Are certificates required for client-only SSL/TLS apps?

Question

I am trying to develop a minimal client-only SSL/TLS app to connect to an https server. It always fails on on 'SSL_connect(). I haven't installed any certificates.
Are certicates required in such a case?
I've found many answers on SO and elsewhere that say NO with the caveat "unless required by the server".

Details:

I'm using the GitHub: OpenSSL package which I built from source.
All SSL calls prior to SSL_connect succeed,
On debugging, I see the error happening in function 'SSL_do_handshake' [returns -1].
I'e tried several different https servers with the same result.
I'm using MSVC 2019 on a Dell Optiplex Win10/64 machine
Ideally, I'd like to avoid certificates to avoid having (non-tech-savvy) end-users having to muck with certificates.

Code Synopsis:

Get method: TLS_client_method()
Get CTX: SSL_CTX_new(method)
Create socket 'sock'
Connect sock to host on port 443
Create SSL*: ssl=SSL_new(ctx)
SSL_set_fd(ssl, sock)
SSL_connect(ssl) [always fails]

dave_thompson_085 · Accepted Answer

"no Applink" explains the failure -- even though it caused ERR_print_errors_fp to also fail.

On Windows to pass opened files or sockets from your exe to the OpenSSL library if linked as DLL (which is the default, but overridable) you must compile and link into your application exe the supplied file include/openssl/applink.c (note .c not .h -- it's an include file but not a header file). See https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_Applink.html (though it's brief; I'm sure I've seen a better explanation somewhere, decades ago, but I can't find it now).

On MSVC I think you can just 'add' this file, or a copy, to your project and it will get compiled and linked automatically, but I no longer use it myself and can't verify. You may need to #include the file somewhere appropriate, like your main.c .

Are certificates required for client-only SSL/TLS apps?

Answers (2)

Related Questions