Hi,
I just merged the ssl branch to master. Client and server work with ssl.
For the server you need to add a certificate.
Ssl is implemented for plain tcp (cxxtools::net::TcpSocket) and for all
rpc variants.
I tested it with the demos rpcserver and rpcechoclient, which got new
options for ssl. Also the rpcbenchserver and rpcbenchclient has those
options.
To reproduce the tests you need to create a certificate for the server
and run the rpc server and clinet. In one terminal run (in the cxxtools
directory):
cd demo
openssl req -x509 -sha256 -newkey rsa:2048 -keyout certificate.pem -out
certificate.pem -days 1024 -nodes
./rpcserver -c certificate.pem
And in another terminal:
cd demo
./rpcechoclient -s Hi
The client talks now xmlrpc over https. You can try the switches -j, -J
and -b in the client also. '-j' used json, '-J' json over https and '-b'
the cxxtools binary protocol.
The same switches are implemented in the rpcbenchserver and
rpcbenchclient. This shows, that ssl not really much slower than plain
tcp since all rpc protocols keeps the connection between calls.
Typically exchanging ssl certificates is quite slow but communicating
through a encrypted tunnel is fast.
Currently checking certificates is not yet implemented. The client
accepts just any certificate. I will add that soon. I also plan to
support client certificates for authentication. But I have not yet
decided about a API for both.
Tommi
Am 04.02.2017 um 08:03 schrieb Jean-Marc Choulet:
Very good news !
We'll can remove dependencies with restclient-cpp library in ours
applications when you 'll have finish with certificates.
Jean-Marc
Le 03/02/2017 à 21:24, Tommi Mäkitalo a écrit :
Hello,
I'm currently working on ssl in cxxtools. I have planned it for years
and started multiple times but finally I found a way to implement it.
You can find the code in the ssl branch of cxxtools. Client mode
works already quite well. Certificates are not tested but I can fetch
files from tntnet using https. And I also tried wikipedia using the
cxxtools demo with this command:
demo/httpclienthttps://de.wikipedia.org/wiki/Wikipedia:Hauptseite
And it worked.
The rpc clients have a ssl api also. All connect methods got a
additional ssl flag.
Ssl works with both syncronous and asyncronous communication.
Next steps are to implement a api for certificate checking and also
registering certificates.
Tommi
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org!http://sdm.link/slashdot
_______________________________________________
Tntnet-general mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tntnet-general
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Tntnet-general mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tntnet-general
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Tntnet-general mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tntnet-general
