Archive

Archive for October, 2014

DTime+ v3.10

October 26, 2014 Comments off

Just to let everyone know that v3.10 of DTime+ has been released. Updates for this version include:

  • Updated copyright details.
  • The classes and test app have been updated to require VC 2008 or later.
  • Fix arithmetic bugs in a number of the CLDate::Set methods related to the calculation of m_nSeconds.
  • Updated code to clean compile with /analyze.
  • CJulianGregorianHolidays::StStephensDays has been renamed to StStephensDay.
  • Made improvements to the HewbrewOccurencesInGregorianYear method including use of std::vector for collection array.
  • Made improvements to the MoslemOccurencesInGregorianYear method including use of std::vector for collection array.
  • Addition of a number of new methods in the CJulianGregorianHolidays class including CanandaThanksgivingDay & EasterMonday.
  • Updated the test app to run more tests on the various DTime+ classes.
  • Fixed a bug in CLTimeOfDay::GetAMPMString related to when PM kicks in.
  • Fix arithmetic bugs in CLDate::GetCDate. Thanks to Zhen-dong Chen for reporting these issues.
  • Fix arithmetic bugs in CLDate::GetCLTimeOfDay. Thanks to Zhen-dong Chen for reporting these issues.
  • The sample app now generates the file for testing MFC persistance in the temp directory to avoid UAC access denied issues on the root directory of the C drive.
Categories: Web Site Updates

SSLWrappers v1.01

October 24, 2014 Comments off

Just to let everyone know that v1.01 of SSLWrappers has been released. Updates for this version include:

  • Full review and update of the documentation for incorrect links etc.
Categories: Web Site Updates

SSLWrappers v1.0

October 22, 2014 Comments off

Just to let everyone know that v1.0 of SSLWrappers has been released. This is a set of C++ classes to provide a complete C++ encapsulation of the SSL functionality exposed on Windows via the Schannel Security Service Provider Interface (SSPI).

Some references which you should read if you want to understand more about SSL, SSPI and Schannel are as follows:

The classes provided are: SSLWrappers::CCredentials, SSLWrappers::CContext, SSLWrappers::CMessage, SSLWrappers::CSSL & SSLWrappers::CSocket.

CCredentials provides a class based encapsulation of a SSL Credentials handle as represented by a CredHandle.

CContext provides a class based encapsulation of a SSL Security context as represented by a CtxtHandle.

CMessage provides a class based encapsulation of a logical SSL message as returned by CSSL::GetMessage.

CSSL is the most complex class provided by the class framework and implements all the required logic to do client and server SSL handshakes, reading and writing SSL messages, requesting SSL renegotiations, handling SSL renegotiations and sending SSL close notify messages. This class is transport mechanism agnostic meaning that you can implement SSL over any transport by overriding specific virtual methods of this class.

CSocket is derived from CSSL and provides a concrete SSL implementation over Windows sockets.

 

Features

  • Provides one C++ Header only module to encapsulate all of the Schannel SSL functionality on Windows.
  • Should make it easier to use all the Windows SSL support from C++ going forward with automatic Resource Acquisition Is Initialization (RAII) resource management and encapsulation of the truly complicated logic required to be coded to support SSL via Schannel.
  • A complete demo implementation of a HTTPS client and server using SSLWrappers is provided. This demonstrates all the features in a easy to follow manner which you should be able to incorporate into your applications.    

Copyright

  • You are allowed to include the source code in any product (commercial, shareware, freeware or otherwise) when your product is released in binary form.
  • You are allowed to modify the source code in any way you want except you cannot modify the copyright details at the top of each module.
  • If you want to distribute source code with your application, then you are only allowed to distribute versions released by the author. This is to maintain a single distribution point for the source code.

