https support in Basic4PPC - any news ?

Discussion in 'Questions (Windows Mobile)' started by TWELVE, Jan 31, 2009.

  1. TWELVE

    TWELVE Active Member Licensed User

    Hello folks,

    it has been a while since i asked this question for the first time:

    I do some communications with a webserver over http protocol.I intend to make the connection more secure to prevent other people from sniffing the packets thus i'd like to implement https communication in my B4P app.

    - how can i get https support in my B4P apps ?

    - windows mobile browser supports https, so this stuff needs to be somewhere in the .net stuff.Does anybody know how this could be used from a B4P app ( Andrew mentioned door.library earlier?)

    - if there's no -current- way to use https through a native .net class / lib,
    has anyone a workaround in place ( or worked on it), like OpenSSL or stunnel ?

    - the most comfortable way from an programmer's perspective would be the integration into the http lib ( or an https lib).Are there any plans to do that ?

    As a brief explanation, https uses an underlying SSL or TLS protocol to secure the payload data for higher level protocol ( which is http in this case).

    kind regards,

    TWELVE
     
  2. Erel

    Erel Administrator Staff Member Licensed User

    Basic4ppc does support https connections.
    Try this code:
    Code:
    Sub Globals
        
    'Declare the global variables here.

    End Sub

    Sub App_Start
        Form1.Show
        request.New1(
    "https://www.cia.gov/")
        response.New1
        response.Value = request.GetResponse
        TextBox1.Text = response.GetString
    End Sub
     
  3. TWELVE

    TWELVE Active Member Licensed User

    Hi Erel,

    thanks for your reply.When did you implement https in the http lib ? Or was it in there since ever ? I'm a bit surprised because when i asked last time Andrew answered, this needs to be done separately via door lib etc. ?
    Anyway, i'm very pleased about that fact, that will make my ´work much easier.


    I tested with your code and it worked fine.It's not more than replacing the http with https, right ? So far, so good, but: this is only working for webservers/domains presenting a valid certificate to the client.On a normal web browser one will take notice of this because a warning message comes up.A B4P app using the http lib, the request will return an error: "trust failure."

    Since we plan to use our own certificate, which is not certified by any CA due to cost reasons ( we don't need that signing anyway) , i need a way to have the http lib proceed with that request even though the certificate is not found or trusted.

    So what can i do in that case ? ( either skip check and proceed or install my certificate on the PPC ?)


    Furthermore i noticed, that the methods request.ResponseCode and request.ErrorMessage do not contain any values when request.Method is set to "POST".If i disable the ErrorHandler, i can see the "trust failure" error message then, which then comes from the OS.With method "GET", responseCode is "-1" and ErrorMessage is "trustfailure".


    I also noticed, that the latest http lib 1.5 was not in the 6.50 package, which actually did not raise any issues for me, but i was asking me how to find out, what lib versions are currently installed ? In the optimize mode, i can see the versions right after compile has completed, but only for those that have been incorporated into the .exe file.Also the help files do not mention the version, except a few ( like threading from Andrew).

    Is there a way to find out the lib version, other than already outlined above ?


    kind regards,

    Frank
     
  4. agraham

    agraham Expert Licensed User

    To be fair (unless you've found a post I have conveniently overlooked ;) )I gave this reply to your question here http://www.basic4ppc.com/forum/questions-help-needed/2214-base64-md5-crypt-ssl-basic4ppc.html

    But later replied to a post here http://www.basic4ppc.com/forum/questions-help-needed/3478-no-sslstream-net-compact-framework.html

     
  5. Erel

    Erel Administrator Staff Member Licensed User

    See the first thread on this page for the list of updated libraries: Official Updates - Basic4ppc - Windows Mobile Development

    You can check the DllVersion property of each library to find its version"
    Code:
    request.New1("https://www.google.com")
    msgbox(request.DllVersion)
    I've attached a small library + source that allow you to accept all certificates.
    Copy both files to Basic4ppc libraries folder.

    To use it you should add a CertificatePolicy object (which I named Certificate in my example) and add the following lines under sub App_start:
    Code:
    Certificate.New1
    Certificate.Run
     

    Attached Files:

  6. TWELVE

    TWELVE Active Member Licensed User


    Hi Erel,

    thanks for that, but i get an error when i try to compile my app:

    I added the lib under Components and added the two objects you told me.

