[Libevent-users] 2.0.3 alpha works great with client certificate

[Tom Pusateri <pusateri@xxxxxxxxx>]

Just a note to say thanks for the new OpenSSL support!

I tried 2.0.3 alpha against the Apple Push notification feedback service which requires a client key/certificate and it works great.

One hint... Make sure you add the key and cert to the SSL context before calling SSL_new(). Otherwise, you'll get an error that looks like:

sslv3 alert handshake failure in SSL routines SSL3_READ_BYTES

Here's the working code:

static void
init_feedback_service(struct event_base *ev_base, struct evdns_base *dns)
{
    int rc;
    struct bufferevent *bev;
    SSL_CTX *ssl_ctx;
    SSL *ssl;

    ssl_ctx = SSL_CTX_new(SSLv3_method());

    rc = SSL_CTX_use_certificate_file(ssl_ctx, "my_apple_cert_and_key.pem", SSL_FILETYPE_PEM);
    if (rc != 1) {
        errx(EXIT_FAILURE, "Could not load certificate file");
    }
    rc = SSL_CTX_use_PrivateKey_file(ssl_ctx, "my_apple_cert_and_key.pem", SSL_FILETYPE_PEM);
    if (rc != 1) {
        errx(EXIT_FAILURE, "Could not load private key file");
    }

    ssl = SSL_new(ssl_ctx);
    bev = bufferevent_openssl_socket_new(ev_base, -1, ssl, BUFFEREVENT_SSL_CONNECTING, BEV_OPT_CLOSE_ON_FREE);
    bufferevent_setcb(bev, feedback_read_cb, NULL, feedback_event_cb, NULL);
    rc = bufferevent_socket_connect_hostname(bev, dns, AF_INET, "feedback.sandbox.push.apple.com", 2196);
    if (rc < 0) {
        warnx("could not connect to feedback service: %s",
              evutil_socket_error_to_string(EVUTIL_SOCKET_ERROR()));
        bufferevent_free(bev);
        return;
    }
    bufferevent_enable(bev, EV_READ);
}

Thanks,
Tom

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.