Usage

  • To use the various SSLWrappers classes in your project simply #include "SSLWrappers.h" in which ever of the modules in your application requires the SSL functionality. The header file will look after pulling in any dependent header files and linking to the relevant Windows DLLs.
  • The classes are only supported on VC 2013 or later.
  • Included in the download is a VC 2013 console based application which exercises all of the various classes functionality by implemented a demo HTTPS client and server with full demonstration of all features in SSLWrappers including requesting client and server renegotiations, handling client and server renegotiations, sample certificate handling and custom certificate verification on the client and server side of the demo.
  • To make the SSLWrappers easier to code, the classes make use of the author’s CryptoWrappers class framework for the carious certificate and certificate store functionality which it needs. You will need to download this from http://www.naughter.com/cryptowrappers.html and copy in all the CryptoWrappers*.h files into the same directory as where you have SSLWrappers.h located.
  • To compile the demo application you will also need to download the author’s CWSocket wrapper classes from http://www.naughter.com/w3mfc.html and copy them into the same demo application directory.
  • The steps to implementing a SSL client using the SSLWrappers classes are as follows:
    • Create your socket connection to the server as you would do with a standard unencrypted socket application. If you are using the author’s CWSocket wrapper (which the sample app provided with SSLWrapper does) then you would create a CWSocket instance and then call CreateAndConnect to create the socket and connect to the server in one step.
    • You then should create a SSLWrappers::CSocket instance or a derived version of the same. You might also then want to customize some of the behavior of this class. For example you might want to call CSSL::SetVerifyServerCertificate if you wanted to do manual verification of the server certificate or CSocket::SetReadTimeout or CSocket::SetWriteTimeout to customize the timeouts. Please see the code in SSLWrappersDemo.cpp for concrete examples of this.
    • You then need to call CSSL::CreateClientCredentials to setup the credentials which you will be providing to the server. If you use the default parameters to this method, then by default you will not supply any credentials to the server. You can pass non-default parameters to this method or implement a derived version of this method if you want to customize this behavior. The demo client in SSLWrappersDemo.cpp has commented out support for providing a client certificate with a common name of "localhost" if you want to develop a SSL client which provide real client credentials. For details on generating a self-signed client certificate please checkout http://msdn.microsoft.com/en-us/library/ff650751.aspx which I found useful while developing the SSL client code.
    • You can then attach the raw Windows socket to the CSocket instance using CSocket::Attach.
    • You should then call CSSL::SSLConnect to perform the SSL client handshake. If this method returns SEC_E_OK then you now have a SSL connection with the remote end.
    • You can then call CSSL::SendEncryptedMessage to deliver data to the server and CSSL::GetEncryptedMessage to read data from the server. In what order you do this will be dictated by the details of the protocol you are implementing over SSL. The example client provided in SSLWrappersDemo.cpp implements a very simple HTTPS client. Please note that if too much data has been read from the socket for one SSL message that this extra data will be buffered internally in the CSSL class and make available when you next call GetEncryptedMessage. To determine how much of this data is buffered in the class you can call CSSL::PendingReadSize. You might want to call this function in conjunction with checking your socket for readability before you make calls to CSSL::GetEncryptedMessage.
    • If you would like to support renegotiation from the server, then you should handle the SEC_I_RENEGOTIATE error code from the CSSL::GetEncryptedMessage method and immediately call CSSL::SSLHandleRenegotiationClient to perform the SSL handshake again. If you as the client would like to request a renegotiation yourself, then you should call CSSL::SSLRequestRenegotiationClient.
    • When you decide to close down the SSL connection either on the client’s own volition or because the server requested it, you should then call CSSL::SendCloseNotify(TRUE) to send the close_notify SSL message to the other end. Please note that you can detect if the other end has sent you a close_notify SSL message by checking the return value from CSSL::GetEncryptedMessage for the special error code of SEC_I_CONTEXT_EXPIRED.
    • That should be pretty much all that is required to implement a basic SSL client to get you going. Again please review the source in SSLWrappersDemo.cpp for further additional coding details and error handling.
  • The steps to implementing a SSL server can using the SSLWrappers classes are as follows:
    • You need to create a SSLWrappers::CSocket instance and call CSSL::CreateServerCredentials to setup the credentials which you will be providing as the server. As part of SSL you must always as a server provide a server certificate. The demo app in SSLWrappersDemo.cpp looks for a certificate with a common name of localhost in the current user certificate store. For details on generating a self-signed server certificate please checkout http://www.lombard.me/2008/01/testing-ssl-and-certificate.html and http://www.yangsoft.com/blog/?p=105 which I found useful while developing the SSL server code. For performance reasons you should call CreateServerCredentials once and not for each client which connects to you as the SSL server.
    • Create your server connection to the server as you would do with a standard unencrypted socket application. If you are using the author’s CWSocket wrapper (which the sample app provided with SSLWrapper does) then you would create a CWSocket instance and then call SetBindAddress, CreateAndBind and then Listen.
    • You would then sit in an loop waiting for client connections as per any sockets server. If you were using the author’s CWSocket wrappers a client connection would be created when the CWSocket::Accept method returns. You might then want to customize some of the behavior of this CSocket class at this time. For example you might want to call CSSL::SetVerifyClientCertificate if you wanted to do custom checking of any client certificate presented or CSocket::SetReadTimeout or CSocket::SetWriteTimeout to customize the timeouts. Please see the code in SSLWrappersDemo.cpp for concrete examples of this.
    • You can then attach the raw Windows client socket to the CSocket instance using CSocket::Attach.
    • You should then call CSSL::SSLAccept to perform the SSL client handshake. If this method returns SEC_E_OK then you now have a SSL connection with the remote end.
    • You can then call CSSL::SendEncryptedMessage to deliver data to the client and CSSL::GetEncryptedMessage to read data from the client. In what order you do this will be dictated by the details of the protocol you are implementing over SSL. The example server provided in SSLWrappersDemo.cpp implements a very simple HTTPS server which serves up a hard coded HTML response page without really doing any parsing of the HTTPS request received from the client. Please note that if too much data has been read from the socket for one SSL message that this extra data will be buffered internally in the CSSL class and make available when you next call GetEncryptedMessage. To determine how much of this data is buffered in the class you can call CSSL::PendingReadSize. You might want to call this function in conjunction with checking your socket for readability before you make calls to CSSL::GetEncryptedMessage.
    • If you would like to support renegotiation from the server, then you should handle the SEC_I_RENEGOTIATE error code from the CSSL::GetEncryptedMessage method and immediately call CSSL::SSLHandleRenegotiationServer to perform the SSL handshake again. If you as the server would like to request a renegotiation yourself, then you should call CSSL::SSLRequestRenegotiationServer.
    • When you decide to close down the SSL connection either on the server’s own volition or because the client requested it, you should then call CSSL::SendCloseNotify(FALSE) to send the close_notify SSL message to the other end. Please note that you can detect if the other end has sent you a close_notify SSL message by checking the return value from CSSL::GetEncryptedMessage for the special error code of SEC_I_CONTEXT_EXPIRED.
    • That should be pretty much all that is required to implement a basic SSL server to get you going. Again please review the source in SSLWrappersDemo.cpp for further additional coding details and error handling.

