https support in Basic4PPC - any news ?

TWELVE

Active Member
Licensed User
Hello folks,

it has been a while since i asked this question for the first time:

I do some communications with a webserver over http protocol.I intend to make the connection more secure to prevent other people from sniffing the packets thus i'd like to implement https communication in my B4P app.

- how can i get https support in my B4P apps ?

- windows mobile browser supports https, so this stuff needs to be somewhere in the .net stuff.Does anybody know how this could be used from a B4P app ( Andrew mentioned door.library earlier?)

- if there's no -current- way to use https through a native .net class / lib,
has anyone a workaround in place ( or worked on it), like OpenSSL or stunnel ?

- the most comfortable way from an programmer's perspective would be the integration into the http lib ( or an https lib).Are there any plans to do that ?

As a brief explanation, https uses an underlying SSL or TLS protocol to secure the payload data for higher level protocol ( which is http in this case).

kind regards,

TWELVE
 

TWELVE

Active Member
Licensed User
Hi Erel,

thanks for your reply.When did you implement https in the http lib ? Or was it in there since ever ? I'm a bit surprised because when i asked last time Andrew answered, this needs to be done separately via door lib etc. ?
Anyway, i'm very pleased about that fact, that will make my ´work much easier.


I tested with your code and it worked fine.It's not more than replacing the http with https, right ? So far, so good, but: this is only working for webservers/domains presenting a valid certificate to the client.On a normal web browser one will take notice of this because a warning message comes up.A B4P app using the http lib, the request will return an error: "trust failure."

Since we plan to use our own certificate, which is not certified by any CA due to cost reasons ( we don't need that signing anyway) , i need a way to have the http lib proceed with that request even though the certificate is not found or trusted.

So what can i do in that case ? ( either skip check and proceed or install my certificate on the PPC ?)


Furthermore i noticed, that the methods request.ResponseCode and request.ErrorMessage do not contain any values when request.Method is set to "POST".If i disable the ErrorHandler, i can see the "trust failure" error message then, which then comes from the OS.With method "GET", responseCode is "-1" and ErrorMessage is "trustfailure".


I also noticed, that the latest http lib 1.5 was not in the 6.50 package, which actually did not raise any issues for me, but i was asking me how to find out, what lib versions are currently installed ? In the optimize mode, i can see the versions right after compile has completed, but only for those that have been incorporated into the .exe file.Also the help files do not mention the version, except a few ( like threading from Andrew).

Is there a way to find out the lib version, other than already outlined above ?


kind regards,

Frank
 

agraham

Expert
Licensed User
Longtime User
I'm a bit surprised because when i asked last time Andrew answered, this needs to be done separately via door lib etc.
To be fair (unless you've found a post I have conveniently overlooked ;) )I gave this reply to your question here http://www.b4x.com/forum/questions-help-needed/2214-base64-md5-crypt-ssl-basic4ppc.html

About Https I have no idea as it it not part of my skill-set
But later replied to a post here http://www.b4x.com/forum/questions-help-needed/3478-no-sslstream-net-compact-framework.html

... WM5.0 and later supports SSL over HTTP by just changing URLs to start with "https://" but "your Web server must have an X.509 server certificate which is used to authenticate the Web server ...". ... So it looks like it should also work through the HTTP libary though it may need a bit of intervention with the Door library... as this is not one of my areas of expertise.
 

Erel

B4X founder
Staff member
Licensed User
Longtime User
See the first thread on this page for the list of updated libraries: Official Updates - Basic4ppc - Windows Mobile Development

You can check the DllVersion property of each library to find its version"
B4X:
request.New1("https://www.google.com")
msgbox(request.DllVersion)

I've attached a small library + source that allow you to accept all certificates.
Copy both files to Basic4ppc libraries folder.

To use it you should add a CertificatePolicy object (which I named Certificate in my example) and add the following lines under sub App_start:
B4X:
Certificate.New1
Certificate.Run
 

Attachments

  • CertificatePolicy.zip
    2.1 KB · Views: 219

TWELVE

Active Member
Licensed User
I've attached a small library + source that allow you to accept all certificates.
Copy both files to Basic4ppc libraries folder.

To use it you should add a CertificatePolicy object (which I named Certificate in my example) and add the following lines under sub App_start:


Hi Erel,

thanks for that, but i get an error when i try to compile my app:

Error compiling program.
Error message: Unknown control type.Use Control("_main_certificate",Type)instead.
Line number: 1173
Line: Certificate.New1

I added the lib under Components and added the two objects you told me.

