almost say the self signed certificate is rejected. You can avoid this by setting SSL_CTX_set_verify
Closed noraj closed 8 years ago
yorickdewid
commented
8 years ago I would almost say the self signed certificate is rejected. You can avoid this by setting SSL_CTX_set_verify
noraj
commented
8 years ago I took a look at openssl doc, ssl_ctx_set_verify and added SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
between
ctx = SSL_CTX_new(SSLv3_server_method());
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
load_certificate(ctx, cert, key);But I still have the same error.
noraj
commented
8 years ago I understand that SSL_CTX_set_verify is for the certificate and SSL_set_verify if for the clients so I added SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL); but now have a seg fault.
noraj
commented
8 years ago I also tried to override the callback :
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, krx_ssl_verify_peer);with
int krx_ssl_verify_peer(int ok, X509_STORE_CTX* ctx) {
return 1;
}But I stil have [error] client connection faild.
noraj
commented
8 years ago OK I find where does it come from : TELNET can't handle ssl so instead of use telnet I used openssl client :
openssl s_client -connect 127.0.0.1:5000 and it worked
yorickdewid
commented
8 years ago Yes telnet is not capable of handling SSL. You can also have a look at netcat
Hi @yorickdewid,
I launched the server, launched a user.
User :
Server :
But when I run a command both user and server crash.
So
if(SSL_accept(cli->ssl) == -1)is not respected.In the main cli->ssl is initialized like that :
Is that the way ctx is loaded that is wrong or my certificate/key are not correct ?
I created my cert and key with this command :