Should connect system call succeed over https / port 443











up vote
0
down vote

favorite












I'm using an old cross platform mobile platform (Rhomobile) which supports an api call to detect if there is an available network connection. The source code is available and I can see when we do a call to detect connection we examine the results of the OS level system call to make a socket connection for a given url and port. This was working fine previously as our endpoint was http. We have now migrated this to https and are seeing some strange results. Call made will be



    struct addrinfo hints, *result = NULL, *ptr = NULL;
int sockfd = -1;
memset(&hints,0,sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
char szPortAsString[5 + 1];
snprintf(szPortAsString,5,"%d",m_iPort);
char* szHost = new char[m_szHost.length() + 1];
memset(szHost, 0, m_szHost.length() + 1);
strcpy(szHost, m_szHost.c_str());
int iResult = getaddrinfo(szHost, szPortAsString, &hints, &result);
...
sockfd = socket(ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol);
...
connect(sockfd, ptr->ai_addr, ptr->ai_addrlen);


and the port will be 443. What I was unclear about whether the connection will be accepted (we don't need to pass any data) across to an https endpoint which requires a client certificate to send/receive data.



Code can be found here: https://github.com/rhomobile/rhodes/blob/3f5cf6ffa90cf8c648ac19c954932d101fc56b42/lib/commonAPI/coreapi/ext/platform/android/jni/NetworkDetect.cpp










share|improve this question
























  • What's wrong with just calling getaddrinfo( m_szHost.c_str(), ... );? All that new char; strcpy(), and hopefully a later delete are completely unnecessary. And don't post just links to code: "also include the code in your question itself"
    – Andrew Henle
    Nov 8 at 12:09












  • This code is in the framework, so I'm not planning on changing it. Question is whether or not the connect will succeed against https without the client certificate being presented
    – kayakpim
    Nov 8 at 13:06






  • 1




    SSL/TLS (and HTTPS) is not done at socket level, only TCP and IP is. Socket connect() to 443 succeeds or fails in the same fashion as any other TCP connection; if and after it succeeds some library like OpenSSL GnuTLS NSS etc. then implements SSL/TLS over the socket (using TCP) which may (as in your case) include client authentication using a certificate, and then HTTP on top of that giving HTTPS.
    – dave_thompson_085
    Nov 8 at 13:21












  • Thanks @dave_thompson_085 that was my understanding too, but it's not my area so was hoping to get that clarification. As the service is just a poll to see whether we have an active connection this should work well for http or https
    – kayakpim
    Nov 8 at 14:23










  • If you want to make this the answer, perhaps with a reference I'd be happy to accept it.
    – kayakpim
    Nov 8 at 14:24















up vote
0
down vote

favorite












I'm using an old cross platform mobile platform (Rhomobile) which supports an api call to detect if there is an available network connection. The source code is available and I can see when we do a call to detect connection we examine the results of the OS level system call to make a socket connection for a given url and port. This was working fine previously as our endpoint was http. We have now migrated this to https and are seeing some strange results. Call made will be



    struct addrinfo hints, *result = NULL, *ptr = NULL;
int sockfd = -1;
memset(&hints,0,sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
char szPortAsString[5 + 1];
snprintf(szPortAsString,5,"%d",m_iPort);
char* szHost = new char[m_szHost.length() + 1];
memset(szHost, 0, m_szHost.length() + 1);
strcpy(szHost, m_szHost.c_str());
int iResult = getaddrinfo(szHost, szPortAsString, &hints, &result);
...
sockfd = socket(ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol);
...
connect(sockfd, ptr->ai_addr, ptr->ai_addrlen);


and the port will be 443. What I was unclear about whether the connection will be accepted (we don't need to pass any data) across to an https endpoint which requires a client certificate to send/receive data.



Code can be found here: https://github.com/rhomobile/rhodes/blob/3f5cf6ffa90cf8c648ac19c954932d101fc56b42/lib/commonAPI/coreapi/ext/platform/android/jni/NetworkDetect.cpp










share|improve this question
























  • What's wrong with just calling getaddrinfo( m_szHost.c_str(), ... );? All that new char; strcpy(), and hopefully a later delete are completely unnecessary. And don't post just links to code: "also include the code in your question itself"
    – Andrew Henle
    Nov 8 at 12:09












  • This code is in the framework, so I'm not planning on changing it. Question is whether or not the connect will succeed against https without the client certificate being presented
    – kayakpim
    Nov 8 at 13:06






