openssl BIO_do_connect returns 0 for ssl

StackOverflow https://stackoverflow.com/questions/21533749

  •  06-10-2022
  •  | 
  •  

Question

Here's my simple openssl client test case trying to connect to google.com:443.

According to the manual, BIO_do_connect should return 1, 0 or -1. Google didn't find me anyone for whom it returns 0, which it does for me.

#include <stdio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>

int main()
{
    SSL_load_error_strings();
    SSL_library_init();
    ERR_load_BIO_strings();
    OpenSSL_add_all_algorithms();

    SSL_CTX *p_ssl_ctx = NULL;
    SSL     *p_ssl     = NULL;
    BIO     * bio      = NULL;
    int r = 0;

    // init ssl context
    p_ssl_ctx = SSL_CTX_new(SSLv2_client_method());   /* Create new context */
    if (p_ssl_ctx == NULL)
    {
        ERR_print_errors_fp(stderr);
        return 3;
    }

    const char *store_path = "/etc/ssl/certs/ca-certificates.crt";
    r = SSL_CTX_load_verify_locations(p_ssl_ctx, store_path, NULL);
    if (r == 0) {
        fprintf(stderr, "Unable to load the trust store from %s.\n", store_path);
        return 4;
    }

    bio = BIO_new_ssl_connect(p_ssl_ctx);
    if (!bio) {
        fprintf(stderr, "no bio \n");
        return 5;
    }

    BIO_get_ssl(bio, &p_ssl);
    if (!(p_ssl)) {
        fprintf(stderr, "no ssl\n");
        return 6;
    }

    SSL_set_mode(p_ssl, SSL_MODE_AUTO_RETRY);
    BIO_set_conn_hostname(bio, "www.google.com:443");

    r  = BIO_do_connect(bio);
    if (r < 1) {
        fprintf(stderr, "BIO_new_ssl_connect failed: %lu (0x%lx)\n", r, r);
        fprintf(stderr, "Error: %s\n", ERR_reason_error_string(ERR_get_error()));
        fprintf(stderr, "%s\n", ERR_error_string(ERR_get_error(), NULL));
        ERR_print_errors_fp(stderr);
        perror("bio");
        return 7;
    }

    if (SSL_get_verify_result(p_ssl) != X509_V_OK) {
        fprintf(stderr, "Unable to verify connection result.\n");
        return 8;
    }

    return 0;
}

returns:

BIO_new_ssl_connect failed: 0 (0x0)
Error: (null)
error:00000000:lib(0):func(0):reason(0)
bio: Success

so how do i get the actual error out of this?

Was it helpful?

Solution

For getting the last state of your SSL connection in your code you can add something like fprintf(stderr,"p_ssl state: %s\n",SSL_state_string_long(p_ssl));.

More generally I suggest you to add an info callback like this : http://www.openssl.org/docs/ssl/SSL_CTX_set_info_callback.html

For your case, you must replace SSLv2_client_method() by something like TLSv1_client_method().

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top