Output from Demo application

  • Here is a screen capture from the test app when it is run with a command line to make it act as a server (with both the server and client performing handling renegotiation in midstream) and the test client has connected to it. You can see from the auditing from the server code that an IIS Express server certificate with a common name of "localhost" is being used:

D:\Dev\My Code\SSLWrappers\DebugU64>SSLWrappersDemo.exe 1 localhost 443
Server certificate properties
Subject: CN=localhost
Subject Public Key Bit length
0000 00 04 00 00 ….
Subject Public Key MD5 hash
0000 d4 bc 8b 51 be aa 5e 8e 5f 72 00 ad dc 45 40 b7 …Q..^._r…E@.
MD5 hash
0000 e3 bd 22 7e d2 34 c2 c3 8d 21 64 0d 5d ed a1 74 .."~.4…!d.]..t
SHA1 hash
0000 d6 c9 06 56 9f 49 17 66 8c 81 20 f5 08 42 79 a6 …V.I.f.. ..By.
0010 94 90 dc 81 ….
Key Provider Info
0000 c0 3d 3c 00 00 00 00 00 1c 3e 3c 00 00 00 00 00 .=<……><…..
0010 0c 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 …. ………..
0020 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 …………….
0030 49 00 49 00 53 00 20 00 45 00 78 00 70 00 72 00 I.I.S. .E.x.p.r.
0040 65 00 73 00 73 00 20 00 44 00 65 00 76 00 65 00 e.s.s. .D.e.v.e.
0050 6c 00 6f 00 70 00 6d 00 65 00 6e 00 74 00 20 00 l.o.p.m.e.n.t. .
0060 43 00 65 00 72 00 74 00 69 00 66 00 69 00 63 00 C.e.r.t.i.f.i.c.
0070 61 00 74 00 65 00 20 00 43 00 6f 00 6e 00 74 00 a.t.e. .C.o.n.t.
0080 61 00 69 00 6e 00 65 00 72 00 00 00 4d 00 69 00 a.i.n.e.r…M.i.
0090 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 20 00 c.r.o.s.o.f.t. .
00a0 52 00 53 00 41 00 20 00 53 00 43 00 68 00 61 00 R.S.A. .S.C.h.a.
00b0 6e 00 6e 00 65 00 6c 00 20 00 43 00 72 00 79 00 n.n.e.l. .C.r.y.
00c0 70 00 74 00 6f 00 67 00 72 00 61 00 70 00 68 00 p.t.o.g.r.a.p.h.
00d0 69 00 63 00 20 00 50 00 72 00 6f 00 76 00 69 00 i.c. .P.r.o.v.i.
00e0 64 00 65 00 72 00 00 00 d.e.r…
Friendly name
0000 49 00 49 00 53 00 20 00 45 00 78 00 70 00 72 00 I.I.S. .E.x.p.r.
0010 65 00 73 00 73 00 20 00 44 00 65 00 76 00 65 00 e.s.s. .D.e.v.e.
0020 6c 00 6f 00 70 00 6d 00 65 00 6e 00 74 00 20 00 l.o.p.m.e.n.t. .
0030 43 00 65 00 72 00 74 00 69 00 66 00 69 00 63 00 C.e.r.t.i.f.i.c.
0040 61 00 74 00 65 00 00 00 a.t.e…
Key Identifier
0000 1d 88 f4 6b ea 1d 83 c7 2e f1 c8 57 67 3a 2b b6 …k…….Wg:+.
0010 d7 4a e9 29 .J.)
Signature hash
0000 01 8a 86 9c 27 29 64 6b 5e 93 9b 7d 7e b1 e4 8f ….’)dk^..}~…
0010 e5 42 f4 e8 .B..
CNG Hash Algorithm
0000 52 00 53 00 41 00 2f 00 53 00 48 00 41 00 31 00 R.S.A./.S.H.A.1.
0010 00 00 ..
Binding to localhost:443
Listening
Waiting for client connection
Accepted client connection
Performing SSL server handshake
Protocol: TLS 1.0
Cipher: AES
Cipher strength: 128
Hash: SHA
Hash strength: 160
Key exchange: RSA
Key exchange strength: 1024
Getting client request
Received request data:
0000 47 45 54 20 2f 20 GET /
Client requested renegotiation
Received request data:
0000 48 54 54 50 2f 31 2e 30 0d 0a 0d 0a HTTP/1.0….
Sending client first part of response
Requesting client renegotiation
Sending client second part of response
Sending close notify
Closing client connection
Waiting for client connection

