Notice: Any messages purporting to come from this site telling you that your password has expired, or that you need to verify your details, confirm your email, resolve issues, making threats, or asking for money, are
spam. We do not email users with any such messages. If you have lost your password you can obtain a new one by using the
password reset link.
Due to spam on this forum, all posts now need moderator approval.
Entire forum
➜ MUSHclient
➜ Suggestions
➜ SSL support
It is now over 60 days since the last post. This thread is closed.
Refresh page
| Posted by
| Castamir
(2 posts) Bio
|
| Date
| Sat 21 Jun 2008 03:23 AM (UTC) |
| Message
| No one uses stunnel, ever, no matter how much you preach about security. I found out that only making SSL a setting in the client helped.
While I'm competition to mushclient (ok, ok, on different turf), I think it'd be better if I donated the SSL support (via GnuTLS).
The biggest part, SSL negotiation, is in
http://angband.pl/svn/kbtin/trunk/ssl.c
You can use just the first function, however, that would leave a gaping security hole (same as using stunnel the way you mention in the examples!!!). Mere SSL without certificate retention protects just against passively sniffing, someone who has access to a machine in between can h4x0r you with nothing but several lines of stunnel config...
The code from KBtin stores certificates in $HOMEDIR/.tintin/ssl/ -- for mushclient you'll probably want some other place, especially that $HOMEDIR is meaningless on Windows.
To actually use the negotiated connection, you'd use:
static int read_socket(struct session *ses, char *buffer, int len)
{
int ret;
if (ses->ssl)
{
do
{
ret=gnutls_record_recv(ses->ssl, buffer, len);
} while (ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN);
return ret;
}
else
return read(ses->socket, buffer, len);
}
int write_socket(struct session *ses, char *buffer, int len)
{
int ret;
if (ses->ssl)
{
ret=gnutls_record_send(ses->ssl, buffer, len);
while (ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN)
ret=gnutls_record_send(ses->ssl, 0, 0);
return ret;
}
else
return write(ses->socket, buffer, len);
}
| | Top |
|
| Posted by
| Nick Gammon
Australia (23,169 posts) Bio
Forum Administrator |
| Date
| Reply #1 on Sat 21 Jun 2008 04:36 AM (UTC) |
| Message
| | Thanks for the info. Out of curiosity, how many servers support it? Without server support, adding it to the client doesn't do much. |
- Nick Gammon
www.gammon.com.au, www.mushclient.com | | Top |
|
| Posted by
| StuDraKi
Germany (17 posts) Bio
|
| Date
| Reply #2 on Sat 21 Jun 2008 01:48 PM (UTC) |
| Message
| In know at least 2 german muds based on LPmuds, which are accepting SSL connections. They are also providing a stunnel proxy for the clients, so my host settings connect to localhost and is only working, if i don't forget the stunnel before.
I made a search on some differnt mud lists (like mudconnector) but only 7 muds are telling about this. But lesson learned here is, that not all features are communicated to the mud lists... | | Top |
|
The dates and times for posts above are shown in Universal Co-ordinated Time (UTC).
To show them in your local time you can join the forum, and then set the 'time correction' field in your profile to the number of hours difference between your location and UTC time.
14,666 views.
It is now over 60 days since the last post. This thread is closed.
Refresh page
![[Go to top]](/images/gototop.gif)
top