    What's wrong here ?

    cheers,

    TWELVE
     
  7. agraham

    agraham Expert Licensed User

    Nothing, it's a compiler warning that it wants to confirm the type of the object. Just do the edit as it advises. There's a bit about it in Main Help->Keywords->Runtime Control Manipulation->Control

    Edit:- The type it wants is probably CertificatePolicy
     
    Last edited: Jan 31, 2009
  8. TWELVE

    TWELVE Active Member Licensed User

    There's nothing i can confirm..only ok for closing the message.

    I'm confused.I'm not aware of using a control for this ? Nor i do runtime manipulate a control ( i'm not aware of it exists ?).
    Furthermore i can't see an advise that would help me here.I just don't know what it means.I also followed Erel's instructions, so i'm a bit stumped here.

    Rename my objects ? I tried this, but did not change anything.

    cheers,

    TWELVE
     
  9. agraham

    agraham Expert Licensed User

    The compiler message is telling you to edit your source code at line 1173 to

    Control("_main_certificate", CertificatePolicy)
    It wants to know the type of the "control". Control here is a synonym for your library object which is treated as a control in many respects within Basic4ppc.

    EDIT:- :sign0013: Disregard the above, I didn't read the error message carefully enough. :sign0161: It looks like it is when you try to New it not when you reference it with Control(...) like I thought, which is where you normally get that error message. I haven't seen that message for any other reason. :confused: I'm thinking :sign0094: maybe Erel will get there first!
     
    Last edited: Jan 31, 2009
  10. Erel

    Erel Administrator Staff Member Licensed User

    1. Did you add a reference to CertificatePolicy.dll?
    2. Did you add (tools -> Add object) an object named Certificate of that type?
     
  11. TWELVE

    TWELVE Active Member Licensed User

    Jap.I added the lib for both the device and desktop.Tools-->Components--> Add DLL.

    Jap.One certificate.new1 and one certificate.run as you instructed me above.
    On Andrews advise, i deleted and recreated them with the name CertificatePolicy.New1 / Run , which did not solve the issue.I also tried the piece of code Andrew suggested, but this messed it up even more ( some index was of negative value ?).


    cheers,


    TWELVE
     
  12. agraham

    agraham Expert Licensed User

    That wasn't really what I meant but as I was totally wrong anyway it doesn't matter.

    I am intrigued by the fact that the error message I "normally" get under the scenario I thought was happening is
    "Unknown control type. Use Control(Name, Type)"
    which happens when you reference, usually by a typo, a non-existent property or method of a library object.

    This error message appears to be (if accurately quoted)
    "Unknown control type.Use Control("_main_certificate",Type)"
    Note that the actual control name is substituted and appears in quotes whereas the message I have previously seen is a generic message with no control name substitution and no quotes. I have no idea what error triggers the production of this slightly different error message!
     
  13. TWELVE

    TWELVE Active Member Licensed User

    Thanks Andrew for your comments...i only introduced Erel's dll to get the http dll working with servers that don't have a trusted certificate.So, to not get out of the focus, if i could import my own certificate to the PPC, this would also do the job.The certificate dll is a nice way to get around this certificate stuff, but if it's not working i need some other way.


    cheers,

    TWELVE
     
  14. Erel

    Erel Administrator Staff Member Licensed User

    Please try the attached program.
     

    Attached Files:

    • 1.sbp
      File size:
      646 bytes
      Views:
      55
  15. TWELVE

    TWELVE Active Member Licensed User

    Hi Erel,

    i compiled and ran your small program without any issues.Then i found the mistake i made: i added the object from CertificatePolicy in the wrong way - i created CertificatePolicy.New1 and CertificatePolicy.Run instead of just CertificatePolicy :)) :signOops:

    Sorry for this simple error..it has been a while since i added objects and when i saw how you created the object it was totally clear again...:sign0013:

    But is was in the text above..someone did not read too carefully :sign0135:

    Thank you and Andrew for the rapid responses !


    I also noticed, that the request.ResponseCode & request.ErrorMessage now contain valid values, even with the Request.Method = "POST", which was not the case before i added your CertificatePolicy stuff.That might be something you wanna look at.

    Beside this, do you know a method how one could import his own certificate to the device ? That's not too important for me at this point in time ( since you provided a good workaround), but i'm just interested in because it could be necessary at a later point in time.


    so thx again you 2 for the great support..!


    cheers,

    TWELVE
     
    Last edited: Feb 1, 2009
  16. Erel

    Erel Administrator Staff Member Licensed User

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice