I have to write a client that connects to a web service over SSL. I'd been planning to use ATL Soap Client for this (those classes generated by msvs2005 when right clicking on project->add web reference) however those classes seem to be unable to connect to the server over SSL.
When I try to send a request, it fails here:
// default only supports HTTP
return scheme == ATL_URL_SCHEME_HTTP ? true : false;
And the stack trace is:
MyClientDll.dll!ATL::ZEvtSyncSocket::SupportsScheme(ATL::ATL_URL_SCHEME scheme=ATL_URL_SCHEME_HTTPS) Line 355 C++
MyClientDll.dll!ATL::CAtlHttpClientT::_SetDefaultUrl(const char * szURL=0x00000000, short nPort=443) Line 2269 + 0x15 bytes C++
MyClientDll.dll!ATL::CAtlHttpClientT::SetDefaultUrl(const ATL::CUrl * pUrl=0x0012beac, short nPortNumber=443) Line 1126 C++
MyClientDll.dll!ATL::CAtlHttpClientT::Navigate(const ATL::CUrl * pUrl=0x0012beac, ATL::ATL_NAVIGATE_DATA * pData=0x0012babc) Line 161 + 0x1a bytes C++
MyClientDll.dll!ATL::CSoapSocketClientT::SendRequest(const char * szAction=0x0a369058) Line 6667 + 0x1c bytes C++
Anyone knows how to make this ATL Soap client support SSL?
Related
I have strange problems in ssl_read/ssl_write function with EPP server
After connected I read greeting message successfully.
bytes = SSL_read(ssl, buf, sizeof(buf)); // get reply & decrypt
buf[bytes] = 0;
ball+= bytes;
cc = getInt(buf);
printf("header: %x\n",cc);
printf("Received: \"%s\"\n",buf+4);
First 4 bytes are 00, 00, 09, EB and read 2539 bytes in greeting message.
After that, all operations like hello or logins are hand when SSL_read();
xml= "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?><eppxmlns=\"urn:ietf:params:xml:ns:epp-1.0\"><hello/></epp>";
char bb[1000] = {0};
makeChar(strlen(xml)+4, bb);
memcpy(bb+4, xml, strlen(xml)+4);
bytes = SSL_write(ssl,xml,strlen(xml)+4);
usleep(500000); //sleep 0.5 sec
memset(buf, 0, 1024);
printf("read starting.\n");
bytes = SSL_read(ssl, buf, 1024); //always hang here
buf[bytes]=0;
printf("%d : %s", bytes, buf);
I am confused. I read RFC documentations but I can not find answer.
in EPP documentation, they said "In order to verify the identity of the secure server you will need the ‘Verisign Class 3 Public Primary Certification Authority’ root certificate available free from www.verisign.com".
is it important?
is it important?
Yes, as outlined in RFC 5734 "Extensible Provisioning Protocol (EPP) Transport over TCP", the whole security of an EPP exchange is bound to 3 properties:
access list based on IP address
TLS communication and verification of certificates (mutually, which is why you - as registrar aka client in EPP communication - have often to send in advance the certificate you will use ot the registry)
the EPP credentials used at <login> command.
Failure to properly secure the connection can mean:
you as registrar sending confidential information (your own EPP login, various details on domains you sponsor or not, including <authInfo> values, etc.) to a third party not being the registry
and in reverse, someone mimicking you in the eyes of the registry hence doing operations on which you will have to get the burden of, including financially for all domains bought, and legally.
But even in general for all cases of TLS handshake, if you want to be sure to be connected, as client, to the server you think you are, you need to verify its certificate.
Besides trivial things (dates, etc.), the certificate:
should at least be signed by an AC you trust (your choice who you trust)
and/or is a specific certificate with specific fingerprint/serial and other characteristics (but you will have to maintain that when the other party changes its certificate)
and/or matches DNS TLSA records
In short, if you are new to both EPP and TLS and C/C++ (as you state yourself in your other question about Verisign certificate), I hugely recommend you do not try to do all of this by yourself at a so low level (for example you should never manipulate XML as you do above, it shouldn't be a string. Again, there are libraries to properly parse and generate XML documents). You should use an EPP library that leverage most of the things for you. Your registry may provide an "SDK" that you can use, you should ask it.
PS: your read is probably hanging because you are not sending the payload in the correct fashion (again, something an EPP library will do for you). You need to send the length, as 4 bytes (which you need to compute after converting your string to bytes using the UTF-8 encoding), and then the payload itself. I am not sure this is what your code does. Also your reading part is wrong: you should first read 4 bytes from server, this will give you the length (but do note they can theoretically arrive not necessarily in a single packet so one "ssl read" might not give all 4 of them, you need a loop), after which you know the length of the payload you will get which allows you to set up proper buffers, if needed, as well as detecting properly when you received everything.
