OpenQNX :: The QNX Community Portal

 May 13, 2008 - 12:23 PM
Google
  Web openqnx.com   
     Create an account Home · Submit News · QNX Forums · QNX Download · Search   
_
Main Menu
Who's Online
There are 57 unlogged users and 2 registered users online.

You can log-in or register for a user account here.
FAQ FAQ  •  Search Search  •  Register Register  •  Log in to check your private messages Log in to check your private messages
Log in Log in

openssl not working on QNX4
OpenQNX Forum Index » QNX Developers » General Programming
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Author Message
GeorgeHu
Post subject: openssl not working on QNX4  PostPosted: Apr 17, 2008 - 03:26 PM
New Member


Joined: Oct 16, 2007
Posts: 2
I tried both opensll 0.9.8g and 0.9.7f on QNX4.25 with watcom 10.6 compiler, and I got error message "ssl handshake failure" on server side when client tries to connect it. However, the same sample codes/openssl are working in QNX6.3. Any thing I missing?
Thanks for help.
Here are my sample codes.

ssl_server.c

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <netdb.h>
#include <unistd.h>

#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>

#include <openssl/crypto.h>
#include <openssl/ssl.h>
#include <openssl/err.h>

#define RSA_SERVER_CERT "server.crt"
#define RSA_SERVER_KEY "server.key"

#define RSA_SERVER_CA_CERT "server_ca.crt"

#define RETURN_NULL(x) if ((x)==NULL) exit(1)
#define RETURN_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
#define RETURN_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(1); }

void main()
{
int err;

int listen_sock;
int sock;
struct sockaddr_in sa_serv;
struct sockaddr_in sa_cli;
size_t client_len;
char *str;
char buf[4096];

SSL_CTX *ctx;
SSL *ssl;
SSL_METHOD *meth;

X509 *client_cert = NULL;

short int s_port = 5001;

/*----------------------------------------------------------------*/
/* Load encryption & hashing algorithms for the SSL program */
SSL_library_init();

/* Load the error strings for SSL & CRYPTO APIs */
SSL_load_error_strings();

/* Create a SSL_METHOD structure (choose a SSL/TLS protocol version) */
meth = SSLv3_method();

/* Create a SSL_CTX structure */
ctx = SSL_CTX_new(meth);

if (!ctx)
{
ERR_print_errors_fp(stderr);
exit(1);
}

/* Load the server certificate into the SSL_CTX structure */
if (SSL_CTX_use_certificate_file(ctx, RSA_SERVER_CERT, SSL_FILETYPE_PEM) <= 0)
{
ERR_print_errors_fp(stderr);
exit(1);
}

/* Load the private-key corresponding to the server certificate */
if (SSL_CTX_use_PrivateKey_file(ctx, RSA_SERVER_KEY, SSL_FILETYPE_PEM) <= 0)
{
ERR_print_errors_fp(stderr);
exit(1);
}

/* Check if the server certificate and private-key matches */
if (!SSL_CTX_check_private_key(ctx))
{
fprintf(stderr,"Private key does not match the certificate public key\n");
exit(1);
}

/* ----------------------------------------------- */
/* Set up a TCP socket */
listen_sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
RETURN_ERR(listen_sock, "socket");

memset (&sa_serv, '\0', sizeof(sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
sa_serv.sin_port = htons (s_port); /* Server Port number */
err = bind(listen_sock, (struct sockaddr*)&sa_serv,sizeof(sa_serv));
RETURN_ERR(err, "bind");

/* Wait for an incoming TCP connection. */
err = listen(listen_sock, 5);
RETURN_ERR(err, "listen");
client_len = sizeof(sa_cli);

/* Socket for a TCP/IP connection is created */
printf ("server accepting...\n");
sock = accept(listen_sock, (struct sockaddr*)&sa_cli, &client_len);
RETURN_ERR(sock, "accept");
close (listen_sock);

printf ("Connection from %lx, port %x\n", sa_cli.sin_addr.s_addr, sa_cli.sin_port);

/* ----------------------------------------------- */
/* TCP connection is ready. */
/* A SSL structure is created */
ssl = SSL_new(ctx);
RETURN_NULL(ssl);

/* Assign the socket into the SSL structure (SSL and socket without BIO) */
SSL_set_fd(ssl, sock);
/* Perform SSL Handshake on the SSL server */
err = SSL_accept(ssl);
RETURN_SSL(err);

/* Informational output (optional) */
printf("SSL connection using %s\n", SSL_get_cipher (ssl));

/*------- DATA EXCHANGE - Receive message and send reply. -------*/
/* Receive data from the SSL client */
err = SSL_read(ssl, buf, sizeof(buf) - 1);
RETURN_SSL(err);

buf[err] = '\0';
printf ("Received %d chars:'%s'\n", err, buf);

/* Send data to the SSL client */
err = SSL_write(ssl, "This message is from the SSL server", strlen("This message is from the SSL server"));
RETURN_SSL(err);

/*--------------- SSL closure ---------------*/
/* Shutdown this side (server) of the connection. */
err = SSL_shutdown(ssl);
RETURN_SSL(err);

/* Terminate communication on a socket */
err = close(sock);
RETURN_ERR(err, "close");