  • Here is a screen capture from the test app when it is run with a command line to make it act as a client (with both the server and client performing handling renegotiation in midstream):

D:\Dev\My Code\SSLWrappers\DebugU64>SSLWrappersDemo.exe 0 localhost 443
Connecting to localhost:443
Performing SSL client handshake
Protocol: TLS 1.0
Cipher: AES
Cipher strength: 128
Hash: SHA
Hash strength: 160
Key exchange: RSA
Key exchange strength: 1024
Remote server certificate properties
Subject: CN=localhost
Sending server first part of request
Requesting server renegotiation
Sending server second part of request
Getting response
Received response data:
0000 48 54 54 50 2f 31 2e 30 20 32 30 30 0d 0a 0d 0a HTTP/1.0 200….
Server requested renegotiation
Received response data:
0000 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 < html><head><tit
0010 6c 65 3e 53 53 4c 20 44 61 74 61 3c 2f 74 69 74 le>SSL Data</tit
0020 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e le></head><body>
0030 54 68 69 73 20 69 73 20 74 68 65 20 62 6f 64 79 This is the body
0040 20 66 6f 6c 6c 6f 77 69 6e 67 20 61 20 72 65 6e following a ren
0050 65 67 6f 74 69 61 74 69 6f 6e 3c 2f 62 6f 64 79 egotiation</body
0060 3e 3c 2f 68 74 6d 6c 3e 0d 0a ></html>..
Stopping receive of response because of SEC_I_CONTEXT_EXPIRED status value from
CSSL::GetEncryptedMessage
Sending close_notify message
D:\Dev\My Code\SSLWrappers\DebugU64>

  • Here is screen capture from the test app when connecting to https://www.microsoft.com (with the client performing handling renegotiation in midstream):

