[openssl-users] [Version-2] Sequence of steps to initialize a ssl-session (only client-mode)

Ajay Garg ajaygargnsit at gmail.com
Mon Oct 10 05:53:14 UTC 2016 

[Thanks Viktor, I made the change as suggested by you in the other
incomplete email that I sent accidentally].


Hi All.

We are just dealing with the client-side, and following are the steps ::

#################################################################################################
    SSL_library_init();
    OpenSSL_add_ssl_algorithms();
    OpenSSL_add_all_algorithms();
    SSL_load_error_strings();
    ERR_load_crypto_strings();

    solitary_ssl_ctx = SSL_CTX_new(SSLv23_client_method());
    if(solitary_ssl_ctx == NULL)
    {
        // Control does not reach here.
    }

    if(!SSL_CTX_use_certificate_file(solitary_ssl_ctx,
"/path/of/certificate", SSL_FILETYPE_PEM))
    {
        // Control does not reach here.
    }

    if(!SSL_CTX_use_PrivateKey_file(solitary_ssl_ctx, "/path/of/key",
SSL_FILETYPE_PEM))
    {
        // Control does not reach here.
    }

    socket->ssl = SSL_new(solitary_ssl_ctx);
    if(socket->ssl == NULL)
    {
        // Control does not reach here.
    }

    if (!BIO_new_bio_pair(&(socket->inter_bio), SSL_BUFFER_SIZE,
&(socket->network_bio), SSL_BUFFER_SIZE));
    {
        // *CONTROL REACHES HERE*
    }

    socket->ssl_bio = BIO_new(BIO_f_ssl());
    if (!(socket->ssl_bio))
    {
        // Status Unknown
    }

    SSL_set_connect_state(socket->ssl);
    SSL_set_bio(socket->ssl, socket->inter_bio, socket->inter_bio);
    (void)BIO_set_ssl(socket->ssl_bio, socket->ssl, BIO_NOCLOSE);
#################################################################################################




The socket structure has the following ::

#################################################################################################
           SSL *ssl;

           BIO *ssl_bio;                 // app-payload-bytes will be
written by app into it.
           BIO *inter_bio;               // intermediate-bio, have no idea
what it really is used for.
           BIO *network_bio;          // app-payload-encrypted-bytes will
"emerge" from this bio, ready to be written over the wire
#################################################################################################



I have followed the minimal steps (only for client-mode) as per
http://opensource.apple.com/source/OpenSSL096/OpenSSL096-6.2/openssl/ssl/ssltest.c
So, what am I missing which is causing

                   BIO_new_bio_pair

to fail?


Thanks and Regards,
Ajay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20161010/1fa7508a/attachment-0001.html>

More information about the openssl-users mailing list