Compilable C++ code to implement a secure SLL/TLS client using MS SSPI

views:

674

answers:

Compilable C++ code to implement a secure SLL/TLS client using MS SSPI

As described here http://www.ddj.com/cpp/184401688

I do not have time to write this from scratch.

Asked and not answered http://stackoverflow.com/questions/434961/implementing-ssl

THE QUESTION IS:

I am looking for some compilable working source code that implements MS SSPI (as alluded to in the thread above), procedural not OOP preferred.

I have looked at the code projects sample here:

http://www.codeproject.com/KB/IP/sslclasses.aspx

But this is C# OOP. Converting this to C++ code is not trivial.

OpenSSL

SChannel calls follow GSS API standards. There are, of course, some alternatives -- OpenSSL for example. This package is a complete and thorough implementation of the protocol and for someone all too familiar with UNIX is undoubtedly the best choice. The package originally targeted the UNIX community and to compile it relies on the Perl runtime, so some learning curve is required for Windows developers who never worked with UNIX-type systems.

Apart from that, OpenSLL does some very non-standard things

Nikolai, Having contibuted a lot of COMPILABLE source code (www.coastrd.com) I was hoping to find someone willing to do the same.

+5 A:

Repeat after me: "I want to use OpenSSL".

This problem is far too serious and far too easy to screw up to be rolling your own every time you want to solve it. If you have a problem with OpenSSL, then try to address that through dialogue and patches to OpenSSL.

(No one is immune to screwing it up, not even Microsoft, or indeed, OpenSSL. Use something whose source you can review and which gets patched when there are problems. Use OpenSSL.)

Nick Bastin 2010-01-09 02:15:43

errr No Thanks.

Mike Trader 2010-01-09 02:22:56

If you're that glued to windows, then surely you must have an MSDN account and/or development contract. If so, it seems this is exactly the kind of question we pay microsoft to answer.

Nick Bastin 2010-01-09 02:25:50

Almost, this is the kind of question that someone who has actually developed a *solution* would probably love to answer. See my OpenSLL comments above

Mike Trader 2010-01-09 02:32:00

+2 A:

How much would you be paying for such compilable working source code? Or did you expect somebody just give it to you? OpenSSL guys already did. It's god-ugly, but the price is right.

Nikolai N Fetissov 2010-01-09 02:21:34

see comment above

Mike Trader 2010-01-09 02:26:07

My code is now available. It's the same price, but I hope you find it less ugly.

Mike Trader 2010-01-12 10:50:01

+3 A:

Maybe this link is a good starting point. It contains actually working sample code using MS SSPI (though it looks very MSVC specific, but ok, its windows only anyway). Just ignore the OpenSSL examples ;-)

frunsi 2010-01-09 02:42:22

Thank you. I forgot to mention that. See Above

Mike Trader 2010-01-09 02:43:41

Well, then I can't help here anymore. But it shouldn't be too hard to convert these to imperative code.

frunsi 2010-01-09 02:47:24

+3 A:

This SSPI SChannel SMTPS example should compile and run in Visual Studio 2008 as is

http://www.coastrd.com/c-schannel-smtp

SChannel is the Microsoft implementation of the GSS API that wraps the SSL/TLS protocol.

Advantages of utilizing SChannel:

gory details are shielded from the developer by the SSPI.
No extra setup is required to run the final application:
SChannel is an integral part of the operating system
On Windows ME/2000/XP/... platforms, SChannel is installed and configured by default
SChannel calls follow GSS API standards.
You do not need to create/install any certificates
no third party dll's (1MB or larger) to ship and install

The code should produce a session that looks like this:

----- SSPI Initialized
----- WinSock Initialized
----- Credentials Initialized
----- Connectd To Server
70 bytes of handshake data sent
974 bytes of handshake data received
182 bytes of handshake data sent
43 bytes of handshake data received
Handshake was successful
----- Client Handshake Performed
----- Server Credentials Authenticated

Server subject: C=US, S=California, L=Mountain View, O=Google Inc, CN=smtp.gmail.com
Server issuer: C=ZA, S=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, [email protected]

----- Certificate Chain Displayed
----- Server Certificate Verified
----- Server certificate context released

Protocol: TLS1
Cipher: RC4
Cipher strength: 128
Hash: MD5
Hash strength: 128
Key exchange: RSA
Key exchange strength: 1024
----- Secure Connection Info
64 bytes of (encrypted) application data received
Decrypted data: 43 bytes
220 mx.google.com ESMTP 6sm17740567yxg.66

Sending 7 bytes of plaintext:
EHLO

28 bytes of encrypted data sent
169 bytes of (encrypted) application data received
Decrypted data: 148 bytes
250-mx.google.com at your service, [22.33.111.222]
250-SIZE 35651584
250-8BITMIME
250-AUTH LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250 PIPELINING

Sending 7 bytes of plaintext:
QUIT

28 bytes of encrypted data sent
69 bytes of (encrypted) application data received
Decrypted data: 48 bytes
221 2.0.0 closing connection 6sm17740567yxg.66

----- SMTP session Complete
Sending Close Notify
23 bytes of handshake data sent
----- Disconnected From Server
----- Begin Cleanup
----- All Done -----

Mike Trader 2010-01-12 10:43:20

ansaurus

tags:

views:

answers:

Compilable C++ code to implement a secure SLL/TLS client using MS SSPI

related questions