D:\Dev\My Code\SSLWrappers\DebugU64>SSLWrappersDemo.exe 0 http://www.microsoft.com 443
Connecting to http://www.microsoft.com:443
Performing SSL client handshake
Protocol: TLS 1.0
Cipher: RC4
Cipher strength: 128
Hash: MD5
Hash strength: 128
Key exchange: RSA
Key exchange strength: 2048
Remote server certificate properties
Subject: C=US, S=WA, L=Redmond, O=Microsoft Corporation, OU=MSCOM, CN=www.micros
oft.com
SHA1 hash
0000 ff 11 95 88 3b 90 8f de ea 8d 2d d0 12 58 5c b9 ….;…..-..X\.
0010 09 3a b9 64 .:.d
Next certificate in chain
Subject: DC=com, DC=microsoft, DC=corp, DC=redmond, CN=MSIT Machine Auth CA 2
SHA1 hash
0000 ef 86 b4 13 f0 fc 25 ac 51 2b 8b e9 b6 ec 70 f6 ……%.Q+….p.
0010 da 34 16 55 .4.U
Next certificate in chain
Subject: CN=Microsoft Internet Authority
SHA1 hash
0000 99 2a d4 4d 7d ce 29 8d e1 7e 6f 2f 56 a7 b9 ca .*.M}.)..~o/V…
0010 a4 1d b9 3f …?
Next certificate in chain
Subject: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
SHA1 hash
0000 d4 de 20 d0 5e 66 fc 53 fe 1a 50 88 2c 78 db 28 .. .^f.S..P.,x.(
0010 52 ca e4 74 R..t
Sending server first part of request
Requesting server renegotiation
Sending server second part of request
Getting response
Received response data:
0000 48 H
Received response data:
0000 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a TTP/1.1 200 OK..
0010 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e Cache-Control: n
0020 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 o-cache..Content
0030 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c -Type: text/html
0040 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a ..Last-Modified:
0050 20 4d 6f 6e 2c 20 31 36 20 4d 61 72 20 32 30 30 Mon, 16 Mar 200
0060 39 20 32 30 3a 33 35 3a 32 36 20 47 4d 54 0d 0a 9 20:35:26 GMT..
0070 41 63 63 65 70 74 2d 52 61 6e 67 65 73 3a 20 62 Accept-Ranges: b
0080 79 74 65 73 0d 0a 45 54 61 67 3a 20 22 36 37 39 ytes..ETag: "679
0090 39 31 66 62 64 37 36 61 36 63 39 31 3a 30 22 0d 91fbd76a6c91:0".
00a0 0a 53 65 72 76 65 72 3a 20 4d 69 63 72 6f 73 6f .Server: Microso
00b0 66 74 2d 49 49 53 2f 38 2e 30 0d 0a 58 2d 50 6f ft-IIS/8.0..X-Po
00c0 77 65 72 65 64 2d 42 79 3a 20 41 53 50 2e 4e 45 wered-By: ASP.NE
00d0 54 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 32 T..Date: Wed, 22
00e0 20 4f 63 74 20 32 30 31 34 20 32 31 3a 31 34 3a Oct 2014 21:14:
00f0 32 39 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 29 GMT..Connecti
0100 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 on: close..Conte
0110 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 30 32 30 0d nt-Length: 1020.
0120 0a 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c …<html><head><
0130 74 69 74 6c 65 3e 4d 69 63 72 6f 73 6f 66 74 20 title>Microsoft
0140 43 6f 72 70 6f 72 61 74 69 6f 6e 3c 2f 74 69 74 Corporation</tit
0150 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 le><meta http-eq
0160 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 uiv="X-UA-Compat
0170 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 ible" content="I
0180 45 3d 45 6d 75 6c 61 74 65 49 45 37 22 3e 3c 2f E=EmulateIE7"></
0190 6d 65 74 61 3e 3c 6d 65 74 61 20 68 74 74 70 2d meta><meta http-
01a0 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 equiv="Content-T
01b0 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 ype" content="te
01c0 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 xt/html; charset
01d0 3d 75 74 66 2d 38 22 3e 3c 2f 6d 65 74 61 3e 3c =utf-8"></meta><
01e0 6d 65 74 61 20 6e 61 6d 65 3d 22 53 65 61 72 63 meta name="Searc
01f0 68 54 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d hTitle" content=
0200 22 4d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 22 20 "Microsoft.com"