I've got a c++ program using libnetfilter_queue library, designed to work on a Linux system.
I'd need to filter only application layer packets (hence, packets including payload for the application layer of the host).
I know that it's not possible with iptables, without rebuilding the kernel.
Since I can't do that on the final host device, I'm working from my c++ program.
My aim is to directly accept non-application layer packets and to process layer-7 packets.
I tried using the nfq_get_payload function, returning -1 if an error (hence, I suppose, no payload) if found.
ret = nfq_get_payload(tb, &data);
if (ret < 0) { /* accept packet */ }
else { /* process packet */ }
I know that the nfq_get_payload function depends on the "adopted mode" (see nfq_set_mode function), but it is not working to me.
How can I discriminate between application layer packets and "lower-layers" ones?
Knowing that the ip_src byte location is in data + 12 (see also here), since the TCP layer size is 64 bytes, the payload should be found, if available, in position data + 12 + 64.
unsigned char* pkt_payload = (buffer + 12 + 64));
Nevertheless, if I try to print the pkt_payload variable, it is not compliant to the expected results.
How can I solve it?
I'm writing an extension to MFC app with use of ZMQ (zmq.hpp). When I'm trying to unload my DLL from the app, the zmq_ctx_destroy() function hangs forever.
I have found a similar issue but there is no answer.
I've tried to debug it and found out that it stops in function zmq::thread_t::stop() on the first line:
DWORD rc = WaitForSingleObject (descriptor, INFINITE);
It hung even without sending anything. Simplified code looks like this:
zmq::context_t context(1);
zmq::socket_t socket(context, ZMQ_REQ);
socket.connect(ENDPOINT.c_str());
Socket and context destroyed when leaving scope.
Call Stack:
libzmq-v100-mt-gd-4_0_4.dll! zmq::thread_t::stop() Line 56 + 0x17 bytes C++
libzmq-v100-mt-gd-4_0_4.dll! zmq::select_t::~select_t() Line 57 + 0x13 bytes C++
libzmq-v100-mt-gd-4_0_4.dll! zmq::select_t::`scalar deleting destructor'() + 0x2c bytes C++
libzmq-v100-mt-gd-4_0_4.dll! zmq::io_thread_t::~io_thread_t() Line 39 + 0x37 bytes C++
libzmq-v100-mt-gd-4_0_4.dll! zmq::io_thread_t::`scalar deleting destructor'() + 0x2c bytes C++
libzmq-v100-mt-gd-4_0_4.dll! zmq::ctx_t::~ctx_t() Line 82 + 0x49 bytes C++
libzmq-v100-mt-gd-4_0_4.dll! zmq::ctx_t::`scalar deleting destructor'() + 0x2c bytes C++
libzmq-v100-mt-gd-4_0_4.dll! zmq::ctx_t::terminate() Line 153 + 0x3d bytes C++
libzmq-v100-mt-gd-4_0_4.dll! zmq_ctx_term(void * ctx_) Line 171 + 0xa bytes C++
libzmq-v100-mt-gd-4_0_4.dll! zmq_ctx_destroy(void * ctx_) Line 242 C++
DataReader.dll! zmq::context_t::close() Line 309 + 0xe bytes C++
DataReader.dll! zmq::context_t::~context_t() Line 303 C++
The MFC app has a mechanism to run specifically created DLLs. This DLL is based on CWinApp, all DLL-specific initialization code in the InitInstance member function and termination code in ExitInstance. So this JIRA issue should not be the case.
After a couple of days I found out that the app also relies on sockets as ZMQ. So at the end of its life ZMQ context was waiting for closing of all opened sockets in the process, but MFC app continues to use its opened sockets. That was the reason why zmq_ctx_destroy() function hangs forever.
Solution for cases like this one (when app uses sockets as well and you need to add some functionality based on ZMQ).
Create a new process. This process will create a ZMQ context and send/receive all messages. Data from dll could be passed to that process via Windows messages or shared memory.
I'm currently working with gloox in order to send XMPP messages from my C++ program. I work in local network with my private prosody XMPP server.
Sending text messages between two client works but not files. I tried the gloox examples (ft_rcv & ft_send) but it did not worked neither (obviously I modified the examples to match my configuration), I always have the same error :
<error type='cancel'><service-unavailable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
At the beginning I thought it was due to my prosody server but I added the following lines in the conf files :
Component "proxy.jabberserver.local" "proxy65"
proxy65_address = "proxy.jabberserver.local"
proxy65_ports = { 7777 }
I tried different server and different port but I'm currently in a dead end. If someone have an idea it would be great.
