http://vibed.org/api/vibe.stream.ssl/
you show above how to create an ssl server using cert/key. now i have an ssl server (apple push service) that needs me to use cert/key even when connecting to them. do i have to do something different there cause simply providing it like in the server-listen example gives me zero as a return from SSL_connect() in SSLStream and 5 from ERR_get_error() ...
but i must confess, i am a total ssl noob
On Fri, 27 Dec 2013 02:30:54 GMT, Stephan Dilly wrote:
http://vibed.org/api/vibe.stream.ssl/
you show above how to create an ssl server using cert/key. now i have an ssl server (apple push service) that needs me to use cert/key even when connecting to them. do i have to do something different there cause simply providing it like in the server-listen example gives me zero as a return fromSSL_connect()in SSLStream and 5 fromERR_get_error()...but i must confess, i am a total ssl noob
auto conn = connectTCP(m_options.address, m_options.port);
auto sslctx = new SSLContext(m_options.cert, m_options.key);
auto stream = new SSLStream(conn, sslctx, SSLStreamState.connecting);
this is what it looks like on my site right now...
Am 27.12.2013 03:33, schrieb Stephan Dilly:
On Fri, 27 Dec 2013 02:30:54 GMT, Stephan Dilly wrote:
http://vibed.org/api/vibe.stream.ssl/
you show above how to create an ssl server using cert/key. now i have an ssl server (apple push service) that needs me to use cert/key even when connecting to them. do i have to do something different there cause simply providing it like in the server-listen example gives me zero as a return fromSSL_connect()in SSLStream and 5 fromERR_get_error()...but i must confess, i am a total ssl noob
auto conn = connectTCP(m_options.address, m_options.port); auto sslctx = new SSLContext(m_options.cert, m_options.key); auto stream = new SSLStream(conn, sslctx, SSLStreamState.connecting);this is what it looks like on my site right now...
This is also what I'd expect to work. When enforceSSL throws, do you
get a usable, human readable error message?
On Fri, 27 Dec 2013 10:43:12 +0100, Sönke Ludwig wrote:
Am 27.12.2013 03:33, schrieb Stephan Dilly:
On Fri, 27 Dec 2013 02:30:54 GMT, Stephan Dilly wrote:
http://vibed.org/api/vibe.stream.ssl/
you show above how to create an ssl server using cert/key. now i have an ssl server (apple push service) that needs me to use cert/key even when connecting to them. do i have to do something different there cause simply providing it like in the server-listen example gives me zero as a return fromSSL_connect()in SSLStream and 5 fromERR_get_error()...but i must confess, i am a total ssl noob
auto conn = connectTCP(m_options.address, m_options.port); auto sslctx = new SSLContext(m_options.cert, m_options.key); auto stream = new SSLStream(conn, sslctx, SSLStreamState.connecting);this is what it looks like on my site right now...
This is also what I'd expect to work. When
enforceSSLthrows, do you
get a usable, human readable error message?
No it just prints:
object.Exception@C:\Users\Stephan\AppData\Roaming\dub\packages\vibe-d-0.7.18\source\vibe\stream\ssl.d(225): Failed to connect SSL tunnel.: 1
On Fri, 27 Dec 2013 11:42:08 GMT, Stephan Dilly wrote:
On Fri, 27 Dec 2013 10:43:12 +0100, Sönke Ludwig wrote:
Am 27.12.2013 03:33, schrieb Stephan Dilly:
On Fri, 27 Dec 2013 02:30:54 GMT, Stephan Dilly wrote:
http://vibed.org/api/vibe.stream.ssl/
you show above how to create an ssl server using cert/key. now i have an ssl server (apple push service) that needs me to use cert/key even when connecting to them. do i have to do something different there cause simply providing it like in the server-listen example gives me zero as a return fromSSL_connect()in SSLStream and 5 fromERR_get_error()...but i must confess, i am a total ssl noob
auto conn = connectTCP(m_options.address, m_options.port); auto sslctx = new SSLContext(m_options.cert, m_options.key); auto stream = new SSLStream(conn, sslctx, SSLStreamState.connecting);this is what it looks like on my site right now...