0210 73 63 68 65 6d 65 3d 22 22 3e 3c 2f 6d 65 74 61 scheme=""></meta
0220 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 44 65 73 ><meta name="Des
0230 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e cription" conten
0240 74 3d 22 47 65 74 20 70 72 6f 64 75 63 74 20 69 t="Get product i
0250 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 73 75 70 70 nformation, supp
0260 6f 72 74 2c 20 61 6e 64 20 6e 65 77 73 20 66 72 ort, and news fr
0270 6f 6d 20 4d 69 63 72 6f 73 6f 66 74 2e 22 20 73 om Microsoft." s
0280 63 68 65 6d 65 3d 22 22 3e 3c 2f 6d 65 74 61 3e cheme=""></meta>
0290 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 54 69 74 6c <meta name="Titl
02a0 65 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 69 63 72 e" content="Micr
02b0 6f 73 6f 66 74 2e 63 6f 6d 20 48 6f 6d 65 20 50 osoft.com Home P
02c0 61 67 65 22 20 73 63 68 65 6d 65 3d 22 22 3e 3c age" scheme=""><
02d0 2f 6d 65 74 61 3e 3c 6d 65 74 61 20 6e 61 6d 65 /meta><meta name
02e0 3d 22 4b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 ="Keywords" cont
02f0 65 6e 74 3d 22 4d 69 63 72 6f 73 6f 66 74 2c 20 ent="Microsoft,
0300 70 72 6f 64 75 63 74 2c 20 73 75 70 70 6f 72 74 product, support
0310 2c 20 68 65 6c 70 2c 20 74 72 61 69 6e 69 6e 67 , help, training
0320 2c 20 4f 66 66 69 63 65 2c 20 57 69 6e 64 6f 77 , Office, Window
0330 73 2c 20 73 6f 66 74 77 61 72 65 2c 20 64 6f 77 s, software, dow
0340 6e 6c 6f 61 64 2c 20 74 72 69 61 6c 2c 20 70 72 nload, trial, pr
0350 65 76 69 65 77 2c 20 64 65 6d 6f 2c 20 20 62 75 eview, demo, bu
0360 73 69 6e 65 73 73 2c 20 73 65 63 75 72 69 74 79 siness, security
0370 2c 20 75 70 64 61 74 65 2c 20 66 72 65 65 2c 20 , update, free,
0380 63 6f 6d 70 75 74 65 72 2c 20 50 43 2c 20 73 65 computer, PC, se
0390 72 76 65 72 2c 20 73 65 61 72 63 68 2c 20 64 6f rver, search, do
03a0 77 6e 6c 6f 61 64 2c 20 69 6e 73 74 61 6c 6c 2c wnload, install,
03b0 20 6e 65 77 73 22 20 73 63 68 65 6d 65 3d 22 22 news" scheme=""
03c0 3e 3c 2f 6d 65 74 61 3e 3c 6d 65 74 61 20 6e 61 ></meta><meta na
03d0 6d 65 3d 22 53 65 61 72 63 68 44 65 73 63 72 69 me="SearchDescri
03e0 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 ption" content="
03f0 4d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 20 48 6f Microsoft.com Ho
0400 6d 65 70 61 67 65 22 20 73 63 68 65 6d 65 3d 22 mepage" scheme="
0410 22 3e 3c 2f 6d 65 74 61 3e 3c 2f 68 65 61 64 3e "></meta></head>
0420 3c 62 6f 64 79 3e 3c 70 3e 59 6f 75 72 20 63 75 < body><p>Your cu
0430 72 72 65 6e 74 20 55 73 65 72 2d 41 67 65 6e 74 rrent User-Agent
0440 20 73 74 72 69 6e 67 20 61 70 70 65 61 72 73 20 string appears
0450 74 6f 20 62 65 20 66 72 6f 6d 20 61 6e 20 61 75 to be from an au
0460 74 6f 6d 61 74 65 64 20 70 72 6f 63 65 73 73 2c tomated process,
0470 20 69 66 20 74 68 69 73 20 69 73 20 69 6e 63 6f if this is inco
0480 72 72 65 63 74 2c 20 70 6c 65 61 73 65 20 63 6c rrect, please cl
0490 69 63 6b 20 74 68 69 73 20 6c 69 6e 6b 3a 3c 61 ick this link:<a
04a0 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 href="http://ww
04b0 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f w.microsoft.com/
04c0 65 6e 2f 75 73 2f 64 65 66 61 75 6c 74 2e 61 73 en/us/default.as
04d0 70 78 3f 72 65 64 69 72 3d 74 72 75 65 22 3e 55 px?redir=true">U
04e0 6e 69 74 65 64 20 53 74 61 74 65 73 20 45 6e 67 nited States Eng
04f0 6c 69 73 68 20 4d 69 63 72 6f 73 6f 66 74 20 48 lish Microsoft H
0500 6f 6d 65 70 61 67 65 3c 2f 61 3e 3c 2f 70 3e 3c omepage</a></p><
0510 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a /body></html>..
Stopping receive of response because of SEC_I_CONTEXT_EXPIRED status value from
CSSL::GetEncryptedMessage
Sending close_notify message
D:\Dev\My Code\SSLWrappers\DebugU64>

