Overview
Features
Download
Documentation
Community
Add-Ons & Services

HTTPSSession question

Please post support and help requests here.

HTTPSSession question

Postby rbock » 12 Jun 2008, 17:20

Hi,

I am trying to write program somewhat similar to wget. It is supposed to retrieve documents from the internet in a batch job without user interaction and I am kinda stuck. I tried to start from the example called download in poco-1.3.2-ssl/NetSSL_OpenSSL/samples:

a) When the Poco: :Net: :Context is created, it asks the user for the password for the privateKeyFile. Do I really need a privateKeyFile (wget does not seem to need one)? If so, can I prevent this password dialog from taking place?

b) Similar question about the caLocation. Can I live without it?

c) When the connection to an HTTPS server is established, the user gets asked if he wants to accept the server certificate. Is there a way around this?


The HowTo on NetSSL indicates that there are options, but the privateKeyFile, the caLocation and the user interaction always seem to be present.

The Networking tutorial (FTPClient) indicates that adding HTTPS support to an application rather easy, but the tutorial does not work for https-URLs. It throws an exception:

Null pointer: _pInstance in file "/home/rbock/temp/poco-1.3.2-ssl/Util/include/Poco/Util/Application.h", line 422

Regards,

Roland
rbock
 
Posts: 7
Joined: 30 May 2008, 14:05
Location: Germany

Re: HTTPSSession question

Postby peter » 13 Jun 2008, 10:45

> Hi,
>
> I am trying to write program somewhat similar to wget. It is supposed to retrieve documents from the internet in a batch job without user interaction and I am kinda stuck. I tried to start from the example called download in poco-1.3.2-ssl/NetSSL_OpenSSL/samples:
>
> a) When the Poco: :Net: :Context is created, it asks the user for the password for the privateKeyFile. Do I really need a privateKeyFile (wget does not seem to need one)? If so, can I prevent this password dialog from taking place?


Unfortunately a pwd is always needed. Maybe we should add some additional context constructor that allows to create a context without that information but we are lacking the time to do so. To prevent the dialog use the KeyFileHandler, which reads the pwd from the config file. Or try creating a privateKeyfile which has no password.

>
> b) Similar question about the caLocation. Can I live without it?

Not yet.

>
> c) When the connection to an HTTPS server is established, the user gets asked if he wants to accept the server certificate. Is there a way around this?

Yes, set the VerificationMode to VERIFY_NONE


>
>
> The HowTo on NetSSL indicates that there are options, but the privateKeyFile, the caLocation and the user interaction always seem to be present.

See above, we need a new Context constructor

>
> The Networking tutorial (FTPClient) indicates that adding HTTPS support to an application rather easy, but the tutorial does not work for https-URLs. It throws an exception:
>
> Null pointer: _pInstance in file "/home/rbock/temp/poco-1.3.2-ssl/Util/include/Poco/Util/Application.h", line 422

This works only with an Poco Util Application (which provides access to the config).
If you don't have a Poco Util Application, you must initialize the contexts by hand
(see download sample).

br

Peter

>
> Regards,
>
> Roland
peter
 
Posts: 67
Joined: 11 Jul 2006, 16:26
Location: Austria

Re: HTTPSSession question

Postby guenter » 13 Jun 2008, 11:21

You might have some success with the following configuration:

Code: Select all

# OpenSSL Configuration
openSSL.server.privateKeyFile = ${application.dir}any.pem
openSSL.server.caConfig = ${application.dir}rootcert.pem
openSSL.server.verificationMode = none
openSSL.server.verificationDepth = 9
openSSL.server.loadDefaultCAFile = false
openSSL.server.cypherList = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
openSSL.server.privateKeyPassphraseHandler.name = KeyFileHandler
openSSL.server.privateKeyPassphraseHandler.options.password = test
openSSL.server.invalidCertificateHandler = AcceptCertificateHandler

openSSL.client.privateKeyFile = ${application.dir}any.pem
openSSL.client.caConfig = ${application.dir}rootcert.pem
openSSL.client.verificationMode = none
openSSL.client.verificationDepth = 0
openSSL.client.loadDefaultCAFile = false
openSSL.client.cypherList = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
openSSL.client.privateKeyPassphraseHandler.name = KeyFileHandler
openSSL.client.privateKeyPassphraseHandler.options.password = test
openSSL.client.invalidCertificateHandler.name = AcceptCertificateHandler
guenter
 
Posts: 1110
Joined: 11 Jul 2006, 16:27
Location: Austria

Re: Re: HTTPSSession question

Postby rbock » 13 Jun 2008, 12:48

> Unfortunately a pwd is always needed. Maybe we should add some additional context constructor that allows to create a context without that information but we are lacking the time to do so. To prevent the dialog use the KeyFileHandler, which reads the pwd from the config file. Or try creating a privateKeyfile which has no password.

Modifying the constructor was a very good idea! I changed the code so that it does not use
privateKeyFile and caLocation if the string length is zero. Seems to work wonderfully (:biggrin:)

I'll post a patch...

Regards,

Roland
rbock
 
Posts: 7
Joined: 30 May 2008, 14:05
Location: Germany

Re: Re: Re: HTTPSSession question

Postby peter » 13 Jun 2008, 13:26

> > Unfortunately a pwd is always needed. Maybe we should add some additional context constructor that allows to create a context without that information but we are lacking the time to do so. To prevent the dialog use the KeyFileHandler, which reads the pwd from the config file. Or try creating a privateKeyfile which has no password.
>
> Modifying the constructor was a very good idea! I changed the code so that it does not use
> privateKeyFile and caLocation if the string length is zero. Seems to work wonderfully (:biggrin:)

Great!
And I always feared it would take way too much time to fix it :-)


>
> I'll post a patch...
>
> Regards,
>
> Roland
peter
 
Posts: 67
Joined: 11 Jul 2006, 16:26
Location: Austria


Return to Support

Who is online

Users browsing this forum: No registered users and 3 guests

cron