Accepting secure connections with sockets
smaclean at madmansoft.com
Wed Jan 6 13:55:33 EST 2016
First, I’ve made a forum post:
To help continue the discussion. I’m also uploading my sample server and sample client so others can test and take a peek if they want.
Second, after some more testing, I’ve noticed the following:
1) That while using the “accept secure connections on port xxxx” or “secure socket xxxx” after accepting connections doesn’t throw and error, if the client tries to send the server something, the server (I think) closes the connection. There is no error message.
2) When just using “accept connections” without the secure and attempting to open a secure socket on the client doesn’t throw an error, having the client send some data results in a socket error of: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol back on the client connection. So it looks like the socket isn’t getting secured on both sides, but don’t know which one is causing the error.
Hopefully someone from the mothership can comment on this as I’m at a loss at the moment.
> On Jan 5, 2016, at 3:38 PM, Stephen MacLean <SMACLEAN at MADMANSOFT.COM> wrote:
> Hi All,
> Some questions on securing sockets both “server" and “client" side.
> On the server side (which is just an LC app, not a LC server deployment), you open a connection with “accept connections on port xxxx”. I am trying to make sure that only secured connections are made to the server. I’ve tried “accept secure connections on port xxxx” and while it didn’t throw an error, it allowed a client to connect without using the "open secure socket xxxxxxx”, just using the "open socket xxxxxxx” command. I don’t see that secure is listed in the dictionary for “accept” but again, it didn’t throw an error. I’ve also used:
> accept connections on port xxxx
> secure socket “xxxx”
> again, no error, but is this actually secure now? I was also able to connect via the client using the “open socket” command with no error.
> So, how do I force the connections to only be secured connections on the server?
> On the client side, the "open secure socket xxxxxxx” command seems to work, at least it doesn’t throw an error. However, while I can see the open socket using “the openSockets”, it doesn’t tell me if it is secure or not.
> So, is there a way to see if a connected socket is running in secure mode?
> Any and all help greatly appreciated!
> Steve MacLean
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
More information about the Use-livecode