  • And finally here is the screen capture from the test app when connecting to https://www.google.com (with the client not performing any client renegotiation in midstream as Google seem to reject that):

D:\Dev\My Code\SSLWrappers\DebugU64>SSLWrappersDemo.exe 0 http://www.google.com 443
Connecting to http://www.google.com:443
Performing SSL client handshake
Protocol: TLS 1.0
Cipher: AES
Cipher strength: 128
Hash: SHA
Hash strength: 160
Key exchange algorithm identifier: 0xae06, Class:40960, Type:3584, SID:6
Key exchange strength: 256
Remote server certificate properties
Subject: C=US, S=California, L=Mountain View, O=Google Inc, CN=www.google.com
SHA1 hash
0000 93 12 5b b9 7d 02 aa 45 36 b4 ec 9a 7c a0 1a d8 ..[.}..E6…|…
0010 92 73 14 db .s..
Next certificate in chain
Subject: C=US, O=Google Inc, CN=Google Internet Authority G2
SHA1 hash
0000 bb dc e1 3e 9d 53 7a 52 29 91 5c b1 23 c7 aa b0 …>.SzR).\.#…
0010 a8 55 e7 98 .U..
Next certificate in chain
Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
SHA1 hash
0000 73 59 75 5c 6d f9 a0 ab c3 06 0b ce 36 95 64 c8 sYu\m…….6.d.
0010 ec 45 42 a3 .EB.
Sending request
Getting response
Received response data:
0000 48 54 54 50 2f 31 2e 30 20 33 30 32 20 46 6f 75 HTTP/1.0 302 Fou
0010 6e 64 0d 0a 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 nd..Location: ht
0020 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 tps://www.google
0030 2e 69 65 2f 3f 67 77 73 5f 72 64 3d 63 72 26 65 .ie/?gws_rd=cr&e
0040 69 3d 57 78 39 49 56 4b 48 53 41 59 66 44 37 67 i=Wx9IVKHSAYfD7g
0050 62 48 34 59 48 6f 42 51 0d 0a 43 61 63 68 65 2d bH4YHoBQ..Cache-
0060 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 Control: private
0070 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 ..Content-Type:
0080 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 text/html; chars
0090 65 74 3d 55 54 46 2d 38 0d 0a 53 65 74 2d 43 6f et=UTF-8..Set-Co
00a0 6f 6b 69 65 3a 20 50 52 45 46 3d 49 44 3d 63 31 okie: PREF=ID=c1
00b0 35 62 31 65 39 63 33 37 65 30 33 64 64 34 3a 46 5b1e9c37e03dd4:F
00c0 46 3d 30 3a 54 4d 3d 31 34 31 34 30 31 32 37 36 F=0:TM=141401276
00d0 33 3a 4c 4d 3d 31 34 31 34 30 31 32 37 36 33 3a 3:LM=1414012763:
00e0 53 3d 59 5f 70 6e 4b 33 6a 63 45 4b 54 77 66 33 S=Y_pnK3jcEKTwf3
00f0 79 4a 3b 20 65 78 70 69 72 65 73 3d 46 72 69 2c yJ; expires=Fri,
0100 20 32 31 2d 4f 63 74 2d 32 30 31 36 20 32 31 3a 21-Oct-2016 21:
0110 31 39 3a 32 33 20 47 4d 54 3b 20 70 61 74 68 3d 19:23 GMT; path=
0120 2f 3b 20 64 6f 6d 61 69 6e 3d 2e 67 6f 6f 67 6c /; domain=.googl
0130 65 2e 63 6f 6d 0d 0a 53 65 74 2d 43 6f 6f 6b 69 e.com..Set-Cooki
0140 65 3a 20 4e 49 44 3d 36 37 3d 4c 43 47 45 39 47 e: NID=67=LCGE9G
0150 47 32 2d 64 4e 54 6a 53 64 2d 30 75 54 59 52 32 G2-dNTjSd-0uTYR2
0160 47 46 4e 48 61 53 53 64 67 34 77 6f 33 76 66 66 GFNHaSSdg4wo3vff
0170 72 58 76 67 68 6c 55 43 4c 7a 62 4e 79 4c 53 43 rXvghlUCLzbNyLSC
0180 69 70 48 38 4f 72 58 39 47 71 58 55 64 47 38 51 ipH8OrX9GqXUdG8Q
0190 49 31 5a 58 33 56 62 66 63 44 41 4e 75 4a 68 43 I1ZX3VbfcDANuJhC
01a0 77 5f 47 55 59 58 49 6c 43 47 70 6e 56 43 35 62 w_GUYXIlCGpnVC5b
01b0 62 6c 55 66 79 38 32 6a 6c 41 55 73 6a 71 41 66 blUfy82jlAUsjqAf
01c0 76 37 42 77 75 77 2d 44 33 68 3b 20 65 78 70 69 v7Bwuw-D3h; expi
01d0 72 65 73 3d 54 68 75 2c 20 32 33 2d 41 70 72 2d res=Thu, 23-Apr-
