Should connect system call succeed over https / port 443
up vote
0
down vote
favorite
I'm using an old cross platform mobile platform (Rhomobile) which supports an api call to detect if there is an available network connection. The source code is available and I can see when we do a call to detect connection we examine the results of the OS level system call to make a socket connection for a given url and port. This was working fine previously as our endpoint was http. We have now migrated this to https and are seeing some strange results. Call made will be
struct addrinfo hints, *result = NULL, *ptr = NULL;
int sockfd = -1;
memset(&hints,0,sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
char szPortAsString[5 + 1];
snprintf(szPortAsString,5,"%d",m_iPort);
char* szHost = new char[m_szHost.length() + 1];
memset(szHost, 0, m_szHost.length() + 1);
strcpy(szHost, m_szHost.c_str());
int iResult = getaddrinfo(szHost, szPortAsString, &hints, &result);
...
sockfd = socket(ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol);
...
connect(sockfd, ptr->ai_addr, ptr->ai_addrlen);
and the port will be 443. What I was unclear about whether the connection will be accepted (we don't need to pass any data) across to an https endpoint which requires a client certificate to send/receive data.
Code can be found here: https://github.com/rhomobile/rhodes/blob/3f5cf6ffa90cf8c648ac19c954932d101fc56b42/lib/commonAPI/coreapi/ext/platform/android/jni/NetworkDetect.cpp
linux sockets ssl client-certificates rhodes
add a comment |
up vote
0
down vote
favorite
I'm using an old cross platform mobile platform (Rhomobile) which supports an api call to detect if there is an available network connection. The source code is available and I can see when we do a call to detect connection we examine the results of the OS level system call to make a socket connection for a given url and port. This was working fine previously as our endpoint was http. We have now migrated this to https and are seeing some strange results. Call made will be
struct addrinfo hints, *result = NULL, *ptr = NULL;
int sockfd = -1;
memset(&hints,0,sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
char szPortAsString[5 + 1];
snprintf(szPortAsString,5,"%d",m_iPort);
char* szHost = new char[m_szHost.length() + 1];
memset(szHost, 0, m_szHost.length() + 1);
strcpy(szHost, m_szHost.c_str());
int iResult = getaddrinfo(szHost, szPortAsString, &hints, &result);
...
sockfd = socket(ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol);
...
connect(sockfd, ptr->ai_addr, ptr->ai_addrlen);
and the port will be 443. What I was unclear about whether the connection will be accepted (we don't need to pass any data) across to an https endpoint which requires a client certificate to send/receive data.
Code can be found here: https://github.com/rhomobile/rhodes/blob/3f5cf6ffa90cf8c648ac19c954932d101fc56b42/lib/commonAPI/coreapi/ext/platform/android/jni/NetworkDetect.cpp
linux sockets ssl client-certificates rhodes
What's wrong with just callinggetaddrinfo( m_szHost.c_str(), ... );
? All thatnew char
; strcpy(), and hopefully a laterdelete
are completely unnecessary. And don't post just links to code: "also include the code in your question itself"
– Andrew Henle
Nov 8 at 12:09
This code is in the framework, so I'm not planning on changing it. Question is whether or not the connect will succeed against https without the client certificate being presented
– kayakpim
Nov 8 at 13:06
1
SSL/TLS (and HTTPS) is not done at socket level, only TCP and IP is. Socket connect() to 443 succeeds or fails in the same fashion as any other TCP connection; if and after it succeeds some library like OpenSSL GnuTLS NSS etc. then implements SSL/TLS over the socket (using TCP) which may (as in your case) include client authentication using a certificate, and then HTTP on top of that giving HTTPS.
– dave_thompson_085
Nov 8 at 13:21
Thanks @dave_thompson_085 that was my understanding too, but it's not my area so was hoping to get that clarification. As the service is just a poll to see whether we have an active connection this should work well for http or https
– kayakpim
Nov 8 at 14:23
If you want to make this the answer, perhaps with a reference I'd be happy to accept it.
