Re: Securing socket programming
Re: Securing socket programming
- Subject: Re: Securing socket programming
- From: Mark Thomas <email@hidden>
- Date: Tue, 09 Aug 2005 17:23:26 +0100
- Organization: Coderus Ltd
Hi,
Thanks for the clarity of path, but I was also wondering does anybody know
of some simple examples using this as so far the only ones I find using
OpenSSL is when they are introducing their own certificates into the mix it
looks like.
As all I want to do is use what ever the basic certificates as part of the
OS are e.g. in a https transaction. Then send up and back some data.
From API front it looks fairly simple using SSL_read and SSL_write, but I
think for setup I need just say
Sock = <connected socket to port 443>
meth = SSLv23_method()
Cts = SSL_CTX_new(meth);
... (I've removed the code here about setting up your certificate, as I
don't this I think ?)
ssl=SSL_new(cts);
sbio=BIO_new_socket(sock, BIO_NOCLOSE);
SSL_set_bio(ssl,sbio,sbio)
SSL_connect(ssl);
..etc (then any SSL_read / SSL_write's)
And I think that's it, I'm presently building up a sample to prove this but
I wanted to ask if I was heading in the right direction here, or missing
something really obvious.
Yes I need to keep the code as much cross-platform as possible, as would
love to do a MacOS-only code base and use a high level calls, but I need
code to work on Solaris and other platforms as well.
Thanks in advance
Mark.
> Certainly if you need portability to another platform, OpenSSL is the
> way to go, but if you're content with Mac-only code, you should look
> at CFNetwork. CFNetwork provides a top-level API which spares you
> from much of the details of setting up and using SSL; you specify the
> host and port you wish to connect to, and the SSL protocol you wish
> to use, and then just read from the resulting stream. And if your
> interest is to perform HTTPS requests, you should look at
> CFHTTPStream, which will handle HTTPS URLs just fine.
>
> Hope that helps,
> REW
>
>
> On Aug 8, 2005, at 8:01 AM, Mark Thomas wrote:
>
>> Hi,
>> I'm needing to move some code over to SSL, and I can see there is
>> either
>> SecureTransport or OpenSSL which I can use.
>>
>> So far I think the OpenSSL might give me a better choice because of
>>
>> 1) More portable to move code to other platforms ?
>>
>> 2) Sample code so far seems little less complicated, but that might be
>> because I still don't really understand this so far, and the
>> SecureTransport
>> sample isn't very straight forward as has heaps of options in it.
>>
>> Does anybody have an recommendations or pitfalls which I might come
>> across, as I need this code to work from 10.2.0 onwards.
>>
>> My present understand on this SSL mechanism is that you open a basic
>> socket on the secure serve socket e.g. 443 for http, and then you
>> have to
>> kick off the SSL api's ?
>>
>> Thanks in advance
>> Mark.
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Macnetworkprog mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>>
>
>
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden