|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(DataFlex) Accept TLS Connection with Client AuthenticationDemonstrates how to accept a TLS connection requiring client authentication. This is the case where the TLS client sends a certificate. It is also known as "Two-Way SSL".
Use ChilkatAx-win32.pkg Procedure Test Handle hoListenSslSocket Variant vCert Handle hoCert Boolean iSuccess Integer iMyPort Integer iBackLog Variant vClientSock Handle hoClientSock Integer iMaxWaitMillisec String sReceivedMsg String sTemp1 Boolean bTemp1 // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. Get Create (RefClass(cComChilkatSocket)) To hoListenSslSocket If (Not(IsComObjectCreated(hoListenSslSocket))) Begin Send CreateComObject of hoListenSslSocket End // An SSL/TLS server needs a digital certificate. This example loads it from a PFX file. // Note: This is the server's certificate. Get Create (RefClass(cComChilkatCert)) To hoCert If (Not(IsComObjectCreated(hoCert))) Begin Send CreateComObject of hoCert End // The 1st argument is the file path, the 2nd arg is the // PFX file's password: Get ComLoadPfxFile Of hoCert "chilkat.pfx" "test" To iSuccess If (iSuccess <> True) Begin Get ComLastErrorText Of hoCert To sTemp1 Showln sTemp1 Procedure_Return End // To accept client client certificates in the TLS handshake, // we must indicate a list of acceptable client certificate root CA DN's // that are allowed. (DN is an acronym for Distinguished Name.) // Call AddSslAcceptableClientCaDn once for each acceptable CA DN. // Here are a few examples so you can see the general format of a DN. Get ComAddSslAcceptableClientCaDn Of hoListenSslSocket "C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root" To iSuccess Get ComAddSslAcceptableClientCaDn Of hoListenSslSocket "O=Digital Signature Trust Co., CN=DST Root CA X3" To iSuccess // Use the certificate: Get pvComObject of hoCert to vCert Get ComInitSslServer Of hoListenSslSocket vCert To iSuccess If (iSuccess <> True) Begin Get ComLastErrorText Of hoListenSslSocket To sTemp1 Showln sTemp1 Procedure_Return End // Bind and listen on a port: Move 8123 To iMyPort // Allow for a max of 5 queued connect requests. Move 5 To iBackLog Get ComBindAndListen Of hoListenSslSocket iMyPort iBackLog To iSuccess If (iSuccess <> True) Begin Get ComLastErrorText Of hoListenSslSocket To sTemp1 Showln sTemp1 Procedure_Return End // If accepting an SSL/TLS connection, the SSL handshake is part of the connection // establishment process. This involves a few back-and-forth messages between the // client and server to establish algorithms and a shared key to create the secure // channel. The sending and receiving of these messages are governed by the // MaxReadIdleMs and MaxSendIdleMs properties. If these properties are set to 0 // (and this is the default unless changed by your application), then the // AcceptNextConnection can hang indefinitely during the SSL handshake process. // Make sure these properties are set to appropriate values before calling AcceptNextConnection. // Set a 10 second max for waiting to read/write. This is for the SSL/TLS handshake establishment. Set ComMaxReadIdleMs Of hoListenSslSocket To 10000 Set ComMaxSendIdleMs Of hoListenSslSocket To 10000 // Accept a single client connection and establish the secure SSL/TLS channel: Move 20000 To iMaxWaitMillisec Get ComAcceptNextConnection Of hoListenSslSocket iMaxWaitMillisec To vClientSock If (IsComObject(vClientSock)) Begin Get Create (RefClass(cComChilkatSocket)) To hoClientSock Set pvComObject Of hoClientSock To vClientSock End Get ComLastMethodSuccess Of hoListenSslSocket To bTemp1 If (bTemp1 = False) Begin Get ComLastErrorText Of hoListenSslSocket To sTemp1 Showln sTemp1 Procedure_Return End // The client (in this example) is going to send a "Hello Server! -EOM-" // message. Read it: Get ComReceiveUntilMatch Of hoClientSock "-EOM-" To sReceivedMsg Get ComLastMethodSuccess Of hoClientSock To bTemp1 If (bTemp1 <> True) Begin Get ComLastErrorText Of hoClientSock To sTemp1 Showln sTemp1 Procedure_Return End Showln sReceivedMsg // Send a "Hello Client! -EOM-" message: Get ComSendString Of hoClientSock "Hello Client! -EOM-" To iSuccess If (iSuccess <> True) Begin Get ComLastErrorText Of hoClientSock To sTemp1 Showln sTemp1 Procedure_Return End // Close the connection with the client // Wait a max of 20 seconds (20000 millsec) Get ComClose Of hoClientSock 20000 To iSuccess Send Destroy of hoClientSock End_Procedure |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.