  • 1




    SSL/TLS (and HTTPS) is not done at socket level, only TCP and IP is. Socket connect() to 443 succeeds or fails in the same fashion as any other TCP connection; if and after it succeeds some library like OpenSSL GnuTLS NSS etc. then implements SSL/TLS over the socket (using TCP) which may (as in your case) include client authentication using a certificate, and then HTTP on top of that giving HTTPS.
    – dave_thompson_085
    Nov 8 at 13:21












  • Thanks @dave_thompson_085 that was my understanding too, but it's not my area so was hoping to get that clarification. As the service is just a poll to see whether we have an active connection this should work well for http or https
    – kayakpim
    Nov 8 at 14:23










  • If you want to make this the answer, perhaps with a reference I'd be happy to accept it.
    – kayakpim
    Nov 8 at 14:24













up vote
0
down vote

favorite









up vote
0
down vote

favorite











I'm using an old cross platform mobile platform (Rhomobile) which supports an api call to detect if there is an available network connection. The source code is available and I can see when we do a call to detect connection we examine the results of the OS level system call to make a socket connection for a given url and port. This was working fine previously as our endpoint was http. We have now migrated this to https and are seeing some strange results. Call made will be



    struct addrinfo hints, *result = NULL, *ptr = NULL;
int sockfd = -1;
memset(&hints,0,sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
char szPortAsString[5 + 1];
snprintf(szPortAsString,5,"%d",m_iPort);
char* szHost = new char[m_szHost.length() + 1];
memset(szHost, 0, m_szHost.length() + 1);
strcpy(szHost, m_szHost.c_str());
int iResult = getaddrinfo(szHost, szPortAsString, &hints, &result);
...
sockfd = socket(ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol);
...
connect(sockfd, ptr->ai_addr, ptr->ai_addrlen);


and the port will be 443. What I was unclear about whether the connection will be accepted (we don't need to pass any data) across to an https endpoint which requires a client certificate to send/receive data.



Code can be found here: https://github.com/rhomobile/rhodes/blob/3f5cf6ffa90cf8c648ac19c954932d101fc56b42/lib/commonAPI/coreapi/ext/platform/android/jni/NetworkDetect.cpp










share|improve this question















I'm using an old cross platform mobile platform (Rhomobile) which supports an api call to detect if there is an available network connection. The source code is available and I can see when we do a call to detect connection we examine the results of the OS level system call to make a socket connection for a given url and port. This was working fine previously as our endpoint was http. We have now migrated this to https and are seeing some strange results. Call made will be



    struct addrinfo hints, *result = NULL, *ptr = NULL;
int sockfd = -1;
memset(&hints,0,sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
char szPortAsString[5 + 1];
snprintf(szPortAsString,5,"%d",m_iPort);
char* szHost = new char[m_szHost.length() + 1];
memset(szHost, 0, m_szHost.length() + 1);
strcpy(szHost, m_szHost.c_str());
int iResult = getaddrinfo(szHost, szPortAsString, &hints, &result);
...
sockfd = socket(ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol);
...
connect(sockfd, ptr->ai_addr, ptr->ai_addrlen);


and the port will be 443. What I was unclear about whether the connection will be accepted (we don't need to pass any data) across to an https endpoint which requires a client certificate to send/receive data.



Code can be found here: https://github.com/rhomobile/rhodes/blob/3f5cf6ffa90cf8c648ac19c954932d101fc56b42/lib/commonAPI/coreapi/ext/platform/android/jni/NetworkDetect.cpp







linux sockets ssl client-certificates rhodes






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 8 at 11:36

























asked Nov 8 at 11:12









kayakpim

8162822




8162822












  • What's wrong with just calling getaddrinfo( m_szHost.c_str(), ... );? All that new char; strcpy(), and hopefully a later delete are completely unnecessary. And don't post just links to code: "also include the code in your question itself"
    – Andrew Henle
    Nov 8 at 12:09












  • This code is in the framework, so I'm not planning on changing it. Question is whether or not the connect will succeed against https without the client certificate being presented
    – kayakpim
    Nov 8 at 13:06






  • 1




    SSL/TLS (and HTTPS) is not done at socket level, only TCP and IP is. Socket connect() to 443 succeeds or fails in the same fashion as any other TCP connection; if and after it succeeds some library like OpenSSL GnuTLS NSS etc. then implements SSL/TLS over the socket (using TCP) which may (as in your case) include client authentication using a certificate, and then HTTP on top of that giving HTTPS.
    – dave_thompson_085
    Nov 8 at 13:21












