I’m building a custom reverse proxy using Zig and have integrated BoringSSL to support SSL/TLS. However, I’m having trouble configuring it correctly and can’t find sufficient documentation or examples to guide me.
Code Snippet: SSL Context Initialization
pub fn initializeSSLContext() !?*c.SSL_CTX {
c.SSL_load_error_strings();
const err = c.SSL_library_init();
if (err != 1) {
std.log.err("error ssl start ", .{});
return error.FailedToStartLibrary;
}
_ = c.OpenSSL_add_ssl_algorithms();
const method = c.TLS_server_method();
const ctx = c.SSL_CTX_new(method);
if (ctx == null) {
std.debug.print("Failed to create SSL context\n", .{});
return error.FailedToCreateContext;
}
// Load server certificate and private key
const certFile = "/certificate.crt"; // Path to server certificate
const keyFile = "/private.key"; // Path to private key
var certificate_buffer: [4096]u8 = undefined;
var private_buffer: [4096]u8 = undefined;
const abs_certificate_path = try std.fs.realpath(certFile, &certificate_buffer);
const abs_private_key_path = try std.fs.realpath(keyFile, &private_buffer);
if (c.SSL_CTX_use_certificate_file(ctx, abs_certificate_path.ptr, c.SSL_FILETYPE_PEM) <= 0) {
std.debug.print("Failed to load server certificate\n", .{});
return error.FailedToLoadCertificate;
}
if (c.SSL_CTX_use_PrivateKey_file(ctx, abs_private_key_path.ptr, c.SSL_FILETYPE_PEM) <= 0) {
std.debug.print("Failed to load private key\n", .{});
return error.FailedToLoadPrivateKey;
}
return ctx;
}
Code Snippet: Accepting Client Requests
In the part of my code where I accept client requests, I am getting the error SSL handshake failed
`const ssl_st = bssl.SSL_new(ssl_ctx);
if (ssl_st == null) {
std.debug.print("FailedToCreateSSLObject", .{});
return;
}
_=bssl.SSL_set_fd(ssl_st, client_fd);
// Perform SSL handshake
const err = bssl.SSL_accept(ssl_st);
if (err <= 0) {
const ssl_err = bssl.SSL_get_error(ssl_st, err);
std.debug.print("SSL handshake failed: {d}\n", .{ssl_err});
printSSLErrorMessage();
return;
}`
I cannot figure out why the SSL handshake fails. If anyone can help me with this issue, I would appreciate any C or Zig code examples for implementing SSL correctly. Additionally, if you have any good resources on how to configure BoringSSL effectively, that would be incredibly helpful!
Thank you for your assistance!
I tried to initialize BoringSSL in my Zig application to handle SSL/TLS for a custom reverse proxy. I set up the SSL context using the initializeSSLContext function, where I loaded the server certificate and private key. After that, I created an SSL object and attempted to perform an SSL handshake with a client.
I expected the SSL handshake to succeed and allow secure communication with the client. However, I encountered errors indicating that the SSL handshake failed, specifically with error codes that suggested issues with the SSL configuration or setup. The detailed error messages were SSL handshake failed followed by specific SSL error codes, indicating a problem during the handshake process.
You need to sign in to view this answers
