Website refusing to return cert openssl c++
by Mackyboy123 from LinuxQuestions.org on (#5E0GB)
I am developing an application that connects to a website and tries to verify if it provided a cert. Here is the(incomplete) code:
Code:
#include <iostream>
#include <openssl/x509.h>
#include <openssl/x509_vfy.h>
#include <sstream>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <string.h>
#include <unistd.h>
#include <vector>
#include <string>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/bio.h>
#include <openssl/conf.h>
class Website
{
int status, sock;
struct addrinfo hints;
struct addrinfo *servinfo;
SSL_CTX* ctx = NULL;
BIO *web = NULL, *out = NULL;
SSL *ssl = NULL;
long res = 1;
struct URL
{
std::string host;
std::string port;
std::string protocol;
};
URL url;
public:
Website(std::string url){
parseUrl(url);
if(Website::url.protocol == "http"){
establishConn();
} else if(Website::url.protocol == "https"){
initSSL();
initCTX();
if((web = BIO_new_ssl_connect(ctx)) == NULL) throw "Error in bio ssl";
if(BIO_set_conn_hostname(web, Website::url.host.c_str()) != 1) throw "BIO hostname error";
if(BIO_set_conn_port(web, Website::url.port.c_str()) != 1) throw "BIO port error";
BIO_get_ssl(web, &ssl);
if(ssl == NULL) throw "Error in ssl";
const char* const PREFERED_CIPHERS = "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4";
if(SSL_set_cipher_list(ssl, PREFERED_CIPHERS) != 1) throw "Cipher error";
if(SSL_set_tlsext_host_name(ssl, Website::url.host.c_str()) != 1) throw "Hostname error";
if((out= BIO_new_fp(stdout,BIO_NOCLOSE)) == NULL) throw "Error with out";
if(BIO_do_connect(web) == 0) throw "Error connecting";
if(BIO_do_handshake(web) == 0) throw "Error handshake";
X509* cert = SSL_get_peer_certificate(ssl);
if(cert) X509_free(cert);
if(cert == NULL) {throw "Error with cert"; ERR_print_errors_fp(stderr);}
if(SSL_get_verify_result(ssl) != X509_V_OK) throw "Error verifying cert";
/* establishConn();
if(SSL_set_fd(ssl, sock) == 0) throw "Error setting fd";
int SSL_status = SSL_connect(ssl);
switch(SSL_get_error(ssl,SSL_status)){
case SSL_ERROR_NONE:
//No error, do nothing
break;
case SSL_ERROR_ZERO_RETURN:
throw "Peer has closed connection";
break;
case SSL_ERROR_SSL:
ERR_print_errors_fp(stderr);
SSL_shutdown(ssl);
throw "Error in SSL library";
break;
default:
throw "Unknown error";
break;
}*/
}
}
~Website(){
if(Website::url.protocol =="http"){
close(sock);
freeaddrinfo(servinfo);
}else if(Website::url.protocol == "https"){
SSL_free(ssl);
SSL_CTX_free(ctx);
}
}
private:
//Setting up the SSL
void initSSL(void){
SSL_library_init();
}
void initCTX(){
const SSL_METHOD* method = TLS_method();
if((ctx = SSL_CTX_new(method)) == NULL) throw "Could not create CTX";
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
SSL_CTX_set_verify_depth(ctx, 4);
if((ssl = SSL_new(ctx)) == NULL) throw "Couldn't create SSL";
}
};/*When an external program calls the constructor, using google.com for the url, It runs without error until it gets to this line of code:
Code:X509* cert = SSL_get_peer_certificate(ssl);
if(cert) X509_free(cert);
if(cert == NULL) {ERR_print_errors_fp(stderr); throw "Error with cert";}This checks if the server has provided a certificate and throws an error and prints the SSL error stack. When I run my program, the server refuses to provide a certificate, which means that cert == NULL and the program exits after printing the error queue, which is:
Code:140014272479040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1913:Why is the server refusing to provide a certificate?
