[Home] [Downloads] [Search] [Help/forum]

Gammon Forum

See www.mushclient.com/spam for dealing with forum spam. Please read the MUSHclient FAQ!

[Folder]  Entire forum
-> [Folder]  MUSHclient
. -> [Folder]  Suggestions
. . -> [Subject]  SSL support
Home  |  Users  |  Search  |  FAQ
Username:
Register forum user name
Password:
Forgotten password?

SSL support

It is now over 60 days since the last post. This thread is closed.     [Refresh] Refresh page


Posted by Castamir   (2 posts)  [Biography] bio
Date Sat 21 Jun 2008 03:23 AM (UTC)
Message
No one uses stunnel, ever, no matter how much you preach about security. I found out that only making SSL a setting in the client helped.

While I'm competition to mushclient (ok, ok, on different turf), I think it'd be better if I donated the SSL support (via GnuTLS).

The biggest part, SSL negotiation, is in
http://angband.pl/svn/kbtin/trunk/ssl.c
You can use just the first function, however, that would leave a gaping security hole (same as using stunnel the way you mention in the examples!!!). Mere SSL without certificate retention protects just against passively sniffing, someone who has access to a machine in between can h4x0r you with nothing but several lines of stunnel config...

The code from KBtin stores certificates in $HOMEDIR/.tintin/ssl/ -- for mushclient you'll probably want some other place, especially that $HOMEDIR is meaningless on Windows.

To actually use the negotiated connection, you'd use:

static int read_socket(struct session *ses, char *buffer, int len)
{
    int ret;
    
    if (ses->ssl)
    {
        do
        {
            ret=gnutls_record_recv(ses->ssl, buffer, len);
        } while (ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN);
        return ret;
    }
    else
        return read(ses->socket, buffer, len);
}

int write_socket(struct session *ses, char *buffer, int len)
{
    int ret;
    
    if (ses->ssl)
    {
        ret=gnutls_record_send(ses->ssl, buffer, len);
        while (ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN)
            ret=gnutls_record_send(ses->ssl, 0, 0);
        return ret;
    }
    else
        return write(ses->socket, buffer, len);
}
[Go to top] top

Posted by Nick Gammon   Australia  (21,607 posts)  [Biography] bio   Forum Administrator
Date Reply #1 on Sat 21 Jun 2008 04:36 AM (UTC)
Message
Thanks for the info. Out of curiosity, how many servers support it? Without server support, adding it to the client doesn't do much.

- Nick Gammon

www.gammon.com.au, www.mushclient.com
[Go to top] top

Posted by StuDraKi   Germany  (17 posts)  [Biography] bio
Date Reply #2 on Sat 21 Jun 2008 01:48 PM (UTC)
Message
In know at least 2 german muds based on LPmuds, which are accepting SSL connections. They are also providing a stunnel proxy for the clients, so my host settings connect to localhost and is only working, if i don't forget the stunnel before.

I made a search on some differnt mud lists (like mudconnector) but only 7 muds are telling about this. But lesson learned here is, that not all features are communicated to the mud lists...
[Go to top] top

The dates and times for posts above are shown in Universal Co-ordinated Time (UTC).

To show them in your local time you can join the forum, and then set the 'time correction' field in your profile to the number of hours difference between your location and UTC time.


3,418 views.

It is now over 60 days since the last post. This thread is closed.     [Refresh] Refresh page

Go to topic:           Search the forum


[Go to top] top

Quick links: MUSHclient. MUSHclient help. Forum shortcuts. Posting templates. Lua modules. Lua documentation.

Information and images on this site are licensed under the Creative Commons Attribution 3.0 Australia License unless stated otherwise.

[Home]


Written by Nick Gammon - 5K   profile for Nick Gammon on Stack Exchange, a network of free, community-driven Q&A sites   Marriage equality

Comments to: Gammon Software support
[RH click to get RSS URL] Forum RSS feed ( https://gammon.com.au/rss/forum.xml )

[Best viewed with any browser - 2K]    [Hosted at FutureQuest]