subject:"\[osg\-users\] CURL \+ SSL"

Re: [osg-users] CURL + SSL

2009-12-26 Thread Robert Osfield

Hi Danny,

Could you post the changes you've made to osg-submissions as a full
modified file as copy and pasting simply is not reliable enough.
Could you also put together a suggest guide for testing this
functionality out so when it comes to me merging changes I can make
sure that everything is working correctly.

Thanks,
Robert.

On Fri, Dec 25, 2009 at 12:02 AM, Danny Lesnik  wrote:
> Hi,
>
> I solved this problem in order to get it working with SSL the following code 
> should be changed:
>
> 1) It's needed to fix the following functions for https support:
>
> Code:
>
> bool osgDB::containsServerAddress(const std::string& filename)
> std::string osgDB::getServerAddress(const std::string& filename)
> std::string osgDB::getServerFileName(const std::string& filename)
>
>
>
> Currently these functions suport only http requests and the fix there is very 
> easy.
>
> 2)  There are two ways to handle ssl in curl the "secure" way and the "ugly" 
> way.
>
> the "ugly" way means that client will not validate server certificate. This 
> is less prefered method, but http stream is still encrypted, it means that 
> every server certificate will be accepted regardless the fact that it's  
> issued to another machine,domain, etc...
>
> If decided to go on this derection then the following line should be added in 
> EasyCurl::EasyCurl() contructor:
>
>
> Code:
>
> curl_easy_setopt(_curl, CURLOPT_SSL_VERIFYPEER, false);
>
>
>
>
> If decided to go on "secure" way then end user should download server 
> certifiace store it in  X.509 Certificate (PEM) format in any place on the 
> machine.
>
> in  EasyCurl::EasyCurl()  constructor following code should be added:
>
>
> Code:
>
> curl_easy_setopt(_curl, CURLOPT_SSL_VERIFYPEER, true);
> curl_easy_setopt(_curl, CURLOPT_SSL_VERIFYHOST, 2);
> curl_easy_setopt(_curl,l_setopt($ch, CURLOPT_CAINFO, certifiacePath);
>
>
>
>
> CURLOPT_SSL_VERIFYHOST can be set to the following integer values:
>
> 0: Don’t check the common name (CN) attribute
> 1: Check that the common name attribute at least exists
> 2: Check that the common name exists and that it matches the host name of the 
> server.
>
> Hope it helps
>
> Thank you!
>
> Cheers,
> Danny.[/code]
>
> --
> Read this topic online here:
> http://forum.openscenegraph.org/viewtopic.php?p=21870#21870
>
>
>
>
>
> ___
> osg-users mailing list
> osg-users@lists.openscenegraph.org
> http://lists.openscenegraph.org/listinfo.cgi/osg-users-openscenegraph.org
>
___
osg-users mailing list
osg-users@lists.openscenegraph.org
http://lists.openscenegraph.org/listinfo.cgi/osg-users-openscenegraph.org

Re: [osg-users] CURL + SSL

2009-12-24 Thread Danny Lesnik

Hi,

I solved this problem in order to get it working with SSL the following code 
should be changed: 

1) It's needed to fix the following functions for https support:

Code:

bool osgDB::containsServerAddress(const std::string& filename)
std::string osgDB::getServerAddress(const std::string& filename)
std::string osgDB::getServerFileName(const std::string& filename)



Currently these functions suport only http requests and the fix there is very 
easy.

2)  There are two ways to handle ssl in curl the "secure" way and the "ugly" 
way.

the "ugly" way means that client will not validate server certificate. This is 
less prefered method, but http stream is still encrypted, it means that every 
server certificate will be accepted regardless the fact that it's  issued to 
another machine,domain, etc...

