SSL sockets - Forum - OpenEdge General - Progress Community
 Forum

SSL sockets

  • My problem might look stupid, but I'm a newbie in that area. I'm trying to implement a SSL server on .NET Platform with an ABL client.The problem is that I can't authenticate a SSL ABL client. What certificate should I use by default to allow my SSL server to authenticate a client.

    The code of my client is as follows:

    DEFINE VARIABLE h_socket AS HANDLE      NO-UNDO.
    CREATE SOCKET h_socket.

    h_socket:CONNECT("-H localhost -S 10010 -ssl ").

    DEFINE VARIABLE mText AS LONGCHAR    NO-UNDO INIT "Test string".
    DEFINE VARIABLE mData AS MEMPTR      NO-UNDO.

    COPY-LOB mText TO mData NO-CONVERT.

    h_socket:WRITE(mData,1,GET-SIZE(mData)).

    The code of my server

    static void SslListener()
    {
        var server = new TcpListener(IPAddress.Any, 10010);
        server.Start();
        var client = server.AcceptTcpClient();
        byte[] data = new byte[1024];
        var stream = new SslStream(client.GetStream());

        if (AutheticateSslStream(stream) != null)
        {
            int read = stream.Read(data, 0, 1024);
            Console.WriteLine(Encoding.Default.GetString(data, 0, read));
        }
        client.Close();
        server.Stop();
    }

    private static X509Certificate AutheticateSslStream(SslStream stream)
    {
        X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
        store.Open(OpenFlags.ReadOnly);

        foreach (X509Certificate cert in store.Certificates)
        {
            // Use all PROGRESS certificates but without any luck     
            if (cert.Issuer.StartsWith("CN=Progress"))
            {
                try
                {

                    stream.AuthenticateAsServer(cert);
                    return cert;
                }
                catch
                {
                }
            }
        }
        return null;
    }

    Thanks in advance

  • Sergey,

    I'm sorry to tell you that OpenEdge does not support the optional SSL/TLS client authentication.

    You will have to find another way to connect to your server.