01e0 32 30 31 35 20 32 31 3a 31 39 3a 32 33 20 47 4d 2015 21:19:23 GM
01f0 54 3b 20 70 61 74 68 3d 2f 3b 20 64 6f 6d 61 69 T; path=/; domai
0200 6e 3d 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3b 20 48 n=.google.com; H
0210 74 74 70 4f 6e 6c 79 0d 0a 50 33 50 3a 20 43 50 ttpOnly..P3P: CP
0220 3d 22 54 68 69 73 20 69 73 20 6e 6f 74 20 61 20 ="This is not a
0230 50 33 50 20 70 6f 6c 69 63 79 21 20 53 65 65 20 P3P policy! See
0240 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c http://www.googl
0250 65 2e 63 6f 6d 2f 73 75 70 70 6f 72 74 2f 61 63 e.com/support/ac
0260 63 6f 75 6e 74 73 2f 62 69 6e 2f 61 6e 73 77 65 counts/bin/answe
0270 72 2e 70 79 3f 68 6c 3d 65 6e 26 61 6e 73 77 65 r.py?hl=en&answe
0280 72 3d 31 35 31 36 35 37 20 66 6f 72 20 6d 6f 72 r=151657 for mor
0290 65 20 69 6e 66 6f 2e 22 0d 0a 44 61 74 65 3a 20 e info."..Date:
02a0 57 65 64 2c 20 32 32 20 4f 63 74 20 32 30 31 34 Wed, 22 Oct 2014
02b0 20 32 31 3a 31 39 3a 32 33 20 47 4d 54 0d 0a 53 21:19:23 GMT..S
02c0 65 72 76 65 72 3a 20 67 77 73 0d 0a 43 6f 6e 74 erver: gws..Cont
02d0 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 35 39 0d ent-Length: 259.
02e0 0a 58 2d 58 53 53 2d 50 72 6f 74 65 63 74 69 6f .X-XSS-Protectio
02f0 6e 3a 20 31 3b 20 6d 6f 64 65 3d 62 6c 6f 63 6b n: 1; mode=block
0300 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e ..X-Frame-Option
0310 73 3a 20 53 41 4d 45 4f 52 49 47 49 4e 0d 0a 41 s: SAMEORIGIN..A
0320 6c 74 65 72 6e 61 74 65 2d 50 72 6f 74 6f 63 6f lternate-Protoco
0330 6c 3a 20 34 34 33 3a 71 75 69 63 2c 70 3d 30 2e l: 443:quic,p=0.
0340 30 31 0d 0a 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 01….<HTML><HEA
0350 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 D><meta http-equ
0360 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 iv="content-type
0370 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f " content="text/
0380 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 html;charset=utf
0390 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 -8">.<TITLE>302
03a0 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 Moved</TITLE></H
03b0 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 EAD><BODY>.<H1>3
03c0 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 02 Moved</H1>.Th
03d0 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d e document has m
03e0 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 oved.<A HREF="ht
03f0 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 tps://www.google
0400 2e 69 65 2f 3f 67 77 73 5f 72 64 3d 63 72 26 61 .ie/?gws_rd=cr&a
0410 6d 70 3b 65 69 3d 57 78 39 49 56 4b 48 53 41 59 mp;ei=Wx9IVKHSAY
0420 66 44 37 67 62 48 34 59 48 6f 42 51 22 3e 68 65 fD7gbH4YHoBQ">he
0430 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e re</A>…</BODY>
0440 3c 2f 48 54 4d 4c 3e 0d 0a < /HTML>..
Stopping receive of response because of graceful disconnect status value from CS
SL::GetEncryptedMessage
D:\Dev\My Code\SSLWrappers\DebugU64>

Categories: Web Site Updates

DtWinVer v1.92

October 1, 2014 Comments off

Just to let everyone know that v1.92 of DtWinVer has been released. Updates for this version include:

  • Updated code to support Windows 10 Technical Preview and Windows Server 10 Technical Preview.
Categories: Web Site Updates