I am using Arch Linux.
Code:
#include <iostream>
#include <openssl/x509.h>
#include <openssl/x509_vfy.h>
#include <sstream>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <string.h>
#include <unistd.h>
#include <vector>
#include <string>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/bio.h>
#include <openssl/conf.h>
class Website
{
int status, sock;
struct addrinfo hints;
struct addrinfo *servinfo;
SSL_CTX* ctx = NULL;
BIO *web = NULL, *out = NULL;
SSL *ssl = NULL;
long res = 1;
struct URL
{
std::string host;
std::string port;
std::string protocol;
};
URL url;
public:
Website(std::string url){
parseUrl(url);
if(Website::url.protocol == "http"){
establishConn();
} else if(Website::url.protocol == "https"){
initSSL();
initCTX();
if((web = BIO_new_ssl_connect(ctx)) == NULL) throw "Error in bio ssl";
if(BIO_set_conn_hostname(web, Website::url.host.c_str()) != 1) throw "BIO hostname error";
if(BIO_set_conn_port(web, Website::url.port.c_str()) != 1) throw "BIO port error";
BIO_get_ssl(web, &ssl);
if(ssl == NULL) throw "Error in ssl";
const char* const PREFERED_CIPHERS = "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4";
if(SSL_set_cipher_list(ssl, PREFERED_CIPHERS) != 1) throw "Cipher error";
if(SSL_set_tlsext_host_name(ssl, Website::url.host.c_str()) != 1) throw "Hostname error";
if((out= BIO_new_fp(stdout,BIO_NOCLOSE)) == NULL) throw "Error with out";
if(BIO_do_connect(web) == 0) throw "Error connecting";
if(BIO_do_handshake(web) == 0) throw "Error handshake";
X509* cert = SSL_get_peer_certificate(ssl);
if(cert) X509_free(cert);
if(cert == NULL) {throw "Error with cert"; ERR_print_errors_fp(stderr);}
if(SSL_get_verify_result(ssl) != X509_V_OK) throw "Error verifying cert";
/* establishConn();
if(SSL_set_fd(ssl, sock) == 0) throw "Error setting fd";
int SSL_status = SSL_connect(ssl);
switch(SSL_get_error(ssl,SSL_status)){
case SSL_ERROR_NONE:
//No error, do nothing
break;
case SSL_ERROR_ZERO_RETURN:
throw "Peer has closed connection";
break;
case SSL_ERROR_SSL:
ERR_print_errors_fp(stderr);
SSL_shutdown(ssl);
throw "Error in SSL library";
break;
default:
throw "Unknown error";
break;
}*/
}
}
~Website(){
if(Website::url.protocol =="http"){
close(sock);
freeaddrinfo(servinfo);
}else if(Website::url.protocol == "https"){
SSL_free(ssl);
SSL_CTX_free(ctx);
}
}
private:
//Setting up the SSL
void initSSL(void){
SSL_library_init();
}
void initCTX(){
const SSL_METHOD* method = TLS_method();
if((ctx = SSL_CTX_new(method)) == NULL) throw "Could not create CTX";
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
SSL_CTX_set_verify_depth(ctx, 4);
if((ssl = SSL_new(ctx)) == NULL) throw "Couldn't create SSL";
}
};/*When an external program calls the constructor, using google.com for the url, It runs without error until it gets to this line of code:
Code:X509* cert = SSL_get_peer_certificate(ssl);
if(cert) X509_free(cert);
if(cert == NULL) {ERR_print_errors_fp(stderr); throw "Error with cert";}This checks if the server has provided a certificate and throws an error and prints the SSL error stack. When I run my program, the server refuses to provide a certificate, which means that cert == NULL and the program exits after printing the error queue, which is:
Code:140014272479040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1913:Why is the server refusing to provide a certificate?
I am using Arch Linux.