  • Thanks @dave_thompson_085 that was my understanding too, but it's not my area so was hoping to get that clarification. As the service is just a poll to see whether we have an active connection this should work well for http or https
    – kayakpim
    Nov 8 at 14:23










  • If you want to make this the answer, perhaps with a reference I'd be happy to accept it.
    – kayakpim
    Nov 8 at 14:24


















  • What's wrong with just calling getaddrinfo( m_szHost.c_str(), ... );? All that new char; strcpy(), and hopefully a later delete are completely unnecessary. And don't post just links to code: "also include the code in your question itself"
    – Andrew Henle
    Nov 8 at 12:09












  • This code is in the framework, so I'm not planning on changing it. Question is whether or not the connect will succeed against https without the client certificate being presented
    – kayakpim
    Nov 8 at 13:06






  • 1




    SSL/TLS (and HTTPS) is not done at socket level, only TCP and IP is. Socket connect() to 443 succeeds or fails in the same fashion as any other TCP connection; if and after it succeeds some library like OpenSSL GnuTLS NSS etc. then implements SSL/TLS over the socket (using TCP) which may (as in your case) include client authentication using a certificate, and then HTTP on top of that giving HTTPS.
    – dave_thompson_085
    Nov 8 at 13:21












  • Thanks @dave_thompson_085 that was my understanding too, but it's not my area so was hoping to get that clarification. As the service is just a poll to see whether we have an active connection this should work well for http or https
    – kayakpim
    Nov 8 at 14:23










  • If you want to make this the answer, perhaps with a reference I'd be happy to accept it.
    – kayakpim
    Nov 8 at 14:24
















What's wrong with just calling getaddrinfo( m_szHost.c_str(), ... );? All that new char; strcpy(), and hopefully a later delete are completely unnecessary. And don't post just links to code: "also include the code in your question itself"
– Andrew Henle
Nov 8 at 12:09






What's wrong with just calling getaddrinfo( m_szHost.c_str(), ... );? All that new char; strcpy(), and hopefully a later delete are completely unnecessary. And don't post just links to code: "also include the code in your question itself"
– Andrew Henle
Nov 8 at 12:09














This code is in the framework, so I'm not planning on changing it. Question is whether or not the connect will succeed against https without the client certificate being presented
– kayakpim
Nov 8 at 13:06




This code is in the framework, so I'm not planning on changing it. Question is whether or not the connect will succeed against https without the client certificate being presented
– kayakpim
Nov 8 at 13:06




1




1




SSL/TLS (and HTTPS) is not done at socket level, only TCP and IP is. Socket connect() to 443 succeeds or fails in the same fashion as any other TCP connection; if and after it succeeds some library like OpenSSL GnuTLS NSS etc. then implements SSL/TLS over the socket (using TCP) which may (as in your case) include client authentication using a certificate, and then HTTP on top of that giving HTTPS.
– dave_thompson_085
Nov 8 at 13:21






SSL/TLS (and HTTPS) is not done at socket level, only TCP and IP is. Socket connect() to 443 succeeds or fails in the same fashion as any other TCP connection; if and after it succeeds some library like OpenSSL GnuTLS NSS etc. then implements SSL/TLS over the socket (using TCP) which may (as in your case) include client authentication using a certificate, and then HTTP on top of that giving HTTPS.
– dave_thompson_085
Nov 8 at 13:21














Thanks @dave_thompson_085 that was my understanding too, but it's not my area so was hoping to get that clarification. As the service is just a poll to see whether we have an active connection this should work well for http or https
– kayakpim
Nov 8 at 14:23




Thanks @dave_thompson_085 that was my understanding too, but it's not my area so was hoping to get that clarification. As the service is just a poll to see whether we have an active connection this should work well for http or https
– kayakpim
Nov 8 at 14:23












If you want to make this the answer, perhaps with a reference I'd be happy to accept it.
– kayakpim
Nov 8 at 14:24




If you want to make this the answer, perhaps with a reference I'd be happy to accept it.
– kayakpim
Nov 8 at 14:24

















active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














 

draft saved


draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53206581%2fshould-connect-system-call-succeed-over-https-port-443%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown






























active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes
















 

draft saved


draft discarded



















































 


draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53206581%2fshould-connect-system-call-succeed-over-https-port-443%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Guess what letter conforming each word

Port of Spain

Run scheduled task as local user group (not BUILTIN)