So I'm writing some C code to connect to a server that is expecting me to provide a certificate for authentication. I'm using OpenSSL to do the SSL communications and I've got the socket code worked out, and I have code to do the SSL part worked out to, but what I can't seem to get simply because the docs are so sparse is how to implement the function:
SSL_CTX_set_client_cert_cb
If any one has any tips I would greatly appreciate it.
You do not need to use SSL_CTX_set_client_cert_cb(). The simplest way is to use SSL_use_certificate_file() to set the certificate and SSL_use_PrivateKey_file() to set the corresponding private key, before calling SSL_connect().
Related
I am building a server/client application and I would like to use Microsoft's SSL instead of a 3rd party library such as OpenSSL.
I have came across this example code on the MSDN:
Server: https://learn.microsoft.com/en-us/windows/win32/secauthn/using-sspi-with-a-windows-sockets-server
Client: https://learn.microsoft.com/en-us/windows/win32/secauthn/using-sspi-with-a-windows-sockets-client
I am looking through the code and it appears that it is using a function AcquireCredentialsHandle which from my understanding just uses existing credentials (cert?) found on the system.
I would like to, if possible, create my own certificate on the fly each time I connect to the server. This way the cert is changed each time and if anyone were to get my cert then it would only be useful for the specific set of traffic.
I am trying to establish a connection from a program in C to a node server with socket.io.
The only way I could figure out was to make http request from the C program to the node server so I have dis part a little covered.
Now I need to receive some information from the node server from the C program.
Is there any client library for c that lets me do this?
In case it does not exist, could you gime me some ideas to make it work?
Thank you very much!
You can also try cellophane.io:
https://github.com/ikeralbeniz/cellophane.io
it is still buggy so it is only fot testing or POCs..
New C++ Client
Based on Boost and WebSocket++, this full-featured Socket.IO 1.0 client has the fundamental advantage of working on multiple platforms.
http://socket.io/blog/socket-io-cpp/
If you are looking for a library and examples try libwebsockets
It has both client and server capability and I hope it should help you out well with its documentations and examples.
Can you use C++ instead? If so,
https://github.com/ebshimizu/socket.io-clientpp
I'm trying to run the azure iothub sdk c sample of the mqtt protocol.
I've compiled hte project but when I run the program it returns some error about SSL routines
This i the complete error:
error:1416F086: SSL routines:tls_process_server_certificate:certificate verify failed
Info: Closing tlsio from a state other than TLSIO_STATE_EXT_OPEN or TLSIO_STATE_EXT_ERROR
I got only this error repeated five times, one for each accepted message ready to be transmitted to the IoTHub.
I've read that I need to set trust to the openssl certs in the sample directory but I've not figured out how to do this task or how to avoid this problem.
Is there someone who has already faced this issue?
This document describes in detail how to prepare your development environment as well as how to run the samples on Linux, Windows or other platforms. Please refer to the section to rebuild you code and then run to test.
Try using the TrustedCerts option. With this option you can pass to the SDK the certificate that is used to validate the server's certificate. This is typically used when either you don't have the root certificate, Baltimore CyberTrust, or your device does not have the concept of a trusted root certificate store. You can find an example of this option being used in
<repositoryRoot>\iothub_client\samples\iothub_client_sample_amqp_shared\iothub_client_sample_amqp_shared.c
https://github.com/Azure/azure-iot-sdk-c/blob/44827986929af7f4fbb41806b880a6da4e13d3e8/iothub_client/samples/iothub_client_sample_amqp_shared/iothub_client_sample_amqp_shared.c#L261
I am working with Openssl 0.9.8k, using the EVP API in my project to encrypt/decrypt data with AES256CBC.
TIll now i am taking the Password input from user using fgets(pwd,pwd_len,stdin).
Is there any function available with openssl which facilitates secure password input.
I tried searching on net but could not find any.(openssl documentation itself is not sufficient)
Any suggestions or pointers towards any documentation will be highly appreciated.
NOTE:: If there is no function as such with Openssl, can someone please suggest me the possible security loopholes that can be exploited in taking the password in my current approach from stdin using fgets so that i can write my own custom function for this.
many thanks
openssl will prompt the user for a password if you use the pem routines to open a password-protected file - it's described at http://www.openssl.org/docs/crypto/pem.html (search for "prompt"). those functions also allow you to specify a callback routine that does the prompting; the default callback is the one that prompts the user.
what i can't find is any documentation for the default callback routine - i think you will need to go hunting in the code. but if you just wanted to read a password-protected file then the above may be sufficient.
I am working on project in which I use Sipek Voip for connecting to Freeswitch. Here is the situation:
I have a Sangoma A400 hard. I compiled Freeswitch for Windows and now it works perfectly.
I have also created a Softphone using Sipek Voip SDK and it works well with Freeswitch.
The problem is that, when I have an incoming call, instead of showing the callers number, I get mod_sofia.
I looked at Sipek and all it gets from pjsip is a string containing <sip:mod_sofia#192.168.2.10:5060>.
So I went to pjsip and tried to pass the actual phone number to Sipek. I found out there is a function called pjsua_call_on_incoming which handles an incoming call.
It takes an argument of type pjsip_rx_data. It has a string field (rdata->msg_info.msg_buf) which contains the whole message. I tried to replace <sip:mod_sofia#192.168.2.10:5060> with the actual number, but it has no effect.
Does anyone have any idea how to fix this?
You can check this link for tracking the issue. Unfortunately there are hardly any people who can help you out with Open source projects "for free" even on a forum. I just speak from my personal experience. I am facing the same problem, and cannot figure it out till now, though I have solved many issues that I used to face with SIPEK, all on my own.
I've not understood the root of your problem is in FreeSWITCH or in sipek/pjsip.
This entry on FreeSWITCH wiki could help you debug the sip stack in FreeSWITCH:
http://wiki.freeswitch.org/wiki/Mod_sofia#Debugging_Sofia-SIP
in a way similar to a wireshark capture.
I'm sorry I don't know how to help you trace down the parsing/rendering of msg_info.msg_buf in pjsip.
Add sip_contact_user=xxxx in your dialstring.