Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Compilable C++ code to implement a secure SLL/TLS client using MS SSPI

Tags:

c++

ssl

sspi

As described here http://www.ddj.com/cpp/184401688

I do not have time to write this from scratch.

Asked and not answered https://stackoverflow.com/questions/434961/implementing-ssl

THE QUESTION IS:

I am looking for some compilable working source code that implements MS SSPI (as alluded to in the thread above), procedural not OOP preferred.

I have looked at the code projects sample here:

http://www.codeproject.com/KB/IP/sslclasses.aspx

But this is C# OOP. Converting this to C++ code is not trivial.

OpenSSL

SChannel calls follow GSS API standards. There are, of course, some alternatives -- OpenSSL for example. This package is a complete and thorough implementation of the protocol and for someone all too familiar with UNIX is undoubtedly the best choice. The package originally targeted the UNIX community and to compile it relies on the Perl runtime, so some learning curve is required for Windows developers who never worked with UNIX-type systems.

Apart from that, OpenSLL does some very non-standard things

Nikolai, Having contibuted a lot of COMPILABLE source code (www.coastrd.com) I was hoping to find someone willing to do the same.

like image 867
Mike Trader Avatar asked Jan 09 '10 02:01

Mike Trader


People also ask

What are the built-in SSL/TLS protocols in SSPI?

SSPI provides a number of built-in protocols Kerberos, NTLM, SSL/TLS. There is almost exactly the same sequence of function calls for either of them. In SSL/TLS case there is a little more to be done. Open Certificate store.

What is SSL/TLS?

An SSL (Secure Sockets Layer) is the standard security protocol used to establish an encrypted connection between a server and a client. After the establish the connection SSL/TLS ensures that the data transmitted between server and client are secured and intact.

How do the SSPI client and server examples work together?

The client and server examples are designed to work together. Both examples use the header file Security.h which can be found in Header File for SSPI Client and Server Samples. For an example of how to initialize an array of security buffers, see SecBuffer and SecBufferDesc Example Code.

How to secure MS SQL connection with SSL/TLS?

To use it simply build the client and server .exes. Make sure the .config file is where the .exe is. You can test how it work by securing MS SQL connection with SSL/TLS. Here are the steps to do it: Make sure you installed your own certificate and updated the hash/thumbprints in code.


1 Answers

This SSPI SChannel SMTPS example should compile and run in Visual Studio 2008 as is

http://www.coastrd.com/c-schannel-smtp (the original site seems dead; fortunately WaybackMachine has it archived)

SChannel is the Microsoft implementation of the GSS API that wraps the SSL/TLS protocol.

Advantages of utilizing SChannel:

  • gory details are shielded from the developer by the SSPI.
  • No extra setup is required to run the final application:
  • SChannel is an integral part of the operating system
  • On Windows ME/2000/XP/... platforms, SChannel is installed and configured by default
  • SChannel calls follow GSS API standards.
  • You do not need to create/install any certificates
  • no third party dll's (1MB or larger) to ship and install

The code should produce a session that looks like this:

----- SSPI Initialized
----- WinSock Initialized
----- Credentials Initialized
----- Connectd To Server
70 bytes of handshake data sent
974 bytes of handshake data received
182 bytes of handshake data sent
43 bytes of handshake data received
Handshake was successful
----- Client Handshake Performed
----- Server Credentials Authenticated

Server subject: C=US, S=California, L=Mountain View, O=Google Inc, CN=smtp.gmail.com
Server issuer: C=ZA, S=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, [email protected]

----- Certificate Chain Displayed
----- Server Certificate Verified
----- Server certificate context released

Protocol: TLS1
Cipher: RC4
Cipher strength: 128
Hash: MD5
Hash strength: 128
Key exchange: RSA
Key exchange strength: 1024
----- Secure Connection Info
64 bytes of (encrypted) application data received
Decrypted data: 43 bytes
220 mx.google.com ESMTP 6sm17740567yxg.66

Sending 7 bytes of plaintext:
EHLO

28 bytes of encrypted data sent
169 bytes of (encrypted) application data received
Decrypted data: 148 bytes
250-mx.google.com at your service, [22.33.111.222]
250-SIZE 35651584
250-8BITMIME
250-AUTH LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250 PIPELINING

Sending 7 bytes of plaintext:
QUIT

28 bytes of encrypted data sent
69 bytes of (encrypted) application data received
Decrypted data: 48 bytes
221 2.0.0 closing connection 6sm17740567yxg.66

----- SMTP session Complete
Sending Close Notify
23 bytes of handshake data sent
----- Disconnected From Server
----- Begin Cleanup
----- All Done -----

like image 182
Mike Trader Avatar answered Oct 08 '22 06:10

Mike Trader