If decided to go on this derection then the following line should be added in 
EasyCurl::EasyCurl() contructor:


Code:

curl_easy_setopt(_curl, CURLOPT_SSL_VERIFYPEER, false);




If decided to go on "secure" way then end user should download server 
certifiace store it in  X.509 Certificate (PEM) format in any place on the 
machine.

in  EasyCurl::EasyCurl()  constructor following code should be added:


Code:

curl_easy_setopt(_curl, CURLOPT_SSL_VERIFYPEER, true);
curl_easy_setopt(_curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_easy_setopt(_curl,l_setopt($ch, CURLOPT_CAINFO, certifiacePath);




CURLOPT_SSL_VERIFYHOST can be set to the following integer values:

0: Don’t check the common name (CN) attribute
1: Check that the common name attribute at least exists
2: Check that the common name exists and that it matches the host name of the 
server.

Hope it helps

Thank you!

Cheers,
Danny.[/code]

--
Read this topic online here:
http://forum.openscenegraph.org/viewtopic.php?p=21870#21870





___
osg-users mailing list
osg-users@lists.openscenegraph.org
http://lists.openscenegraph.org/listinfo.cgi/osg-users-openscenegraph.org

Re: [osg-users] CURL + SSL

2009-12-24 Thread Robert Osfield

HI Danny,

I haven't ever tried mixing SSL with the curl plugin, and don't have
an experience with using CURL with SSL so you are working right at the
bleeding edge.  You'll need to dig into the code and start debugging
what is happening between the OSG's curl plugin and CURL.  Let me know
how you get on, as fixes that you might be able to come up with is
something that would be good to get checked into svn/trunk.

Cheers,
Robert.

On Thu, Dec 24, 2009 at 2:29 AM, Danny Lesnik  wrote:
> Hi,
>
> I have new issue with SSL and CURL, so I have decided to open new thread.
>
> I conifured my site with SSL and I'm able to download ive file perfectly from 
> https://servername/1.ive,
>
> however, when I'm using
> Node = osgDB::readNodeFile("https://servernmae/1.ive";);
> Node is getting NULL.
>
> In order to be sure that there is no issue with Certificate (although the 
> certificate was issue by Verisign as 14 day trial) I modified 
> ReaderWriterCURL.cpp  by adding
>
> curl_easy_setopt(_curl, CURLOPT_SSL_VERIFYPEER, false);
>
> in EasyCurl() constructor and recompile entire OpenSceneGrpaph project.
>
> The result is still the same.
>
> Am I missing something? How can I this feature working?
>
> Thank you!
>
> Cheers,
> Danny
>
> --
> Read this topic online here:
> http://forum.openscenegraph.org/viewtopic.php?p=21841#21841
>
>
>
>
>
> ___
> osg-users mailing list
> osg-users@lists.openscenegraph.org
> http://lists.openscenegraph.org/listinfo.cgi/osg-users-openscenegraph.org
>
___
osg-users mailing list
osg-users@lists.openscenegraph.org
http://lists.openscenegraph.org/listinfo.cgi/osg-users-openscenegraph.org

[osg-users] CURL + SSL

2009-12-23 Thread Danny Lesnik

Hi,

I have new issue with SSL and CURL, so I have decided to open new thread. 

I conifured my site with SSL and I'm able to download ive file perfectly from 
https://servername/1.ive, 

however, when I'm using 
Node = osgDB::readNodeFile("https://servernmae/1.ive";);
Node is getting NULL.

In order to be sure that there is no issue with Certificate (although the 
certificate was issue by Verisign as 14 day trial) I modified 
ReaderWriterCURL.cpp  by adding 

curl_easy_setopt(_curl, CURLOPT_SSL_VERIFYPEER, false);

in EasyCurl() constructor and recompile entire OpenSceneGrpaph project. 

The result is still the same. 

Am I missing something? How can I this feature working?

Thank you!

Cheers,
Danny

--
Read this topic online here:
http://forum.openscenegraph.org/viewtopic.php?p=21841#21841





___
osg-users mailing list
osg-users@lists.openscenegraph.org
http://lists.openscenegraph.org/listinfo.cgi/osg-users-openscenegraph.org

Re: [osg-users] CURL + SSL

Re: [osg-users] CURL + SSL

Re: [osg-users] CURL + SSL

[osg-users] CURL + SSL

4 matches

Site Navigation

Mail list logo

Footer information