– kayakpim
Nov 8 at 14:24
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm using an old cross platform mobile platform (Rhomobile) which supports an api call to detect if there is an available network connection. The source code is available and I can see when we do a call to detect connection we examine the results of the OS level system call to make a socket connection for a given url and port. This was working fine previously as our endpoint was http. We have now migrated this to https and are seeing some strange results. Call made will be
struct addrinfo hints, *result = NULL, *ptr = NULL;
int sockfd = -1;
memset(&hints,0,sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
char szPortAsString[5 + 1];
snprintf(szPortAsString,5,"%d",m_iPort);
char* szHost = new char[m_szHost.length() + 1];
memset(szHost, 0, m_szHost.length() + 1);
strcpy(szHost, m_szHost.c_str());
int iResult = getaddrinfo(szHost, szPortAsString, &hints, &result);
...
sockfd = socket(ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol);
...
connect(sockfd, ptr->ai_addr, ptr->ai_addrlen);
and the port will be 443. What I was unclear about whether the connection will be accepted (we don't need to pass any data) across to an https endpoint which requires a client certificate to send/receive data.
Code can be found here: https://github.com/rhomobile/rhodes/blob/3f5cf6ffa90cf8c648ac19c954932d101fc56b42/lib/commonAPI/coreapi/ext/platform/android/jni/NetworkDetect.cpp
linux sockets ssl client-certificates rhodes
I'm using an old cross platform mobile platform (Rhomobile) which supports an api call to detect if there is an available network connection. The source code is available and I can see when we do a call to detect connection we examine the results of the OS level system call to make a socket connection for a given url and port. This was working fine previously as our endpoint was http. We have now migrated this to https and are seeing some strange results. Call made will be
struct addrinfo hints, *result = NULL, *ptr = NULL;
int sockfd = -1;
memset(&hints,0,sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
char szPortAsString[5 + 1];
snprintf(szPortAsString,5,"%d",m_iPort);
char* szHost = new char[m_szHost.length() + 1];
memset(szHost, 0, m_szHost.length() + 1);
strcpy(szHost, m_szHost.c_str());
int iResult = getaddrinfo(szHost, szPortAsString, &hints, &result);
...
sockfd = socket(ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol);
...
connect(sockfd, ptr->ai_addr, ptr->ai_addrlen);
and the port will be 443. What I was unclear about whether the connection will be accepted (we don't need to pass any data) across to an https endpoint which requires a client certificate to send/receive data.
Code can be found here: https://github.com/rhomobile/rhodes/blob/3f5cf6ffa90cf8c648ac19c954932d101fc56b42/lib/commonAPI/coreapi/ext/platform/android/jni/NetworkDetect.cpp
linux sockets ssl client-certificates rhodes
linux sockets ssl client-certificates rhodes
edited Nov 8 at 11:36
asked Nov 8 at 11:12
kayakpim
8162822
8162822
What's wrong with just callinggetaddrinfo( m_szHost.c_str(), ... );
? All thatnew char
; strcpy(), and hopefully a laterdelete
are completely unnecessary. And don't post just links to code: "also include the code in your question itself"
– Andrew Henle
Nov 8 at 12:09
This code is in the framework, so I'm not planning on changing it. Question is whether or not the connect will succeed against https without the client certificate being presented
– kayakpim
Nov 8 at 13:06
1
SSL/TLS (and HTTPS) is not done at socket level, only TCP and IP is. Socket connect() to 443 succeeds or fails in the same fashion as any other TCP connection; if and after it succeeds some library like OpenSSL GnuTLS NSS etc. then implements SSL/TLS over the socket (using TCP) which may (as in your case) include client authentication using a certificate, and then HTTP on top of that giving HTTPS.
– dave_thompson_085
Nov 8 at 13:21
Thanks @dave_thompson_085 that was my understanding too, but it's not my area so was hoping to get that clarification. As the service is just a poll to see whether we have an active connection this should work well for http or https
– kayakpim
Nov 8 at 14:23
If you want to make this the answer, perhaps with a reference I'd be happy to accept it.
– kayakpim
Nov 8 at 14:24
add a comment |
What's wrong with just callinggetaddrinfo( m_szHost.c_str(), ... );
? All thatnew char
; strcpy(), and hopefully a laterdelete
are completely unnecessary. And don't post just links to code: "also include the code in your question itself"
– Andrew Henle
Nov 8 at 12:09
This code is in the framework, so I'm not planning on changing it. Question is whether or not the connect will succeed against https without the client certificate being presented
– kayakpim
Nov 8 at 13:06
1
SSL/TLS (and HTTPS) is not done at socket level, only TCP and IP is. Socket connect() to 443 succeeds or fails in the same fashion as any other TCP connection; if and after it succeeds some library like OpenSSL GnuTLS NSS etc. then implements SSL/TLS over the socket (using TCP) which may (as in your case) include client authentication using a certificate, and then HTTP on top of that giving HTTPS.
