我正在尝试从Windows计算机连接Linux服务器。运行SSL服务器的服务器。在Linux机器中,SSL客户端和服务器工作正常。但是我在Windows 7 VS 2010中通过错误 SSL_ERROR_SSL 而在 SSL_Connect 中使用的同一客户端。
服务器错误:“ 1112340720:错误:1408A0C1:SSL例程:SSL3_GET_CLIENT_HELLO:无共享密码:s3_srvr.c:1358:”
客户端错误: SSL_ERROR_SSL失败
如果我在Linux中使用客户端,则使用相同的证书和密码。但同样会在Windows中给我错误。
我添加了示例VS2010客户端代码。
// SSL_Client.cpp : Defines the entry point for the console application.
//
#include <atlstr.h>
#include "stdafx.h"
#include "bio.h"
#include "err.h"
#include "rand.h"
#include "ssl.h"
#include "x509v3.h"
//#pragma comment(lib, "Ws2_32.lib")
int _tmain(int argc, _TCHAR* argv[])
{
if(!SSL_library_init( ))
{
printf("Library Load\n");
return 0;
}
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
WSADATA wData;
WSAStartup(MAKEWORD(2,2),&wData);
int iFlag = 1;
struct sockaddr_in sServerAddr;
SSL_CTX * pSslCtx;
BIO * pBIOConn;
SSL * pSSLConn;
pSslCtx = SSL_CTX_new(SSLv23_method());
// TODO: Add your control notification handler code here
if(!pSslCtx)
{
printf("New CTX failed");
return 0;
}
char CertLoad[1024];
sprintf_s(CertLoad,1024,"C:\\VisualStudio\\SSL_sample\\ssl_auth_certificate.cer");
if (SSL_CTX_load_verify_locations(pSslCtx,CertLoad, NULL) != 1)
{
printf("SSL_CTX_load_verify_locations failed");
return 0;
}
if (SSL_CTX_set_default_verify_paths(pSslCtx) != 1)
{
printf("SSL_CTX_set_default_verify_paths failed");
return 0;
}
sprintf_s(CertLoad,1024,"C:\\VisualStudio\\SSL_sample\\ssl_client_certificate.cer");
if (SSL_CTX_use_certificate_chain_file(pSslCtx, CertLoad) != 1)
{
printf("SSL_CTX_use_certificate_chain_file failed");
return 0;
}
sprintf_s(CertLoad,1024,"C:\\VisualStudio\\SSL_sample\\ssl_client_private_key.key");
if (SSL_CTX_use_PrivateKey_file(pSslCtx, CertLoad, SSL_FILETYPE_PEM) != 1)
{
printf("SSL_CTX_use_PrivateKey_file failed");
return 0;
}
SSL_CTX_set_options(pSslCtx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
if (SSL_CTX_set_cipher_list(pSslCtx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH") != 1)
{
printf("SSL_CTX_set_default_verify_paths failed");
return 0;
}
SSL_CTX_set_verify(pSslCtx, SSL_VERIFY_NONE, NULL);
memset(&sServerAddr, 0, sizeof(sServerAddr));
sServerAddr.sin_family = AF_INET;
unsigned long inaddr = inet_addr("192.168.1.24");
memcpy(&sServerAddr.sin_addr,&inaddr,sizeof(inaddr));
sServerAddr.sin_port = htons(54321);
SOCKET iSocket = 0;
iSocket = socket(AF_INET, SOCK_STREAM, 0);
int lasterr = WSAGetLastError();
if( iSocket == INVALID_SOCKET)
{
printf("Connection fialed");
return 0;
}
setsockopt(iSocket,
SOL_SOCKET,
SO_KEEPALIVE,
(char*)&iFlag,
(int)sizeof(iFlag));
u_long uMode = 0;
if(ioctlsocket(iSocket, FIONBIO, &uMode) != 0 )
{
int lasterr = WSAGetLastError();
printf("Connection fialed");
}
if(connect(iSocket,
(struct sockaddr *) &sServerAddr,
(int) sizeof(sServerAddr)) == -1)
{
int lasterr = WSAGetLastError();
printf("Connection fialed");
return 0;
}
pSSLConn = SSL_new(pSslCtx);
if(!pSSLConn)
{
printf("SSL_new failed");
return 0;
}
SSL_set_fd(pSSLConn, iSocket);
pBIOConn = BIO_new_socket(iSocket, BIO_NOCLOSE);
SSL_set_bio(pSSLConn, pBIOConn, pBIOConn);
SSL_set_connect_state(pSSLConn);
int retssl = SSL_connect(pSSLConn);
if (retssl <= 0)
{
switch(SSL_get_error(pSSLConn,retssl))
{
case SSL_ERROR_NONE:
printf("SSL_ERROR_NONE failed");
break;
case SSL_ERROR_ZERO_RETURN:
printf("SSL_ERROR_ZERO_RETURN failed");
break;
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
printf("SSL_ERROR_WANT_READ SSL_ERROR_WANT_WRITE failed");
break;
case SSL_ERROR_WANT_CONNECT:
case SSL_ERROR_WANT_ACCEPT:
printf("SSL_ERROR_WANT_CONNECT SSL_ERROR_WANT_ACCEPT failed");
break;
case SSL_ERROR_WANT_X509_LOOKUP:
printf("SSL_ERROR_WANT_X509_LOOKUP failed");
break;
case SSL_ERROR_SYSCALL:
printf("SSL_ERROR_SYSCALL failed");
break;
case SSL_ERROR_SSL:
printf("SSL_ERROR_SSL failed");
break;
}
return 0;
}
return 0;
}