/* Free the SSL structure */
SSL_free(ssl);
/* Free the SSL_CTX structure */
SSL_CTX_free(ctx);
}


ssl_client.c

#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <netdb.h>
#include <unistd.h>

#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>

#include <openssl/crypto.h>
#include <openssl/ssl.h>
#include <openssl/err.h>

#define RETURN_NULL(x) if ((x)==NULL) exit (1)
#define RETURN_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
#define RETURN_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(1); }

#define RSA_CLIENT_CA_CERT "client_ca.crt"

void main()
{
int err;
int sock;
struct sockaddr_in server_addr;
char *str;
char buf [4096];
char hello[80];

SSL_CTX *ctx;
SSL *ssl;
SSL_METHOD *meth;
X509 *server_cert;
EVP_PKEY *pkey;

BIO *sbio;

short int s_port = 5001;
const char *s_ipaddr = "127.0.0.1";

/*----------------------------------------------------------*/
sprintf(hello, "message from ssl_clent");

/* Load encryption & hashing algorithms for the SSL program */
SSL_library_init();

/* Load the error strings for SSL & CRYPTO APIs */
SSL_load_error_strings();

/* Create an SSL_METHOD structure (choose an SSL/TLS protocol version) */
meth = SSLv3_method();

/* Create an SSL_CTX structure */
ctx = SSL_CTX_new(meth);
RETURN_NULL(ctx);

/* Load the RSA CA certificate into the SSL_CTX structure */
/* This will allow this client to verify the server's */
/* certificate. */

if (!SSL_CTX_load_verify_locations(ctx, RSA_CLIENT_CA_CERT, NULL))
{
ERR_print_errors_fp(stderr);
exit(1);
}

/* Set flag in context to require peer (server) certificate */
/* verification */

SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL);
SSL_CTX_set_verify_depth(ctx,1);
/* ------------------------------------------------------------- */
/* Set up a TCP socket */
sock = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP);
RETURN_ERR(sock, "socket");

memset (&server_addr, '\0', sizeof(server_addr));
server_addr.sin_family = AF_INET;
server_addr.sin_port = htons(s_port); /* Server Port number */
server_addr.sin_addr.s_addr = inet_addr(s_ipaddr); /* Server IP */

/* Establish a TCP/IP connection to the SSL client */
printf ("connect to server...\n");
err = connect(sock, (struct sockaddr*) &server_addr, sizeof(server_addr));
RETURN_ERR(err, "connect");
/* ----------------------------------------------- */
/* An SSL structure is created */

ssl = SSL_new (ctx);
RETURN_NULL(ssl);

/* Assign the socket into the SSL structure (SSL and socket without BIO) */
SSL_set_fd(ssl, sock);
/* Perform SSL Handshake on the SSL client */
err = SSL_connect(ssl);

printf("ssl_connect=%s\n", (err==-1)?"fail":"ok");
RETURN_SSL(err);

/* Informational output (optional) */
printf ("SSL connection using %s\n", SSL_get_cipher (ssl));

/* Get the server's certificate (optional) */
server_cert = SSL_get_peer_certificate (ssl);

if (server_cert != NULL)
{
printf ("Server certificate:\n");
str = X509_NAME_oneline(X509_get_subject_name(server_cert),0,0);
RETURN_NULL(str);
printf ("\t subject: %s\n", str);
free (str);

str = X509_NAME_oneline(X509_get_issuer_name(server_cert),0,0);
RETURN_NULL(str);
printf ("\t issuer: %s\n", str);
free(str);

X509_free (server_cert);
}
else
printf("The SSL server does not have certificate.\n");


/*-------- DATA EXCHANGE - send message and receive reply. -------*/
/* Send data to the SSL server */
err = SSL_write(ssl, hello, strlen(hello));
RETURN_SSL(err);

/* Receive data from the SSL server */
err = SSL_read(ssl, buf, sizeof(buf)-1);

RETURN_SSL(err);
buf[err] = '\0';
printf ("Received %d chars:'%s'\n", err, buf);

/*--------------- SSL closure ---------------*/
/* Shutdown the client side of the SSL connection */

err = SSL_shutdown(ssl);
RETURN_SSL(err);

/* Terminate communication on a socket */
err = close(sock);

RETURN_ERR(err, "close");

/* Free the SSL structure */
SSL_free(ssl);

/* Free the SSL_CTX structure */
SSL_CTX_free(ctx);
}
 
 View user's profile Send private message  
Reply with quote Back to top
micro
Post subject: RE: openssl not working on QNX4  PostPosted: Apr 18, 2008 - 12:04 PM
Senior Member


Joined: Jul 22, 2004
Posts: 315
QNX 4.25 and QNX6.3 use different compilers.

For example Watcom has a default packed structure, which may could be the problem.
You can try this by filling up the structures, so arrays and blocks start on byte boundaries.
 
 View user's profile Send private message  
Reply with quote Back to top
Display posts from previous:     
Jump to:  
All times are GMT
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
 OpenQNX Forum Index » QNX Developers »  General Programming
Powered by PNphpBB2 © 2003-2007 The PNphpBB Group
Credits
All logos and trademarks in this site are property of their respective owners. The comments are property of their posters.
Powered by OpenQNX: The QNX Community Portal Site
QNX and the QNX logo are registered trademarks of QNX Software Systems.