Re: Securing socket programming
Re: Securing socket programming
- Subject: Re: Securing socket programming
- From: Becky Willrich <email@hidden>
- Date: Wed, 17 Aug 2005 10:33:33 -0700
Take a look at /Developer/Examples/Networking/GET Example; /Developer/
Examples/URLLoad may be interesting as well. Even better, go to
http://developer.apple.com/ and grab the ImageClient code samples
from this year's WWDC presentation; do a search for "ImageClient" and
you'll find it at once. All of these load HTTPS URLs using
CFNetwork. There is no direct manipulation of the SSL layer because
CFNetwork will take care of that fore you, automatically applying
whatever certificates the user has configured. I think this is what
you want; unless you're interested in the inner workings of SSL, I
don't see why you would need to work at the SSL layer directly to
perform a simple HTTPS transaction.
Hope that helps,
REW
On Aug 9, 2005, at 9:23 AM, Mark Thomas wrote:
Hi,
Thanks for the clarity of path, but I was also wondering does
anybody know
of some simple examples using this as so far the only ones I find
using
OpenSSL is when they are introducing their own certificates into
the mix it
looks like.
As all I want to do is use what ever the basic certificates as
part of the
OS are e.g. in a https transaction. Then send up and back some data.
From API front it looks fairly simple using SSL_read and
SSL_write, but I
think for setup I need just say
Sock = <connected socket to port 443>
meth = SSLv23_method()
Cts = SSL_CTX_new(meth);
... (I've removed the code here about setting up your certificate,
as I
don't this I think ?)
ssl=SSL_new(cts);
sbio=BIO_new_socket(sock, BIO_NOCLOSE);
SSL_set_bio(ssl,sbio,sbio)
SSL_connect(ssl);
..etc (then any SSL_read / SSL_write's)
And I think that's it, I'm presently building up a sample to prove
this but
I wanted to ask if I was heading in the right direction here, or
missing
something really obvious.
Yes I need to keep the code as much cross-platform as possible, as
would
love to do a MacOS-only code base and use a high level calls, but I
need
code to work on Solaris and other platforms as well.
Thanks in advance
Mark.
Certainly if you need portability to another platform, OpenSSL is the
way to go, but if you're content with Mac-only code, you should look
at CFNetwork. CFNetwork provides a top-level API which spares you
from much of the details of setting up and using SSL; you specify the
host and port you wish to connect to, and the SSL protocol you wish
to use, and then just read from the resulting stream. And if your
interest is to perform HTTPS requests, you should look at
CFHTTPStream, which will handle HTTPS URLs just fine.
Hope that helps,
REW
On Aug 8, 2005, at 8:01 AM, Mark Thomas wrote:
Hi,
I'm needing to move some code over to SSL, and I can see there is
either
SecureTransport or OpenSSL which I can use.
So far I think the OpenSSL might give me a better choice
because of
1) More portable to move code to other platforms ?
2) Sample code so far seems little less complicated, but that
might be
because I still don't really understand this so far, and the
SecureTransport
sample isn't very straight forward as has heaps of options in it.
Does anybody have an recommendations or pitfalls which I might
come
across, as I need this code to work from 10.2.0 onwards.
My present understand on this SSL mechanism is that you open a
basic
socket on the secure serve socket e.g. 443 for http, and then you
have to
kick off the SSL api's ?
Thanks in advance
Mark.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40apple.com
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden