From eay@orb.mincom.oz.au Mon Jun 5 20:05:34 1995 Received: from bunyip.cc.uq.oz.au by psych.psy.uq.oz.au id ; Mon, 5 Jun 1995 20:05:33 +1000 Received: from cc.uq.oz.au by bunyip.cc.uq.oz.au id <01003-0@bunyip.cc.uq.oz.au>; Mon, 5 Jun 1995 20:05:14 +1000 Received: from orb.mincom.oz.au by minbne.mincom.oz.au with SMTP id AA21065 (5.65c/IDA-1.4.4 for eay@psych.psy.uq.oz.au); Mon, 5 Jun 1995 19:23:54 +1000 Received: by orb.mincom.oz.au id AA15672 (5.65c/IDA-1.4.4 for eay@psych.psy.uq.oz.au); Mon, 5 Jun 1995 19:27:03 +1000 Date: Mon, 5 Jun 1995 19:27:03 +1000 From: Eric Young Message-Id: <199506050927.AA15672@orb.mincom.oz.au> To: eay@psych.psy.uq.oz.au Subject: patch Content-Length: 4189 Sender: eay@orb.mincom.oz.au Status: O X-Status: Date: Mon, 5 Jun 1995 10:43:21 +1000 (EST) From: Eric Young To: "James G. Speth" Cc: ssl-users@mincom.oz.au Subject: Re: ssl_client problem and various thoughts In-Reply-To: Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Precedence: bulk Status: RO X-Status: Just a quick reply; On Sun, 4 Jun 1995, James G. Speth wrote: > verify depth is 4 > conn: Connection refused > connect:mconecting: Connection refused This is actually the connect(2) system call failing, bet you are coming from an intel box (little endian). I have a 'bug' in my ssl_client and ssl_server code where I don't convert the port number to network byte order :-(. I've been working on big-endian machines for too long :-(. Well I suppose I can claim this is not a bug in my SSL library, just a bug in my demo programs :-). There is also an error with my error string formating. Patches to ssl_client/ssl_server follow. I have also added the -cipher flag so that you can specify your prefered cipher. If this is not set, the environment variable SSL_CIPHER is used. SSLeay 4.1.1 :-). *** ../lib.0.4.1/ssl/ssl_server.c Fri Jun 2 09:00:28 1995 --- ssl/ssl_server.c Mon Jun 5 09:59:42 1995 *************** *** 265,271 **** if ((serv=getservbyname(service,PROTO)) == NULL) { serv=&ser; ! ser.s_port=port; } server.sin_family=AF_INET; --- 265,271 ---- if ((serv=getservbyname(service,PROTO)) == NULL) { serv=&ser; ! ser.s_port=htons(port); } server.sin_family=AF_INET; *** ../lib.0.4.1/ssl/ssl_client.c Fri Jun 2 08:59:36 1995 --- ssl/ssl_client.c Mon Jun 5 09:59:33 1995 *************** *** 44,49 **** --- 44,51 ---- fprintf(stderr," -CApath arg - PEM format directory of CA's\n"); fprintf(stderr," -CAfile arg - PEM format file of CA's\n"); fprintf(stderr," -reconect - Drop and re-make the connection with the same Session-ID\n"); + fprintf(stderr," -cipher - prefered cipher to use, ':' seperated list of the following\n"); + fprintf(stderr," RC4-MD5 EXP-RC4-MD5 CBC-DES-MD5 CBC3-DES-MD5 CFB-DES-NULL\n"); } main(argc,argv) *************** *** 57,63 **** int port=PORT; char *host=SSL_HOST_NAME; char *cert_file=NULL,*key_file=NULL; ! char *CApath=NULL,*CAfile=NULL; int reconnect=0,badop=0,verify=SSL_VERIFY_NONE; argc--; --- 59,65 ---- int port=PORT; char *host=SSL_HOST_NAME; char *cert_file=NULL,*key_file=NULL; ! char *CApath=NULL,*CAfile=NULL,*cipher=NULL; int reconnect=0,badop=0,verify=SSL_VERIFY_NONE; argc--; *************** *** 106,111 **** --- 108,118 ---- if (argc-- < 1) goto bad; CAfile= *(++argv); } + else if (strcmp(*argv,"-cipher") == 0) + { + if (argc-- < 1) goto bad; + cipher= *(++argv); + } else { fprintf(stderr,"unknown option %s\n",*argv); *************** *** 139,145 **** SSL_set_fd(con,s); SSL_set_verify(con,verify,verify_callback); ! SSL_set_pref_cipher(con,getenv("SSL_CIPHER")); set_cert_stuff(con,cert_file,key_file); if (!SSL_connect(con)) --- 146,156 ---- SSL_set_fd(con,s); SSL_set_verify(con,verify,verify_callback); ! if (cipher == NULL) ! SSL_set_pref_cipher(con,getenv("SSL_CIPHER")); ! else ! SSL_set_pref_cipher(con,cipher); ! set_cert_stuff(con,cert_file,key_file); if (!SSL_connect(con)) *************** *** 252,258 **** if ((serv=getservbyname(service,PROTO)) == NULL) { serv= &ser; ! ser.s_port=port; } host=gethostbyname(server); --- 263,269 ---- if ((serv=getservbyname(service,PROTO)) == NULL) { serv= &ser; ! ser.s_port=htons(port); } host=gethostbyname(server); *************** *** 296,303 **** if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1) { close(s); ! perror("conn"); ! fprintf(stderr,"connect:%m"); return(0); } *sock=s; --- 307,313 ---- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1) { close(s); ! perror("connect"); return(0); } *sock=s;