Re: Securing socket programming
Re: Securing socket programming
- Subject: Re: Securing socket programming
- From: Mark Thomas <email@hidden>
- Date: Thu, 18 Aug 2005 17:06:44 +0100
- Organization: Coderus Ltd
Thanks for the info.
The problem is when this code was written was when 10.3 was just released
and 10.2 was still being used a lot, and a few 10.1 systems as well.
So at the time this CFNetwork was mainly 10.2 onwards, so it ruled itself
out, I also tried using the Carbon URL manager APIs from MacOS Classic land,
but they had a bunch of bugs in them which are now fixed in later OS
revisions. So I resorted back to sockets and it was reasonable easily to do
unsecure http url GET & POST requests for HTTP 1.0.
But the product has moved on and I just need to add in ssl.
So if I was writing code for just 10.3 onwards, which I cannot yet do :-(,
although I hope in the next 6 to 9 months I can drop it. And it doesn't make
sense to implement it twice i.e. 10.3 onwards and 10.2 & below.
The product I work on is free which is provided along with the service my
employer provides, so cannot really use the usually new features in later
versions :-(.
Mark.
> Take a look at /Developer/Examples/Networking/GET Example; /Developer/
> Examples/URLLoad may be interesting as well. Even better, go to
> http://developer.apple.com/ and grab the ImageClient code samples
> from this year's WWDC presentation; do a search for "ImageClient" and
> you'll find it at once. All of these load HTTPS URLs using
> CFNetwork. There is no direct manipulation of the SSL layer because
> CFNetwork will take care of that fore you, automatically applying
> whatever certificates the user has configured. I think this is what
> you want; unless you're interested in the inner workings of SSL, I
> don't see why you would need to work at the SSL layer directly to
> perform a simple HTTPS transaction.
>
> Hope that helps,
> REW
>
>
> On Aug 9, 2005, at 9:23 AM, Mark Thomas wrote:
>
>> Hi,
>> Thanks for the clarity of path, but I was also wondering does
>> anybody know
>> of some simple examples using this as so far the only ones I find
>> using
>> OpenSSL is when they are introducing their own certificates into
>> the mix it
>> looks like.
>>
>> As all I want to do is use what ever the basic certificates as
>> part of the
>> OS are e.g. in a https transaction. Then send up and back some data.
>>
>> From API front it looks fairly simple using SSL_read and
>> SSL_write, but I
>> think for setup I need just say
>>
>> Sock = <connected socket to port 443>
>>
>> meth = SSLv23_method()
>> Cts = SSL_CTX_new(meth);
>>
>> ... (I've removed the code here about setting up your certificate,
>> as I
>> don't this I think ?)
>>
>> ssl=SSL_new(cts);
>> sbio=BIO_new_socket(sock, BIO_NOCLOSE);
>> SSL_set_bio(ssl,sbio,sbio)
>>
>> SSL_connect(ssl);
>>
>> ..etc (then any SSL_read / SSL_write's)
>>
>> And I think that's it, I'm presently building up a sample to prove
>> this but
>> I wanted to ask if I was heading in the right direction here, or
>> missing
>> something really obvious.
>>
>> Yes I need to keep the code as much cross-platform as possible, as
>> would
>> love to do a MacOS-only code base and use a high level calls, but I
>> need
>> code to work on Solaris and other platforms as well.
>>
>> Thanks in advance
>> Mark.
>>
>>
>>> Certainly if you need portability to another platform, OpenSSL is the
>>> way to go, but if you're content with Mac-only code, you should look
>>> at CFNetwork. CFNetwork provides a top-level API which spares you
>>> from much of the details of setting up and using SSL; you specify the
>>> host and port you wish to connect to, and the SSL protocol you wish
>>> to use, and then just read from the resulting stream. And if your
>>> interest is to perform HTTPS requests, you should look at
>>> CFHTTPStream, which will handle HTTPS URLs just fine.
>>>
>>> Hope that helps,
>>> REW
>>>
>>>
>>> On Aug 8, 2005, at 8:01 AM, Mark Thomas wrote:
>>>
>>>> Hi,
>>>> I'm needing to move some code over to SSL, and I can see there is
>>>> either
>>>> SecureTransport or OpenSSL which I can use.
>>>>
>>>> So far I think the OpenSSL might give me a better choice
>>>> because of
>>>>
>>>> 1) More portable to move code to other platforms ?
>>>>
>>>> 2) Sample code so far seems little less complicated, but that
>>>> might be
>>>> because I still don't really understand this so far, and the
>>>> SecureTransport
>>>> sample isn't very straight forward as has heaps of options in it.
>>>>
>>>> Does anybody have an recommendations or pitfalls which I might
>>>> come
>>>> across, as I need this code to work from 10.2.0 onwards.
>>>>
>>>> My present understand on this SSL mechanism is that you open a
>>>> basic
>>>> socket on the secure serve socket e.g. 443 for http, and then you
>>>> have to
>>>> kick off the SSL api's ?
>>>>
>>>> Thanks in advance
>>>> Mark.
>>>>
>>>> _______________________________________________
>>>> Do not post admin requests to the list. They will be ignored.
>>>> Macnetworkprog mailing list (email@hidden)
>>>> Help/Unsubscribe/Update your Subscription:
>>>> 40apple.com
>>>>
>>>> This email sent to email@hidden
>>>>
>>>
>>>
>>>
>>
>
>
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden