Https tcpstream
Monkey Forums/Monkey Programming/Https tcpstream
| ||
Is it possible to use https along with tcpstream? I can't seem to get it to work #If TARGET<>"glfw" And TARGET<>"android" And TARGET<>"ios" And TARGET<>"stdcpp" #Error "Invalid target!" #Endif Import brl.tcpstream Function Main() Local stream:=New TcpStream If Not stream.Connect( "https://www.facebook.com/index.php",443 ) Print "Failed to connect!" Return Endif Print "Connected!" stream.WriteLine "GET / HTTP/1.0" stream.WriteLine "Host: www.monkeycoder.co.nz" stream.WriteLine "" While Not stream.Eof() Local line:=stream.ReadLine() Print line Wend stream.Close Print "BYE!!!!" End |
| ||
Bumping this because we need to be able to work with https links. Any ideas? |
| ||
Just had a look into this...and SSL is *very* complex. Probably not helped by my complete lack of SSL knowledge though. As far as I can work out, the C++ version will need to link with a massive, complex lib like OpenSLL or NSS, and you will need to generate 'certificates' for your apps via 'certificate authorities' etc(?). Things might be easier on the Java front, and I'm sure Win8 has it's own 'unique' way of doing things - haven't even really looked at these. All in all, I would need to do a lot more research into this before I could even begin to guess when it might - if ever - happen. If anyone has any advice on this topic - or links to tutorials etc - I'm all ears! |
| ||
IMHO only HttpRequest should support https. The hand rolled implementations in brl.native need to be replaced with calls to the system implementation on each platform. I have html5 and xna implementations of the Monkey HttpRequest object and both were trivial and both support https without any difficulty and I'm hoping the same is true for all the other Monkey targets. |
| ||
It's C++ that's the kicker - we'll probably need to use some kind of 3rd party lib. Had a quick look at OpenSSL and Mozilla NSS, but both are gonna take a while to get my head around. There may be a usable HttpRequest lib out there too, but it'll need to work on WIn/Mac/Linux. Not sure what the WIn8 situation is. |
| ||
It's not well known to me either. HTTPS is desirable for game authentication to be secure. Even with using hashing it's not ideal to have that stuff go as plain text over any network. Having HTTPS support would be attractive for commercial developers. Maybe not all links here are relevant. http://www.wireshark.org/ and http://fiddler2.com/ would both help for debugging this Most needed: Android iOS HTML5 C++/GLFW Less needed: Flash PSM XNA Win8/Phone C++ does seem like it would be the most troubling. http://curl.haxx.se/libcurl/c/https.html Might be the best bet? http://curl.haxx.se/docs/manpage.html http://curl.haxx.se/ca/cacert.pem http://lacewing-project.org/ http://msdn.microsoft.com/en-us/library/windows/desktop/aa384076(v=vs.85).aspx http://www.boost.org/doc/libs/1_49_0/doc/html/boost_asio/example/ssl/client.cpp HTML5 is the easy one. XNA/Win8/Phone stuff you would use WebClient and it would just work http://msdn.microsoft.com/en-us/library/system.net.webclient.aspx WebClient wc = new WebClient(); wc.DownloadStringCompleted; wc.DownloadStringAsync(new Uri("https://domain.com")); XNA 360 games are not allowed net access. Android http://stackoverflow.com/a/2253280/1599404 http://stackoverflow.com/a/3998257/1599404 iOS + OS X https://github.com/AFNetworking/AFNetworking http://goo.gl/yJn8f PSM has a HTTP example in \PSM\sample\Network\HttpSample and I'm pretty sure it works with HTTPS Flash may work as is? maybe not. needs some changes to the hosted crossdomain.xml files if the swf is not on the same domain as the script it is talking to with SSL http://kb2.adobe.com/cps/142/tn_14213.html https://github.com/gabriel/as3httpclient |
| ||
I got SKN3 to make an SSL compatiable httppost module that supports iOS/Android and WP8, may be worth look at that... |
| ||
I still think handrolling c++ implementation is not going to work and best practise is to use platform supplied HTTPRequest libraries: Apple - NSURLRequest Windows8 - IXMLHTTPRequest2 Windows - WinHTTP Linux - LibCurl |
| ||
IMHO, i think this particular cpp module should be contracted out to someone. leverage someone else's skills. |
| ||
Apple - NSURLRequest Windows8 - IXMLHTTPRequest2 Windows - WinHTTP Linux - LibCurl Looks good! Had a hack at this today and got SSL friendly HttpRequest going on ios and android pretty easily. Well, I think - it can at least load https://www.google.com. I was hoping I could avoid writing 'custom code' for each desktop OS target, but it's probably the easiest way for now - ie: use WinHTTP on windows and LibCurl (eventually - this might be a longer term goal) on Linux. Fortunately, the ios code should just work on macosx as is. Theoretically, LibCurl should work on all desktop targets, but even then, the http APIs will probably be tidier and more compact anyway. |
| ||
@markSibly I have faith in you that you will succeed Obi-Wan Markobi. May the trans be with you. Messing about aside, this will be a nice addition to monkey when finished. I can definitely see scenarios when I would need to use something like this for example uploading player high-scores to a webserver, collecting user registration data for a database on my webserver etc.. |
| ||
I have faith in you that you will succeed Obi-Wan Markobi. May the trans be with you. ;) nice |
| ||
marksibly: For openssl i found this tutorial (by ibm) to be very useful, it should cover all you need to know: http://www.ibm.com/developerworks/library/l-openssl/index.html You'll have to search google for the remaining parts of the tutorial |
| ||
Bumping again because this is important. http://www.monkeycoder.co.nz/docs/html/Programming_Resource%20paths.html ***** V72b ***** Implemented custom https friendly HttpRequest for android, ios, win8, html5, flash. It looks like official HTTPS support was added to some targets? That's great! I had not noticed before. :) Would be good to add to the docs which ones support HTTPS and which do not. We're about to implement Steamworks into a monkey game and I think GLFW not supporting LoadImage would mean online avatars would be not possible to load... I remember there being a working way to load external images though. Will have to check. Async loading is important too so it doesn't look the game freezes. No GLFW? Without HTTPS it means it's not safe to allow user login/auth on desktop games. It is a serious limitation. It's insane to not support or even force HTTPS on web services. If they are not popular they can stay under the radar, but that doesn't mean it isn't a security vulnerability. If your web service is using HTTPS only it means clients must be able to use it too. Any coffee shop / lan party where you authenticated could see your account hijacked. |
| ||
Years ago on a Bmax project we implemented this with curl for desktop targets and it only took a pretty small DLL to make it work. A while later brucey did a libcurl module... |
| ||
so was this ever done for glfw ? I could really use it about now . did anyone manage it? Mark ? |