Overview
Features
Download
Documentation
Community
Add-Ons & Services

Multi SSL Conections

Please post support and help requests here.

Multi SSL Conections

Postby batori » 27 Oct 2008, 20:00

I've made a program that use SSL Connection as follow:

Code: Select all

std::string privateKey = config().getString( "Connection.privateKeyFile", "any.pem" );
std::string caLocation = config().getString( "Connection.caLocationFile", "rootcert.pem" );

SharedPtr ptrConsole = new KeyAcceptHandler( false );
SharedPtr ptrCert = new AcceptCertificateHandler( false );
SharedPtr ptrContext = new Context( privateKey, caLocation, false, Context::VERIFY_NONE );

SSLManager::instance().initializeClient( ptrConsole, ptrCert, ptrContext );
ptrConsole = new KeyAcceptHandler( true );
ptrCert = new AcceptCertificateHandler( true );
ptrContext = new Context( privateKey, caLocation, true, Context::VERIFY_NONE );
SSLManager::instance().initializeServer( ptrConsole, ptrCert, ptrContext );

std::string sip = config().getString( "Connection.ip_https", "*" );
unsigned short sport = (unsigned short)config().getInt( "Connection.port_https", 443 );

HttpsProtocol sprot;
SocketAddress saddr( sip, sport );


SecureServerSocket ssvs( saddr );
TCPServerParams* httpsParam = new TCPServerParams;
httpsParam->setMaxQueued( 256 );
httpsParam->setMaxThreads( threads/2 );
httpsParam->setThreadPriority( Poco::Thread::PRIO_HIGH );
ThreadPool shttpPool( "HTTPS", threads/20, threads/2, 60 );
TCPServer ssrv( new ServerFactory( sprot ),
               shttpPool,
               ssvs,
               httpsParam );


if( config().getString( "Connection.ip_https", "" ) != "" )
      ssrv.start();


Now I need to open a second or more SSL Connections, so I try to duplicate the code (changing variables name, certified, port and using each new connection to a new virtual IP) to each new connection, but only the first connection works, the others always failed.

Is it possible to open more then one SSL Connection with Poco? If yes, how?

If not possible, I know how to do it with OpenSSL, but the return I have is a char string. How can I use that string received with OpenSSL to my ServerFactory, without need to make a program only to receive the connection and make a tunnel to my already working program?
batori
 
Posts: 4
Joined: 12 Dec 2007, 21:18

Re: Multi SSL Conections

Postby peter » 28 Oct 2008, 09:23

^> I've made a program that use SSL Connection as follow:
>
>
> std::string privateKey = config().getString( "Connection.privateKeyFile", "any.pem" );
> std::string caLocation = config().getString( "Connection.caLocationFile", "rootcert.pem" );
>
> SharedPtr ptrConsole = new KeyAcceptHandler( false );
> SharedPtr ptrCert = new AcceptCertificateHandler( false );
> SharedPtr ptrContext = new Context( privateKey, caLocation, false, Context::VERIFY_NONE );
>
> SSLManager::instance().initializeClient( ptrConsole, ptrCert, ptrContext );
> ptrConsole = new KeyAcceptHandler( true );
> ptrCert = new AcceptCertificateHandler( true );
> ptrContext = new Context( privateKey, caLocation, true, Context::VERIFY_NONE );
> SSLManager::instance().initializeServer( ptrConsole, ptrCert, ptrContext );
>
> std::string sip = config().getString( "Connection.ip_https", "*" );
> unsigned short sport = (unsigned short)config().getInt( "Connection.port_https", 443 );
>
> HttpsProtocol sprot;
> SocketAddress saddr( sip, sport );
>
>
> SecureServerSocket ssvs( saddr );
> TCPServerParams* httpsParam = new TCPServerParams;
> httpsParam->setMaxQueued( 256 );
> httpsParam->setMaxThreads( threads/2 );
> httpsParam->setThreadPriority( Poco::Thread::PRIO_HIGH );
> ThreadPool shttpPool( "HTTPS", threads/20, threads/2, 60 );
> TCPServer ssrv( new ServerFactory( sprot ),
> shttpPool,
> ssvs,
> httpsParam );
>
>
> if( config().getString( "Connection.ip_https", "" ) != "" )
> ssrv.start();
>
>
> Now I need to open a second or more SSL Connections, so I try to duplicate the code (changing variables name, certified, port and using each new connection to a new virtual IP) to each new connection, but only the first connection works, the others always failed.
>
> Is it possible to open more then one SSL Connection with Poco? If yes, how?^

Yes,

it is. E.g.: The HTTPSTimeServer sample uses a multithreaded HTPPSServer which creates/manages many parallel SSLConnections.

Also looking at your code I am not sure what you try to achieve. You create a TCPServer,
not an SSL connection? What do you try to duplicate? You typically initialize SSL once and then create many connections (see the download sample: you can simply extend it to create the secure streams in the context of a thread and create more than one in parallel).

br

Peter

^>
> If not possible, I know how to do it with OpenSSL, but the return I have is a char string. How can I use that string received with OpenSSL to my ServerFactory, without need to make a program only to receive the connection and make a tunnel to my already working program?^
peter
 
Posts: 67
Joined: 11 Jul 2006, 16:26
Location: Austria

Re: Multi SSL Conections

Postby batori » 28 Oct 2008, 14:08

Hi Peter, thanks for the quick answer.

I saw the HTTPSTimeServer sample and after some tests I saw that my problem isn't create/manage SSL Connections, but the problem is to load more than one certificate.

What I have is program that receive HTTP connections on port 80, and HTTPS connections on port 443 with a certificates to this host 1.

Now I have to manager host 2, host 3, host 4... Well, to HTTP connection port 80 is not a problem to share, but HTTPS Connection I need a certificates to each host, and that's the problem, because when I try to open a second or more SSL Connection with the same certificate it works, but when I try to load a second or more certificates and open that's failed.

I already have a Virtual IP to each certificate and I test with OpenSSL without problem, but change my program to use OpenSSL will make me change to much code because of the factory for TCPServerConnection.

Do you know how can I load different certificates and open SSL Connections to each one of then? Or at least if is it possible to do it with Poco?
batori
 
Posts: 4
Joined: 12 Dec 2007, 21:18

Re: Re: Multi SSL Conections

Postby peter » 28 Oct 2008, 16:46

^> Hi Peter, thanks for the quick answer.
>
> I saw the HTTPSTimeServer sample and after some tests I saw that my problem isn't create/manage SSL Connections, but the problem is to load more than one certificate.
>
> What I have is program that receive HTTP connections on port 80, and HTTPS connections on port 443 with a certificates to this host 1.
>
> Now I have to manager host 2, host 3, host 4... Well, to HTTP connection port 80 is not a problem to share, but HTTPS Connection I need a certificates to each host, and that's the problem, because when I try to open a second or more SSL Connection with the same certificate it works, but when I try to load a second or more certificates and open that's failed.
>
> I already have a Virtual IP to each certificate and I test with OpenSSL without problem, but change my program to use OpenSSL will make me change to much code because of the factory for TCPServerConnection.
>
> Do you know how can I load different certificates and open SSL Connections to each one of then? Or at least if is it possible to do it with Poco?^

Multiple certificates are currently not supported. This will be a 1.4 feature of NetSSL.

You could try to extend all the socket classes to take a context as parameter instead of using the default global ssl context.
peter
 
Posts: 67
Joined: 11 Jul 2006, 16:26
Location: Austria


Return to Support

Who is online

Users browsing this forum: No registered users and 1 guest

cron