Secure network programming in brew

Secure network programming is mainly implemented through SSL. First, you must create an sslroot. The available root certificates are generally common Verisign root certificates. They save space on handheld devices and retain only one copy, instead of copies in each SSL-enabled application. Handheld devices only contain a small portion of commonly used root certificates to prevent occupying too much space. There are two methods to implement SSL: socket-oriented implementation, HTTP-oriented implementation, and HTTPS. Here we mainly explain how to use the iWeb interface to implement the HTTPS function.

// Defined in PME

Iwebopts * piroots ;...

If (ishell_createinstance (pishell, aeeclisd_sslrootcerts, (void **) & piroots )! = Success ){}

Then, send the root certificate to the server.

// Defined in APP Structure

Aeecallback PCB;

IWeb * piweb;

Iwebresp * piwebresp;

...

// Create instance of iWeb

If (ishell_createinstance (pishell, aeeclisd_web, (void **) & PME-> piweb )! =

Success)

Goto failure;

// Initialize callback

Callback_init (& PME-> PCB, (pfnnotify) checksecureresp, PME );

// First secure connection attempt

Iweb_getresponse (PME-> piweb, (PME-> piweb, & PME-> piwebresp, & PME-> PCB,

"Https://brewx.qualcomm.com/developer/devexhome.jsp ",

Webopt_headerhandler, headerhandlerfn,

Webopt_default, PME-> piroots,

Webopt_end ));

At the same time, you need to obtain the HTTPS header information. If necessary, you also need to provide login and other functions:

Void header (void * pnotifydata, const char * pszname, Getline * pplval ){

Httpsdemo * PME = pnotifydata;

If (strbegins ("www-Authenticate:", pszname )){

If (pplval ){

Appendidpswdheader (PME, pplval, "user", "pass ");

}

}

If (strbegins ("Set-COOKIE:", pszname )){

If (pplval ){

Appendcookieheader (PME, pplval-> psz );

}

}

}

Now, you can establish an HTTPS connection.

// Create new iWeb transaction

If (PME-> piweb ){

Iweb_release (PME-> piweb );

PME-> piweb = NULL;

}

If (ishell_createinstance (pishell, aeeclisd_web, (void **) & PME-> piweb )! = Success)

// Handle failure

// Initialize callback

Callback_cancel (& PME-> PCB );

Callback_init (& PME-> PCB, (pfnnotify) checksecureresp, PME );

// Try a successful attempt

Iweb_getresponse (PME-> piweb, (PME-> piweb, & PME-> piwebresp, & PME-> PCB,

"Https://brewx.qualcomm.com/developer/devexhome.jsp", webopt_header, PME-> buffer,

Webopt_headerhandler, headerhandlerfn, webopt_defaults, PME-> piroots,

Webopt_end ));

To ensure Application robustness, you need to pay attention to the error handling in SSL:

Webopt wo;

Sslinfo * psslinfo = NULL;

// Query for SSL webopt

Iwebresp_getopt (PME-> piwebresp, webopt_ssl_sec_info, 0, & Wo );

// Pointer to SSL info

Psslinfo = (sslinfo *) (WO. pval );

// Error values are held in psslinfo-> nresult

In addition, you can use X.509 to configure SSL:

X509trustoverride;

To. ucertid = 0;

To. uoverridebits = x509chain_cert_exipred;

Iweb_getresponse (PME-> piweb, (PME-> piweb, PME-> pwebresp, & PME-> callback,

Https://www.securesite.com, webopt_ssl_allowed_version, ssl_version_30,

Webopt_x509_root_cert, pourroot, webopt_x509_override, &,

Webopt_defaults, PME-> piroots, webopt_end ));

For banking or securities and exchange applications, a custom certificate is generally used, for example:

Ifilemgr * pifilemgr;

Ifile * pifile;

Webopt apwoz;

If (ishell_createinstance (pishell, aeeclsid_filemgr, & pifilemgr ))! = Success)

Goto failure;

Pifile = ifilemgr_openfile (pifilemgr, "mycert. CER", _ ofm_read );

Ifile_read (pifile, buffer, sizeof (buffer ));

Apwoz. nid = webopt_x509_root_cert;

Apwoz. pval = buffer;

Iweb_addopt (PME-> piweb, apwoz );

Ifile_release (pifile );

Ifilemgr_release (pifilemgr );

 

This article from the csdn blog, reproduced please indicate the source: http://blog.csdn.net/wireless_com/archive/2010/09/29/5914117.aspx