SSLObject
by CdnGater · 11/27/2005 (10:48 pm) · 7 comments
Download Code File
What is SSLObject
--------------
SSLObject is a TGEScript extension that provides secure connections over the TCP protocol. It is based on the free library OpenSSL, and provides the security the Secure Socket Layer has to offer with a great ease in its use.
The first goal of SSLObject is to make available a simple implementation of the SSL for applications which needs network security, authentication issues or simply some criptography. With SSLObject, you won't need to master all the OpenSSL api to make secure connections over the internet.
The code is yet in an alpha stage, but it has been tested over Windows.
SSLObject is heavly based on the work done by 'Mauricio Oliveira Carneiro' for LuaSSL.
What You Can't Do With SSLObject
-----------------------------
As SSLObject is a simplification of the OpenSSL API, there are some things that can't be done with SSLObject. Here is a brief list of what SSLObject can't do:
Multiple sessions.
Non-Blocking I/O.
Command line encrypting/decrypting.
Generation of keys (Private/Public).
Some of these features were not implemented just for the sake of simplicity (multiple sessions and non-blocking I/O). The others are not intended to be in the SSLObject package, since it's not a general crypto library like OpenSSL, it just handles the SSL connections part of OpenSSL. For the command line tool, you can use the OpenSSL one.
Installation
------------
First of all, you'll need OpenSSL 0.9.6 or higher installed on your machine from www.openssl.org
Download and build OpenSSL as instructed for Windows
copy the openssl libraries and DLLS from openssl-0.9.8a/out32dll to lib/opensll (Don't forget to copy the DLLS to the directory where your EXE resides)
copy the openssl directory found in openssl-0.9.8a/inc32 to lib/openssl
Project Changes
---------------
Add ../lib/openssl to the additional include directories of the compiler
Add ../lib/openssl/ssleay32.lib ../lib/openssl/libeay32.lib to the library modules of the linker
Code Changes
------------
console/simBase.cc
console/simBase.h
console/simManager.cc
New Files
---------
Add sslObject.cc and sslObject.h to the game/net directory, add them to the appropriate place in your project
DEMO
----
I have inclued ssl_client.cs, ssl_server.cs and keys as simple demos of SSLObject.
start torque using the respective files as a parameter to run each of the demos.
Building Keys
-------------
sslObject does not build keys, you have to use the openSSl. Below is the example I used to generate the keys for this test
Comments and requests about what should be implemented are very welcome!
[Edit] Added spaces to ssl code above, was hard to read
What is SSLObject
--------------
SSLObject is a TGEScript extension that provides secure connections over the TCP protocol. It is based on the free library OpenSSL, and provides the security the Secure Socket Layer has to offer with a great ease in its use.
The first goal of SSLObject is to make available a simple implementation of the SSL for applications which needs network security, authentication issues or simply some criptography. With SSLObject, you won't need to master all the OpenSSL api to make secure connections over the internet.
The code is yet in an alpha stage, but it has been tested over Windows.
SSLObject is heavly based on the work done by 'Mauricio Oliveira Carneiro' for LuaSSL.
What You Can't Do With SSLObject
-----------------------------
As SSLObject is a simplification of the OpenSSL API, there are some things that can't be done with SSLObject. Here is a brief list of what SSLObject can't do:
Multiple sessions.
Non-Blocking I/O.
Command line encrypting/decrypting.
Generation of keys (Private/Public).
Some of these features were not implemented just for the sake of simplicity (multiple sessions and non-blocking I/O). The others are not intended to be in the SSLObject package, since it's not a general crypto library like OpenSSL, it just handles the SSL connections part of OpenSSL. For the command line tool, you can use the OpenSSL one.
Installation
------------
First of all, you'll need OpenSSL 0.9.6 or higher installed on your machine from www.openssl.org
Download and build OpenSSL as instructed for Windows
copy the openssl libraries and DLLS from openssl-0.9.8a/out32dll to lib/opensll (Don't forget to copy the DLLS to the directory where your EXE resides)
copy the openssl directory found in openssl-0.9.8a/inc32 to lib/openssl
Project Changes
---------------
Add ../lib/openssl to the additional include directories of the compiler
Add ../lib/openssl/ssleay32.lib ../lib/openssl/libeay32.lib to the library modules of the linker
Code Changes
------------
console/simBase.cc
ImplementNamedGroup(TCPGroup) ImplementNamedGroup(SSLGroup) << Add this
console/simBase.h
DeclareNamedGroup(TCPGroup) DeclareNamedGroup(SSLGroup) << Add this
console/simManager.cc
InstantiateNamedGroup(TCPGroup); InstantiateNamedGroup(SSLGroup); << Add this
New Files
---------
Add sslObject.cc and sslObject.h to the game/net directory, add them to the appropriate place in your project
DEMO
----
I have inclued ssl_client.cs, ssl_server.cs and keys as simple demos of SSLObject.
start torque using the respective files as a parameter to run each of the demos.
