PureBasic
PureBasic
Accept TLS Connection with Client Authentication
See more Socket/SSL/TLS Examples
Demonstrates how to accept a TLS connection requiring client authentication. This is the case where the TLS client sends a certificate. It is also known as "Two-Way SSL".Chilkat PureBasic Downloads
IncludeFile "CkSocket.pb"
IncludeFile "CkCert.pb"
Procedure ChilkatExample()
success.i = 0
; This example requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.
listenSslSocket.i = CkSocket::ckCreate()
If listenSslSocket.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
; An SSL/TLS server needs a digital certificate. This example loads it from a PFX file.
; Note: This is the server's certificate.
cert.i = CkCert::ckCreate()
If cert.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
; The 1st argument is the file path, the 2nd arg is the
; PFX file's password:
success = CkCert::ckLoadPfxFile(cert,"chilkat.pfx","test")
If success = 0
Debug CkCert::ckLastErrorText(cert)
CkSocket::ckDispose(listenSslSocket)
CkCert::ckDispose(cert)
ProcedureReturn
EndIf
; To accept client client certificates in the TLS handshake,
; we must indicate a list of acceptable client certificate root CA DN's
; that are allowed. (DN is an acronym for Distinguished Name.)
; Call AddSslAcceptableClientCaDn once for each acceptable CA DN.
; Here are a few examples so you can see the general format of a DN.
CkSocket::ckAddSslAcceptableClientCaDn(listenSslSocket,"C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root")
CkSocket::ckAddSslAcceptableClientCaDn(listenSslSocket,"O=Digital Signature Trust Co., CN=DST Root CA X3")
; Use the certificate:
success = CkSocket::ckInitSslServer(listenSslSocket,cert)
If success = 0
Debug CkSocket::ckLastErrorText(listenSslSocket)
CkSocket::ckDispose(listenSslSocket)
CkCert::ckDispose(cert)
ProcedureReturn
EndIf
; Bind and listen on a port:
myPort.i = 8123
; Allow for a max of 5 queued connect requests.
backLog.i = 5
success = CkSocket::ckBindAndListen(listenSslSocket,myPort,backLog)
If success = 0
Debug CkSocket::ckLastErrorText(listenSslSocket)
CkSocket::ckDispose(listenSslSocket)
CkCert::ckDispose(cert)
ProcedureReturn
EndIf
; If accepting an SSL/TLS connection, the SSL handshake is part of the connection
; establishment process. This involves a few back-and-forth messages between the
; client and server to establish algorithms and a shared key to create the secure
; channel. The sending and receiving of these messages are governed by the
; MaxReadIdleMs and MaxSendIdleMs properties. If these properties are set to 0
; (and this is the default unless changed by your application), then the
; AcceptNext can hang indefinitely during the SSL handshake process.
; Make sure these properties are set to appropriate values before calling AcceptNext.
; Set a 10 second max for waiting to read/write. This is for the SSL/TLS handshake establishment.
CkSocket::setCkMaxReadIdleMs(listenSslSocket, 10000)
CkSocket::setCkMaxSendIdleMs(listenSslSocket, 10000)
; Accept a single client connection and establish the secure SSL/TLS channel:
maxWaitMillisec.i = 20000
clientSock.i = CkSocket::ckCreate()
If clientSock.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
success = CkSocket::ckAcceptNext(listenSslSocket,maxWaitMillisec,clientSock)
If success = 0
Debug CkSocket::ckLastErrorText(listenSslSocket)
CkSocket::ckDispose(listenSslSocket)
CkCert::ckDispose(cert)
CkSocket::ckDispose(clientSock)
ProcedureReturn
EndIf
; The client (in this example) is going to send a "Hello Server! -EOM-"
; message. Read it:
receivedMsg.s = CkSocket::ckReceiveUntilMatch(clientSock,"-EOM-")
If CkSocket::ckLastMethodSuccess(clientSock) = 0
Debug CkSocket::ckLastErrorText(clientSock)
CkSocket::ckDispose(listenSslSocket)
CkCert::ckDispose(cert)
CkSocket::ckDispose(clientSock)
ProcedureReturn
EndIf
Debug receivedMsg
; Send a "Hello Client! -EOM-" message:
success = CkSocket::ckSendString(clientSock,"Hello Client! -EOM-")
If success = 0
Debug CkSocket::ckLastErrorText(clientSock)
CkSocket::ckDispose(listenSslSocket)
CkCert::ckDispose(cert)
CkSocket::ckDispose(clientSock)
ProcedureReturn
EndIf
; Close the connection with the client
; Wait a max of 20 seconds (20000 millsec)
success = CkSocket::ckClose(clientSock,20000)
CkSocket::ckDispose(listenSslSocket)
CkCert::ckDispose(cert)
CkSocket::ckDispose(clientSock)
ProcedureReturn
EndProcedure