EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Adding SSL to existing applications

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#2432
Posted: 03/01/2007 12:57:45
by Markus Mueller (Basic support level)
Joined: 03/01/2007
Posts: 4

Hi,
is it possible to add ssl support with ssl blackbox the way openssl does?
So first make a normal socket connection using the standard .net socket class and, if ssl required (like in ftp with auth ssl), initiate the ssl handshake?
Also i would like to know if i can use Socket.Select the check if there is something to read/write instead of using async callbacks.
Thanks,
Markus
#2433
Posted: 03/01/2007 13:07:49
by Eugene Mayevski (EldoS Corp.)

Quote
Markus Mueller wrote:
So first make a normal socket connection using the standard .net socket class and, if ssl required (like in ftp with auth ssl), initiate the ssl handshake?


Yes. Also you can replace .net Socket class with El*SSLSocket class, which has the same features and the same interface as the system class does. El*SSLSocket class can be used in SSL and non-SSL mode, so switching to SSL with it is quite simple.

Quote
Markus Mueller wrote:
Also i would like to know if i can use Socket.Select the check if there is something to read/write instead of using async callbacks.


There's Poll method in El*SSLSocket class.


Sincerely yours
Eugene Mayevski
#2434
Posted: 03/01/2007 13:48:45
by Markus Mueller (Basic support level)
Joined: 03/01/2007
Posts: 4

Thx for the prompt answer!
Just a few more questions:

I still need a normal socket when using the SSlSocket? Set the socket property the the normal socket?
To make a normal connect without ssl just set SSLEnabled to false?
How to do the handshake at a later time?
Might you give a short code example?
Thanks,
Markus
#2435
Posted: 03/01/2007 15:03:33
by Eugene Mayevski (EldoS Corp.)

Quote
Markus Mueller wrote:
I still need a normal socket when using the SSlSocket?


An instance of .NET socket class is created internally by El*SSLSocket.

Quote
Markus Mueller wrote:
To make a normal connect without ssl just set SSLEnabled to false?


Yes.

Quote
Markus Mueller wrote:
How to do the handshake at a later time?


Set Enabled to true. The server socket will initiate the SSL handshake by calling Open internally. With client socket you need to call Open method yourself (there are reasons to have this behaviour implemented differently).
Consequent calls to DataAvailable will let the socket complete the handshake. OnOpenConnection event will notify you that SSL handshake is complete.

Quote
Markus Mueller wrote:
Might you give a short code example?


Not at the moment. We'll create something tomorrow or on Saturday.


Sincerely yours
Eugene Mayevski
#2436
Posted: 03/01/2007 15:09:32
by Ken Ivanov (EldoS Corp.)

Quote
An instance of .NET socket class is created internally by El*SSLSocket.

Actually, it is not. It should be set by client application via ElSSLSocket.Socket property.
#2437
Posted: 03/01/2007 15:15:55
by Eugene Mayevski (EldoS Corp.)

Quote
Innokentiy Ivanov wrote:
Actually, it is not. It should be set by client application via ElSSLSocket.Socket property.


Yes... It's only Accept that creates a .net socket internally.


Sincerely yours
Eugene Mayevski
#2438
Posted: 03/02/2007 03:07:16
by Markus Mueller (Basic support level)
Joined: 03/01/2007
Posts: 4

I played around a bit and read the how-tos but I can't get it work.
In the how-to it's said that you have to call Close(true) but both with true and false CLose will always close the connections so I can't call Connect again.
It seems that RenegotiateCiphers will start the handshake but it always fails.
I set the callbacks for OnCertificateValidate, OnCertificateNeededEx and OnError. I set Versions to support sslv3,3 and tls1 - something still missing? What about non blocking sockets? Can i call RenegotiateCiphers there, too? How to test if the handshake was successfull?
Thanks,
Markus
#2439
Posted: 03/02/2007 03:49:46
by Eugene Mayevski (EldoS Corp.)

Quote
Markus Mueller wrote:
In the how-to it's said that you have to call Close(true) but both with true and false CLose will always close the connections so I can't call Connect again.


The how-to talks about ElSecureClient, which is not a socket component.

In brief, you are not going the right direction. Please wait for a sample.


Sincerely yours
Eugene Mayevski
#2440
Posted: 03/02/2007 06:38:57
by Markus Mueller (Basic support level)
Joined: 03/01/2007
Posts: 4

Ok I will.
Thanks
#2446
Posted: 03/03/2007 07:17:30
by Eugene Mayevski (EldoS Corp.)

We decided to simplify the procedure of establishing an explicit SSL session with SSL Socket components, so the changes will go to the next build. We will make some private build available next week. With this build you will be able to initiate secure mode by just setting Enabled to true.


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 3637 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!