Building Keys
-------------
sslObject does not build keys, you have to use the openSSl. Below is the example I used to generate the keys for this test
openssl req -newkey rsa:1024 -sha1 -keyout keys/rootkey.pem -out keys/rootreq.pem -config keys/root.cnf openssl x509 -req -in keys/rootreq.pem -sha1 -extfile keys/root.cnf -extensions certificate_extensions -signkey keys/rootkey.pem -out keys/rootcert.pem cat keys/rootcert.pem keys/rootkey.pem > keys/root.pem openssl req -newkey rsa:1024 -sha1 -keyout keys/serverCAkey.pem -out keys/serverCAreq.pem -config keys/serverCA.cnf openssl x509 -req -in keys/serverCAreq.pem -sha1 -extfile keys/serverCA.cnf -extensions certificate_extensions -CA keys/root.pem -CAkey keys/root.pem -CAcreateserial -out keys/serverCAcert.pem cat keys/serverCAcert.pem keys/serverCAkey.pem keys/rootcert.pem > keys/serverCA.pem openssl req -newkey rsa:1024 -sha1 -keyout keys/serverkey.pem -out keys/serverreq.pem -config keys/server.cnf -reqexts req_extensions openssl x509 -req -in keys/serverreq.pem -sha1 -extfile keys/server.cnf -extensions certificate_extensions -CA keys/serverCA.pem -CAkey keys/serverCA.pem -CAcreateserial -out keys/servercert.pem cat keys/servercert.pem keys/serverkey.pem keys/serverCAcert.pem keys/rootcert.pem > keys/server.pem openssl req -newkey rsa:1024 -sha1 -keyout keys/clientkey.pem -out keys/clientreq.pem -config keys/client.cnf -reqexts req_extensions openssl x509 -req -in keys/clientreq.pem -sha1 -extfile keys/client.cnf -extensions certificate_extensions -CA keys/root.pem -CAkey keys/root.pem -CAcreateserial -out keys/clientcert.pem cat keys/clientcert.pem keys/clientkey.pem keys/rootcert.pem > keys/client.pem openssl dhparam -check -text -5 512 -out keys/dh512.pem openssl dhparam -check -text -5 1024 -out keys/dh1024.pem
Comments and requests about what should be implemented are very welcome!
[Edit] Added spaces to ssl code above, was hard to read
About the author
#2
11/28/2005 (12:30 am)
Yes, very nice resource. TDN needs submissions like this =)
#3
Very nice, I'll be testing ASAP.
Ari
11/28/2005 (10:29 am)
Hell, the concept alone is refreshing.Very nice, I'll be testing ASAP.
Ari
#4
A) I need to be an SDK owner to view pages. (I own all the SDKs at this point)
B) I need to login (for the hundredth time)
C) The search function works, as well as the google site search function.
Other than that TDN seems like it is a great effort. Too buggy at the moment though, I would hate to be attempting to post a resource that takes an hour or two to write up and get any of those messages.
11/30/2005 (6:59 am)
@Josh, I'll post on TDN when I can successfully navigate TDN without being told that A) I need to be an SDK owner to view pages. (I own all the SDKs at this point)
B) I need to login (for the hundredth time)
C) The search function works, as well as the google site search function.
Other than that TDN seems like it is a great effort. Too buggy at the moment though, I would hate to be attempting to post a resource that takes an hour or two to write up and get any of those messages.
#5
12/02/2005 (12:20 pm)
I second Dreamers comments on TDN. I don't want to 'study' and obtain a TDN degree before before posting there. I just don't have the time.
#6
12/02/2005 (12:21 pm)
@Simon, great idea. I have not tested it yet but have bookmarked it for when the time comes.
#7
This is an incredibly useful resource BTW!
02/25/2008 (9:20 am)
How does the security of this resource compare to that of an HTTPS web page?This is an incredibly useful resource BTW!

Torque Owner Josh Williams
Default Studio Name