Https tcpstream

Monkey Forums/Monkey Programming/Https tcpstream

blabz(Posted 2013) [#1]
Is it possible to use https along with tcpstream?

I can't seem to get it to work

#If TARGET<>"glfw" And TARGET<>"android" And TARGET<>"ios" And TARGET<>"stdcpp"
#Error "Invalid target!"
#Endif

Import brl.tcpstream

Function Main()

	Local stream:=New TcpStream
	
	If Not stream.Connect( "https://www.facebook.com/index.php",443 )
		Print "Failed to connect!"
		Return
	Endif
	
	Print "Connected!"
	
	stream.WriteLine "GET / HTTP/1.0"
	stream.WriteLine "Host: www.monkeycoder.co.nz"
	stream.WriteLine ""
	
	While Not stream.Eof()
		Local line:=stream.ReadLine()
		Print line
	Wend
	
	stream.Close
	
	Print "BYE!!!!"

End



Soap(Posted 2013) [#2]
Bumping this because we need to be able to work with https links. Any ideas?


marksibly(Posted 2013) [#3]
Just had a look into this...and SSL is *very* complex. Probably not helped by my complete lack of SSL knowledge though.

As far as I can work out, the C++ version will need to link with a massive, complex lib like OpenSLL or NSS, and you will need to generate 'certificates' for your apps via 'certificate authorities' etc(?).

Things might be easier on the Java front, and I'm sure Win8 has it's own 'unique' way of doing things - haven't even really looked at these.

All in all, I would need to do a lot more research into this before I could even begin to guess when it might - if ever - happen.

If anyone has any advice on this topic - or links to tutorials etc - I'm all ears!


skid(Posted 2013) [#4]
IMHO only HttpRequest should support https.

The hand rolled implementations in brl.native need to be replaced with calls to the system implementation on each platform.

I have html5 and xna implementations of the Monkey HttpRequest object and both were trivial and both support https without any difficulty and I'm hoping the same is true for all the other Monkey targets.


marksibly(Posted 2013) [#5]
It's C++ that's the kicker - we'll probably need to use some kind of 3rd party lib.

Had a quick look at OpenSSL and Mozilla NSS, but both are gonna take a while to get my head around.

There may be a usable HttpRequest lib out there too, but it'll need to work on WIn/Mac/Linux.

Not sure what the WIn8 situation is.


Soap(Posted 2013) [#6]
It's not well known to me either. HTTPS is desirable for game authentication to be secure. Even with using hashing it's not ideal to have that stuff go as plain text over any network. Having HTTPS support would be attractive for commercial developers.

Maybe not all links here are relevant.

http://www.wireshark.org/ and http://fiddler2.com/ would both help for debugging this

Most needed:
Android
iOS
HTML5
C++/GLFW

Less needed:
Flash
PSM
XNA
Win8/Phone


C++ does seem like it would be the most troubling.

http://curl.haxx.se/libcurl/c/https.html Might be the best bet?

http://curl.haxx.se/docs/manpage.html

http://curl.haxx.se/ca/cacert.pem

http://lacewing-project.org/

http://msdn.microsoft.com/en-us/library/windows/desktop/aa384076(v=vs.85).aspx

http://www.boost.org/doc/libs/1_49_0/doc/html/boost_asio/example/ssl/client.cpp

HTML5 is the easy one.

XNA/Win8/Phone stuff you would use WebClient and it would just work http://msdn.microsoft.com/en-us/library/system.net.webclient.aspx

WebClient wc = new WebClient();
wc.DownloadStringCompleted;
wc.DownloadStringAsync(new Uri("https://domain.com"));


XNA 360 games are not allowed net access.

Android

http://stackoverflow.com/a/2253280/1599404

http://stackoverflow.com/a/3998257/1599404

iOS + OS X

https://github.com/AFNetworking/AFNetworking

http://goo.gl/yJn8f

PSM has a HTTP example in \PSM\sample\Network\HttpSample and I'm pretty sure it works with HTTPS

Flash may work as is? maybe not. needs some changes to the hosted crossdomain.xml files if the swf is not on the same domain as the script it is talking to with SSL

http://kb2.adobe.com/cps/142/tn_14213.html

https://github.com/gabriel/as3httpclient


CopperCircle(Posted 2013) [#7]
I got SKN3 to make an SSL compatiable httppost module that supports iOS/Android and WP8, may be worth look at that...


skid(Posted 2013) [#8]
I still think handrolling c++ implementation is not going to work and best practise is to use platform supplied HTTPRequest libraries:

Apple - NSURLRequest
Windows8 - IXMLHTTPRequest2
Windows - WinHTTP
Linux - LibCurl


AdamRedwoods(Posted 2013) [#9]
IMHO, i think this particular cpp module should be contracted out to someone. leverage someone else's skills.


marksibly(Posted 2013) [#10]
Apple - NSURLRequest
Windows8 - IXMLHTTPRequest2
Windows - WinHTTP
Linux - LibCurl 


Looks good!

Had a hack at this today and got SSL friendly HttpRequest going on ios and android pretty easily. Well, I think - it can at least load https://www.google.com.

I was hoping I could avoid writing 'custom code' for each desktop OS target, but it's probably the easiest way for now - ie: use WinHTTP on windows and LibCurl (eventually - this might be a longer term goal) on Linux. Fortunately, the ios code should just work on macosx as is.

Theoretically, LibCurl should work on all desktop targets, but even then, the http APIs will probably be tidier and more compact anyway.


Amon(Posted 2013) [#11]
@markSibly

I have faith in you that you will succeed Obi-Wan Markobi. May the trans be with you.

Messing about aside, this will be a nice addition to monkey when finished. I can definitely see scenarios when I would need to use something like this for example uploading player high-scores to a webserver, collecting user registration data for a database on my webserver etc..


Zurrr(Posted 2013) [#12]

I have faith in you that you will succeed Obi-Wan Markobi. May the trans be with you.



;) nice


Sub_Zero(Posted 2013) [#13]
marksibly: For openssl i found this tutorial (by ibm) to be very useful, it should cover all you need to know:

http://www.ibm.com/developerworks/library/l-openssl/index.html

You'll have to search google for the remaining parts of the tutorial


Soap(Posted 2014) [#14]
Bumping again because this is important.

http://www.monkeycoder.co.nz/docs/html/Programming_Resource%20paths.html

***** V72b *****

Implemented custom https friendly HttpRequest for android, ios, win8, html5, flash.


It looks like official HTTPS support was added to some targets? That's great! I had not noticed before. :) Would be good to add to the docs which ones support HTTPS and which do not. We're about to implement Steamworks into a monkey game and I think GLFW not supporting LoadImage would mean online avatars would be not possible to load... I remember there being a working way to load external images though. Will have to check. Async loading is important too so it doesn't look the game freezes.

No GLFW? Without HTTPS it means it's not safe to allow user login/auth on desktop games. It is a serious limitation. It's insane to not support or even force HTTPS on web services. If they are not popular they can stay under the radar, but that doesn't mean it isn't a security vulnerability. If your web service is using HTTPS only it means clients must be able to use it too. Any coffee shop / lan party where you authenticated could see your account hijacked.


Raph(Posted 2014) [#15]
Years ago on a Bmax project we implemented this with curl for desktop targets and it only took a pretty small DLL to make it work.

A while later brucey did a libcurl module...


Paul - Taiphoz(Posted 2017) [#16]
so was this ever done for glfw ? I could really use it about now . did anyone manage it? Mark ?