Thank you
f->addStreamHost( JID("proxy.jabberserver.local"), "proxy.jabberserver.local", 7777 ); should do the trick. If no - show full XML log.
I am trying to do a FTP based integration using WSO2 ESB. I am able to transfer files from one FTP location to another using VFS transport. But WSO2 ESB expects soap envelope inside the file am transferring.
This logic will not suit in case if Am transferring an image.
How to transfer the image/files with non soap envelope using VFS transport ?
Below error occurs if I transfer any file without soap envelope:
[2013-06-07 14:01:31,314] ERROR - VFSTransportListener Error processing File URI
: ftp://isova1:admin#10.208.29.144/isova.png
org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxIOException: Invalid UTF-8
start byte 0x89 (at char #1, byte #-1)
at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.jav
a:296)
at org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.getSOAPEnvelo
pe(StAXSOAPModelBuilder.java:204)
at org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.<init>(StAXSO
APModelBuilder.java:154)
at org.apache.axiom.om.impl.AbstractOMMetaFactory.createStAXSOAPModelBui
lder(AbstractOMMetaFactory.java:73)
at org.apache.axiom.om.impl.AbstractOMMetaFactory.createSOAPModelBuilder
(AbstractOMMetaFactory.java:79)
at org.apache.axiom.om.OMXMLBuilderFactory.createSOAPModelBuilder(OMXMLB
uilderFactory.java:196)
at org.apache.axis2.builder.SOAPBuilder.processDocument(SOAPBuilder.java
:55)
at org.apache.synapse.transport.vfs.VFSTransportListener.processFile(VFS
TransportListener.java:558)
at org.apache.synapse.transport.vfs.VFSTransportListener.scanFileOrDirec
tory(VFSTransportListener.java:312)
at org.apache.synapse.transport.vfs.VFSTransportListener.poll(VFSTranspo
rtListener.java:158)
at org.apache.synapse.transport.vfs.VFSTransportListener.poll(VFSTranspo
rtListener.java:107)
at org.apache.axis2.transport.base.AbstractPollingTransportListener$1$1.
run(AbstractPollingTransportListener.java:67)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(Native
WorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExec
utor.java:895)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
.java:918)
at java.lang.Thread.run(Thread.java:662)
Caused by: com.ctc.wstx.exc.WstxIOException: Invalid UTF-8 start byte 0x89 (at c
har #1, byte #-1)
at com.ctc.wstx.sr.StreamScanner.constructFromIOE(StreamScanner.java:625
)
at com.ctc.wstx.sr.StreamScanner.loadMore(StreamScanner.java:994)
at com.ctc.wstx.sr.StreamScanner.getNext(StreamScanner.java:754)
at com.ctc.wstx.sr.BasicStreamReader.nextFromProlog(BasicStreamReader.ja
va:1977)
at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1114)
at org.apache.axiom.util.stax.wrapper.XMLStreamReaderWrapper.next(XMLStr
eamReaderWrapper.java:225)
at org.apache.axiom.util.stax.dialect.DisallowDoctypeDeclStreamReaderWra
pper.next(DisallowDoctypeDeclStreamReaderWrapper.java:34)
at org.apache.axiom.util.stax.wrapper.XMLStreamReaderWrapper.next(XMLStr
eamReaderWrapper.java:225)
at org.apache.axiom.om.impl.builder.StAXOMBuilder.parserNext(StAXOMBuild
er.java:681)
at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.jav
a:214)
... 15 more
Caused by: java.io.CharConversionException: Invalid UTF-8 start byte 0x89 (at ch
ar #1, byte #-1)
at com.ctc.wstx.io.UTF8Reader.reportInvalidInitial(UTF8Reader.java:303)
at com.ctc.wstx.io.UTF8Reader.read(UTF8Reader.java:189)
at com.ctc.wstx.io.ReaderSource.readInto(ReaderSource.java:87)
at com.ctc.wstx.io.BranchingReaderSource.readInto(BranchingReaderSource.
java:57)
at com.ctc.wstx.sr.StreamScanner.loadMore(StreamScanner.java:988)
... 23 more
Regards
Guru
#gnanagurus
This most likely occurs because the right ContentType of the VFS transport is not used.
When transferring binary data, use this:
<parameter name="transport.vfs.ContentType">application/octet-stream</parameter>
I just tried it on WSO2 ESB 4.0.3 and it worked fine for a png file, while using text/plain for the value of the transport.vfs.ContentType parameter was throwing the same exception as you described.
Check out the Synapse VFS service parameters here.