bio = BIO_new_ssl_connect(ctx);and
BIO_get_ssl(bio, & ssl);
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
/* Attempt to connect */
BIO_set_conn_hostname(bio, "hostname:port");
/* Verify the connection opened and perform the handshake */
if(BIO_do_connect(bio) <= 0) {
/* Handle failed connection */
}
if(SSL_get_verify_result(ssl) != X509_V_OK) {
/* Handle the failed verification */
}The object bio should hold all that I need after the call to BIO_do_connect, as I believe that's where the TLS handshake takes place. Since that's probably the last function call that I know will be called by the client application, it seems that I should try to insert my code there.Setting up the connection is done by functions in the crypto/bio/bss_conn.c file, but it's not clear to me where (or even if) it's validating the certificate. I don't think it is, it seems to handle the connection only.
Also was checking out the file ssl/s3_clnt.c - severely dense, but might be useful from a learning perspective.
Now time to sleep.
No comments:
Post a Comment