The SciSslSocketInterface provides a Smalltalk application with a set of classes and methods to construct tasks that use the Secure Socket Layer and/or Transport Layer Security protocols to provide secure communications over TCP/IP.
Support for these protocols is based on the OpenSSL API, an open source implementation of SSL/TLS based on the SSLeay library developed by Eric A. Young and Tim J. Hudson. The use of OpenSSL is provided under a dual license, the OpenSSL License and the SSLeay License. Although the binaries for the OpenSSL library are provided with VisualAge Smalltalk, it is recommended that the user download and compile OpenSSL.
Source and documentation can be found at http://www.openssl.org. Installation instructions for most platforms are provided. Another excellent source of information are the various mailing lists that exist for OpenSSL users and developers to share information. There are instructions at the above url for joining the list, or you can search archives for answers to your questions. One such archive, for the openssl-users mailing list, can be found at http://marc.theaimsgroup.com/?l=openssl-users.
The API for OpenSSL is very large; therefore, VisualAge Smalltalk supports a subset of the functions in the library. You can easily add additional OpenSSL functions calls. The steps to do so are:
As an example, let's look at the the declaration for SSL_CTX_set_cipher_
(name: SSL_CTX_set_cipher_list isConstant: true valueExpression: 'PlatformFunction fromArray: #(''C'' ''SSL_CTX_set_cipher_list'' nil ''SSL_LIB'' #(#pointer #pointer) #int32)')
This declaration specifies a C language library call located in the SSL_LIB library (see the note below concerning the libraries) that takes two pointers as arguments and returns a 32-bit signed integer.
SciSslBlockingDispatcher>>callSSL_CTX_set_cipher_listWith: ctx with: aStringPtr ^self callWithSslErrorCheck: SciSslFunctions::SSL_CTX_set_cipher_list withArguments: (Array with: ctx with: aStringPtr) errorBlock: [ :value | value <=
This specifies that you want error checking to be turned on, and provides the name of the function within the SciSslFunctions Pool Dictionary. See the OpenSSL documentation to learn the return values associated with an error for the function In this case, the API returns a -1 when an error has occurred. Be sure to check the result of you call* method for an instance of SciSslError
.
As another option, you can provide a file containing random bits for the PRNG to use. The difficulty with this approach is that entropy gathering daemons such as EGD or /dev/urandom in Linux provide better seeding material than other approaches. The deciding factor as to which path to take should be level of security you require.