– dave_thompson_085
Nov 8 at 13:21
Thanks @dave_thompson_085 that was my understanding too, but it's not my area so was hoping to get that clarification. As the service is just a poll to see whether we have an active connection this should work well for http or https
– kayakpim
Nov 8 at 14:23
If you want to make this the answer, perhaps with a reference I'd be happy to accept it.
– kayakpim
Nov 8 at 14:24
What's wrong with just calling
getaddrinfo( m_szHost.c_str(), ... );
? All that new char
; strcpy(), and hopefully a later delete
are completely unnecessary. And don't post just links to code: "also include the code in your question itself"– Andrew Henle
Nov 8 at 12:09
What's wrong with just calling
getaddrinfo( m_szHost.c_str(), ... );
? All that new char
; strcpy(), and hopefully a later delete
are completely unnecessary. And don't post just links to code: "also include the code in your question itself"– Andrew Henle
Nov 8 at 12:09
This code is in the framework, so I'm not planning on changing it. Question is whether or not the connect will succeed against https without the client certificate being presented
– kayakpim
Nov 8 at 13:06
This code is in the framework, so I'm not planning on changing it. Question is whether or not the connect will succeed against https without the client certificate being presented
– kayakpim
Nov 8 at 13:06
1
1
SSL/TLS (and HTTPS) is not done at socket level, only TCP and IP is. Socket connect() to 443 succeeds or fails in the same fashion as any other TCP connection; if and after it succeeds some library like OpenSSL GnuTLS NSS etc. then implements SSL/TLS over the socket (using TCP) which may (as in your case) include client authentication using a certificate, and then HTTP on top of that giving HTTPS.
– dave_thompson_085
Nov 8 at 13:21
SSL/TLS (and HTTPS) is not done at socket level, only TCP and IP is. Socket connect() to 443 succeeds or fails in the same fashion as any other TCP connection; if and after it succeeds some library like OpenSSL GnuTLS NSS etc. then implements SSL/TLS over the socket (using TCP) which may (as in your case) include client authentication using a certificate, and then HTTP on top of that giving HTTPS.
– dave_thompson_085
Nov 8 at 13:21
Thanks @dave_thompson_085 that was my understanding too, but it's not my area so was hoping to get that clarification. As the service is just a poll to see whether we have an active connection this should work well for http or https
– kayakpim
Nov 8 at 14:23
Thanks @dave_thompson_085 that was my understanding too, but it's not my area so was hoping to get that clarification. As the service is just a poll to see whether we have an active connection this should work well for http or https
– kayakpim
Nov 8 at 14:23
If you want to make this the answer, perhaps with a reference I'd be happy to accept it.
– kayakpim
Nov 8 at 14:24
If you want to make this the answer, perhaps with a reference I'd be happy to accept it.
– kayakpim
Nov 8 at 14:24
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53206581%2fshould-connect-system-call-succeed-over-https-port-443%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
What's wrong with just calling
getaddrinfo( m_szHost.c_str(), ... );
? All thatnew char
; strcpy(), and hopefully a laterdelete
are completely unnecessary. And don't post just links to code: "also include the code in your question itself"– Andrew Henle
Nov 8 at 12:09
This code is in the framework, so I'm not planning on changing it. Question is whether or not the connect will succeed against https without the client certificate being presented
– kayakpim
Nov 8 at 13:06
1
SSL/TLS (and HTTPS) is not done at socket level, only TCP and IP is. Socket connect() to 443 succeeds or fails in the same fashion as any other TCP connection; if and after it succeeds some library like OpenSSL GnuTLS NSS etc. then implements SSL/TLS over the socket (using TCP) which may (as in your case) include client authentication using a certificate, and then HTTP on top of that giving HTTPS.
– dave_thompson_085
Nov 8 at 13:21
Thanks @dave_thompson_085 that was my understanding too, but it's not my area so was hoping to get that clarification. As the service is just a poll to see whether we have an active connection this should work well for http or https
– kayakpim
Nov 8 at 14:23
If you want to make this the answer, perhaps with a reference I'd be happy to accept it.
– kayakpim
Nov 8 at 14:24