Geek Answers Handbook

C ++ compiled code for implementing a secure SLL / TLS client using MS SSPI

As described here http://www.ddj.com/cpp/184401688

I don’t have time to write this from scratch.

Answered by a question and not responding https://stackoverflow.com/questions/434961/implementing-ssl

QUESTION:

I am looking for a compiled working source code that implements MS SSPI (as mentioned in the above thread), procedural, not OOP.

I reviewed sample code projects here:

http://www.codeproject.com/KB/IP/sslclasses.aspx

But this is C # OOP. Converting this code to C ++ is not trivial.

Openssl

SChannel calls are compliant with GSS API standards. There are, of course, some alternatives - for example, OpenSSL. This package is a complete and complete implementation of the protocol, and for someone who is too familiar with UNIX, this is undoubtedly the best choice. The package was originally intended for the UNIX community and was based on Perl runtime to compile it, so Windows developers need some learning curve that never worked with UNIX-like systems.

In addition, OpenSLL does some very non-standard things.

Nicholas, having configured the many COMPILABLE sources (Www.coastrd.com) I was hoping to find someone who wants to do the same.

+7
c ++ ssl sspi
source share
4 answers

This sample SSPI SChannel SMTPS should compile and run in Visual Studio 2008, just like

http://www.coastrd.com/c-schannel-smtp

SChannel is a Microsoft API GSS implementation that wraps the SSL / TLS protocol.

Benefits of using SChannel:

  • gory details are protected by the SSPI developer.
  • To run the final application, no additional configuration is required:
  • SChannel is an integral part of the operating system.
  • On Windows ME / 2000 / XP / ... platforms, SChannel is installed and configured by default.
  • SChannel calls are compliant with GSS API standards.
  • You do not need to create / install certificates
  • no third-party dll (1 MB or more) for sending and installing

A code should appear in the code that looks like this:

----- Initialized SSPI ----- Initialized by WinSock
----- Credential Initialization
----- Connect to server
70 bytes of handshake data downloaded 974 bytes of acknowledgment data received 182 bytes of acknowledgment data sent
43 bytes of handshake data received
Handshake was successful
----- Customer shaking hands completed
----- Server Authentication Authentication

Server Topic: C = USA, S = California, L = Mountain View, O = Google Inc, CN = smtp.gmail.com
Server Issuer: C = ZA, S = Western Cape, L = Cape Town, O = Thawte Consulting cc, OU = Certification Department, CN = Thawte Premium Server CA, E =premium-server@thawte.com

----- Certificate chain displayed
----- Server certificate verified
----- Server Certificate Script

Protocol: TLS1
Cipher: RC4
Encryption Strength: 128
Hash: MD5
Hashing: 128
Key Exchange: RSA
Key Exchange Strength: 1024
----- Secure Connection Information
Received 64 bytes of (encrypted) application data
Decrypted data: 43 bytes
220 mx.google.com ESMTP 6sm17740567yxg.66

Sending 7 bytes of plaintext:
Ehlo

28 bytes of encrypted data sent
Received 169 bytes of (encrypted) application data
Decrypted data: 148 bytes
250-mx.google.com at your service, [22.33.111.222]
250-SIZE 35651584
250-8BITMIME
250-AUTH LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250 PIPELINES

Sending 7 bytes of plaintext:
QUIT

28 bytes of encrypted data sent
69 bytes of (encrypted) application data received
Decrypted data: 48 bytes
221 2.0.0 closing connection 6sm17740567yxg.66

----- SMTP Session Completed
Sending Close Notify
23 bytes of acknowledgment data sent
----- Disconnected from the server
----- Start cleaning
----- All is ready -----

+22
source share

Repeat after me: "I want to use OpenSSL ."

This problem is too serious and too simple to screw it when you solve it. If you have a problem with OpenSSL, try accessing this through dialogue and patches in OpenSSL.

(No one can insure it, even Microsoft, or, indeed, OpenSSL. Use the source of which you can view, and which is corrected in case of problems. Use OpenSSL.)

+5
source share

Perhaps this link is a good starting point. It actually contains a working example code using MS SSPI (although it looks very MSVC, but normal, its windows anyway). Just ignore the OpenSSL examples; -)

+5
source share

How much will you pay for such compiled source code? Or did you expect someone to just give it to you? OpenSSL guys have already done. This is a freak god, but the price is right.

0
source share

More articles:


All Articles