What's wrong here ?

cheers,

TWELVE
 

agraham

Expert
Licensed User
Longtime User
What's wrong here ?
Nothing, it's a compiler warning that it wants to confirm the type of the object. Just do the edit as it advises. There's a bit about it in Main Help->Keywords->Runtime Control Manipulation->Control

Edit:- The type it wants is probably CertificatePolicy
 
Last edited:

TWELVE

Active Member
Licensed User
Nothing, it's a compiler warning that it wants to confirm the type of the object.

There's nothing i can confirm..only ok for closing the message.

Just do the edit as it advises. There's a bit about it in Main Help->Keywords->Runtime Control Manipulation->Control

I'm confused.I'm not aware of using a control for this ? Nor i do runtime manipulate a control ( i'm not aware of it exists ?).
Furthermore i can't see an advise that would help me here.I just don't know what it means.I also followed Erel's instructions, so i'm a bit stumped here.

Edit:- The type it wants is probably CertificatePolicy

Rename my objects ? I tried this, but did not change anything.

cheers,

TWELVE
 

agraham

Expert
Licensed User
Longtime User
There's nothing i can confirm..only ok for closing the message.
The compiler message is telling you to edit your source code at line 1173 to

Control("_main_certificate", CertificatePolicy)
Error compiling program.
Error message: Unknown control type.Use Control("_main_certificate",Type)instead.
Line number: 1173
Line: Certificate.New1
It wants to know the type of the "control". Control here is a synonym for your library object which is treated as a control in many respects within Basic4ppc.

EDIT:- :sign0013: Disregard the above, I didn't read the error message carefully enough. :sign0161: It looks like it is when you try to New it not when you reference it with Control(...) like I thought, which is where you normally get that error message. I haven't seen that message for any other reason. :confused: I'm thinking :sign0094: maybe Erel will get there first!
 
Last edited:

TWELVE

Active Member
Licensed User
1. Did you add a reference to CertificatePolicy.dll?

Jap.I added the lib for both the device and desktop.Tools-->Components--> Add DLL.

2. Did you add (tools -> Add object) an object named Certificate of that type?

Jap.One certificate.new1 and one certificate.run as you instructed me above.
On Andrews advise, i deleted and recreated them with the name CertificatePolicy.New1 / Run , which did not solve the issue.I also tried the piece of code Andrew suggested, but this messed it up even more ( some index was of negative value ?).


cheers,


TWELVE
 

agraham

Expert
Licensed User
Longtime User
On Andrews advise, i deleted and recreated them with the name CertificatePolicy.New1 / Run , which did not solve the issue
That wasn't really what I meant but as I was totally wrong anyway it doesn't matter.

I am intrigued by the fact that the error message I "normally" get under the scenario I thought was happening is
"Unknown control type. Use Control(Name, Type)"
which happens when you reference, usually by a typo, a non-existent property or method of a library object.

This error message appears to be (if accurately quoted)
"Unknown control type.Use Control("_main_certificate",Type)"
Note that the actual control name is substituted and appears in quotes whereas the message I have previously seen is a generic message with no control name substitution and no quotes. I have no idea what error triggers the production of this slightly different error message!
 

TWELVE

Active Member
Licensed User
Thanks Andrew for your comments...i only introduced Erel's dll to get the http dll working with servers that don't have a trusted certificate.So, to not get out of the focus, if i could import my own certificate to the PPC, this would also do the job.The certificate dll is a nice way to get around this certificate stuff, but if it's not working i need some other way.


cheers,

TWELVE
 

TWELVE

Active Member
Licensed User
Hi Erel,

i compiled and ran your small program without any issues.Then i found the mistake i made: i added the object from CertificatePolicy in the wrong way - i created CertificatePolicy.New1 and CertificatePolicy.Run instead of just CertificatePolicy :)) :signOops:

Sorry for this simple error..it has been a while since i added objects and when i saw how you created the object it was totally clear again...:sign0013:

But is was in the text above..someone did not read too carefully :sign0135:

Thank you and Andrew for the rapid responses !


I also noticed, that the request.ResponseCode & request.ErrorMessage now contain valid values, even with the Request.Method = "POST", which was not the case before i added your CertificatePolicy stuff.That might be something you wanna look at.

Beside this, do you know a method how one could import his own certificate to the device ? That's not too important for me at this point in time ( since you provided a good workaround), but i'm just interested in because it could be necessary at a later point in time.


so thx again you 2 for the great support..!


cheers,

TWELVE
 
Last edited:
Top