InterprocessConnection and SSL


#1

Hi,
I’m currently working on a project where I have a client app that needs to communicate with an app on my webserver via sockets. I’m using the InterprocessConnection/Server classes and it works fine but I need this communication to be secure. Since I’ve found nothing regarding SSL coming with the juce library, I wonder if anybody has an idea how to implement a secure connection for a juce based app.

I like the simplicity of the InterprocessConnection classes and I’d like to avoid integrating other commercial libraries for this purpose. So maybe someone has already implemented secure connections using sockets and could share some knowledge, or someone knows a platform independent (and hopefully lightweighted) open source c++ library that can handle secure connections.

Any help appreciated.
Thanks


#2

I have not used JUCE networking stuff at all but I suppose it is really easy to use. But I recommend to try some third party lib for more advanced networking such as SSL.

I use CURL, but there are probably others.


#3

There’s lots of sockets around. For Apache I like XAMMP which has SSL. OpenSSL is popular.

But It’s the certificates that are often a question. They expire after a year or two, usually, then they have to be replaced at both ends.


#4

If you only need to send a few simple messages you could always roll your own encryption with the RSAKey and blowfish classes…


#5

Yes those are really excellent for encryption.

Authentication is more complicated, I guess it all depends on your level and direction of trust. Bank of America invented an interesting idea here in the USA, during the first secure exchange it presents a picture and asks you to send in a phrase that you associate with the picture. Then subsequently after connecting securely, it asks you to ratify the picture and phrase are the same before proceeding deeper into the site. So, after a trusted initial exchange, that makes it easier for us clients to authenticate it really is the bank we’re seeing.


#6

Thanks for your replies.
Basically I need a client - server communication for updating locally installed apps, exchanging license keys, login to user accounts and so on. Therefore the communication should be encrypted, but the performance has to be good enough to handle several users being connected to the server side app at the same time (and although it’s definetly not likely at the moment, maybe sometime it must handle several hundreds of users at the same time without the need of being completely rewritten). The server side should also have some mechanisms to deal with port flooding and similar attacks.
I’d really like to use the InterprocessConnection classes but I doubt they were design for this kind of task - correct me if I’m wrong.

Right now I’m thinking about to go with “boost.asio” in combination with the “openSSL” library.
What do you think about it? Someone any experience with this libraries?
Thanks


#7

So the “Server” is not on the same network as the client(s)?


#8

No, the server application is running on a real web server and the client application is running on several random end user machine.


#9

openssl on windows leaks memory, gnutls depends on so many things that it’s hard to get i to run. there is a library called gloox that uses windows native SSL/TLS stuff (yes it’s there) its opensource so you can look at how this is done. curl is good idea, it was for me. also ssl gives a lot of trash on the wire, if you want to stream some audio data over ssl connection youll get problems.


#10

Wow! How did you get the interprocess connection stuff to work?

In any case… Take a look at gSaop, this library is very efficient and it is a steal if you want to make commercial apps. All gSoap needs is a WDSL (Web Service Definition Language) file, and it will generate C++ code for you. It also works very well with OpenSSL, and JUCE!


#11

Did you try it with the Shining Light Productions version?


#12

it doesn’t matter witch version u use (yes i tried that version and i did my own build) i leaks memory always (at least with curl). it’s a known problem.


#13

curl is a good idea.

If you’re just needing to set up secure communications with known machines, VPNs provide alot more features, and don’t require writing custom client code.