This is also what I'd expect to work. When
enforceSSLthrows, do you
get a usable, human readable error message?No it just prints:
object.Exception@C:\Users\Stephan\AppData\Roaming\dub\packages\vibe-d-0.7.18\source\vibe\stream\ssl.d(225): Failed to connect SSL tunnel.: 1
Ok now I changed enforceSSL to:
if( ret <= 0 ){
char[120] ebuf;
auto eCode = ERR_get_error();
while(eCode != 0){
ERR_error_string(eCode, ebuf.ptr);
logError("ERR: '%s'", ebuf);
eCode = ERR_get_error();
}
auto errmsg = to!string(SSL_get_error(m_ssl, ret));
throw new Exception(message~": "~errmsg);
}
return ret;
Now it prints:
ERR: 'error:140C5042:SSL routines:SSL_UNDEFINED_FUNCTION:called a function you should not call '
object.Exception@C:\Users\Stephan\AppData\Roaming\dub\packages\vibe-d-0.7.18\source\vibe\stream\ssl.d(231): Failed to connect SSL tunnel.: 5
Any ideas ??
Am 27.12.2013 12:46, schrieb Stephan Dilly:
(...)
Now it prints:
ERR: 'error:140C5042:SSL routines:SSL_UNDEFINED_FUNCTION:called a function you should not call ' object.Exception@C:\Users\Stephan\AppData\Roaming\dub\packages\vibe-d-0.7.18\source\vibe\stream\ssl.d(231): Failed to connect SSL tunnel.: 5Any ideas ??
Oh okay, I see. The SSLContext constructor(s) need(s) to be adjusted
with an additional argument that determines the client/server mode (so
that it can be instantiated with XX_client_method() instead ofXX_server_method().
I'll also incorporate the ERR_error_string code (the code obviously
assumed that SSL_get_error returns a const(char)*).
On Fri, 27 Dec 2013 13:05:39 +0100, Sönke Ludwig wrote:
Am 27.12.2013 12:46, schrieb Stephan Dilly:
(...)
Now it prints:
ERR: 'error:140C5042:SSL routines:SSL_UNDEFINED_FUNCTION:called a function you should not call ' object.Exception@C:\Users\Stephan\AppData\Roaming\dub\packages\vibe-d-0.7.18\source\vibe\stream\ssl.d(231): Failed to connect SSL tunnel.: 5Any ideas ??
Oh okay, I see. The
SSLContextconstructor(s) need(s) to be adjusted
with an additional argument that determines the client/server mode (so
that it can be instantiated withXX_client_method()instead ofXX_server_method().I'll also incorporate the
ERR_error_stringcode (the code obviously
assumed thatSSL_get_errorreturns aconst(char)*).
Aaaand I am on git-head again ;)
Thanks in advance!
And a late merry xmas !!
Am 27.12.2013 13:19, schrieb Stephan Dilly:> On Fri, 27 Dec 2013 13:05:39 +0100, Sönke Ludwig wrote:
Am 27.12.2013 12:46, schrieb Stephan Dilly:
(...)
Now it prints:
ERR: 'error:140C5042:SSL routines:SSL_UNDEFINED_FUNCTION:called a function you should not call ' object.Exception@C:\Users\Stephan\AppData\Roaming\dub\packages\vibe-d-0.7.18\source\vibe\stream\ssl.d(231): Failed to connect SSL tunnel.: 5Any ideas ??
Oh okay, I see. The
SSLContextconstructor(s) need(s) to be adjusted
with an additional argument that determines the client/server mode (so
that it can be instantiated withXX_client_method()instead ofXX_server_method().I'll also incorporate the
ERR_error_stringcode (the code obviously
assumed thatSSL_get_errorreturns aconst(char)*).Aaaand I am on git-head again ;)
Sorry 'bout that ;) At least a new release should be out soon.
Thanks in advance!
Done now: b8e75f2
It also still badly needs some code for enabling/customizing certificate validation and for customizing the cypher suite (e.g. to prefer/require perfect forward security and secure encryption algorithms).
And a late merry xmas !!
Thanks, giving that back! And also a "good slide into next year" ;)
On Fri, 27 Dec 2013 12:35:19 GMT, Sönke Ludwig wrote:
Done now: b8e75f2
Hell yeah, it works! Thank you. So my work on apn for D can go on:
https://github.com/Extrawurst/apn-d
This is the last roadblock to a STACK4 release for iOS ;)
And a late merry xmas !!
Thanks, giving that back! And also a "good slide into next year" ;)
Dir auch nen guten Rutsch :P