TCP/IP bounty beta release

For anyone itching to get a preview of progress on our TCP/IP bounty development, we’re pleased to release a beta version for community testing following a successful programme of limited-release alpha testing. You can grab a copy here and make sure you carefully read the ReadMe.txt before getting started with a bit of testing!

This looks interesting! I’ll definitely be having a play when I can; I have a couple of servers I can try it with… so now I just need some free time to actually do it :)

Psst! Manga works with that (as of version 0.30). ;-)

OK, question time. I’m trying to connect to a self-signed server on my local network. When using the HTTP_Client test app this displays a message about the security check failing and asks whether I want to continue. If I proceed then it works as expected.

However, in my Wimp app, which uses the URL and AcornHTTP modules, it just hangs for 30 seconds before failing with “Unable to connect to remote host”. The ReadMe file states:

Should the certificate chain fail verification the user will be prompted to confirm whether they wish to continue with the connection or abandon. In the desktop the module task called “AcornSSL” will manage this as a simple Toolbox dialogue, and outside the desktop the equivalent textual prompt.

Is this expected to work when called via URL/AcornHTTP or is it only if using the AcornSSL SWIs directly?

Are there any progs that use this SSL Module?

Is there a copy of !Phoenix that is HTTPS happy?

Are there any advantages over using ‘SecureSockets’?

[Edit 1]

Couldn’t the Building of the Sockaddr – be modified by a couple of bytes – to be able to use sockaddr%!04
for the port number?
And shifting the other values up by 4bytes.

[Edit 2]
How about a patch module that could take in AcornHTTP swi’s and convert them into AcornHTTPS?

Regarding the AcornSSL documentation:

AcornSSL_Creat says bits 8-31 is reserved for future use but goes on to say in the notes that setting bit 31 will create a secure socket(PF_INET,SOCK_STREAM,0) why is that needed instead of just setting r0,r1,r2 to PF_INET,SOCK_STREAM,0 is it something different?

Will AcornSSL_Recv support more flags than MSG_PEEK eg MSG_DONTWAIT and MSG_OOB?

Will AcornSSL_Send support any flags eg MSG_DONTWAIT and MSG_OOB? The AcornSSL_Send swi doesn’t have a flags register so I suppose a new swi would be needed?

Will there be sendto and recvfrom swi’s?

Are there any progs that use this SSL Module?

Manga. Will find and use AcornSSL by preference.

Are there any advantages over using ‘SecureSockets’?

Bad news good news.

Bad news – it’s a little slower
Good news – it’s an encryption method from this end of this decade…

If you’re asking about advantages, I suggest you do some reading up on crypto, vulnerabilities, and issues such as spoofing/man-in-the-middle. Then you’ll have your answer.

Good news – it’s an encryption method from this end of this decade…

And the source isn’t missing…

How about a patch module that could take in AcornHTTP swi’s and convert them into AcornHTTPS?

If I understand things correctly then you get this “for free” if you use the URL module instead of (or in addition to?) talking to AcornHTTP directly. It appears to work in my limited testing.

And the source isn’t missing…

I don’t think they’ve made v1.05 source available (it is supposed to be a commercial product), but SecureSockets of some flavour is at http://www.armini.co.uk/SSLsource.zip

That’s 1.03. Andrew couldn’t find 1.04, and 1.05 is a binary-patched 1.04 which therefore wasn’t built from source.

A cleverer person than me might be able to work out what’s different between 1.03 and 1.04 (especially seeing as WebsterXL doesn’t much like >1.03) to modify the source. As 1.05 was binary patched, there should be a fairly clear set of changes between it and 1.04…

…but with the arrival of AcornSSL…

PS: Jeez, don’t people keep change logs?

A few comments from me:

1. For non-interactive apps, it would be nice to be able to suppress the prompt that appears when the certificate chain verification fails. Ideally this would be via the use of a custom callback (which can get fed the appropriate info about the certificate), but maybe to start with it could be a simple “allow untrusted” / “deny untrusted” / “ask user” set of options specified prior to the TLS negotiation.
2. A way of controlling the contents of the CA bundle would be useful – e.g. adding self-signed certificates, or completely overriding the contents if you want to make sure that you’re talking to a specific host.
3. The current SWI interface only seems to cover client usage – is a server API going to be part of the bounty?

Also I’m hoping that it’ll be relatively easy to drop in a TLS 1.3-supporting version of mbedTLS once that arrives :-)

https://www.theregister.co.uk/2018/08/13/tls_13_approved/

As 1.05 was binary patched, there should be a fairly clear set of changes between it and 1.04…

As far as I’m aware, the only change in 1.05 was to remove a page zero access, which wasn’t actually present in 1.03. A reverse-engineered 1.04 probably wouldn’t have the problem in the first place! But we’re getting off topic here :)

A way of controlling the contents of the CA bundle would be useful

Indeed. It appears that you can manually add to the “CertData” file but I haven’t tested it, plus it’d get blown away with each new version of the Internet app.

I have got WebsterXL working with SSockets v1.05 with Rools site and log in the Jaspp site.

The fetching code is in !WebFetch – if I can understand the AcornSSL module doc’s – converting it to use AcornSSL looks possible.

The one that needs mainly updating is ‘!Hermes’.

And !Phoenix – if someone likes ‘C’.

[edit 1]

Where is the ‘Cabundle’ home?

Where is the ‘Cabundle’ home?

A data file somewhere within !Internet. I saw it and wondered why it wasn’t using the existing setup. Different file formats perhaps?

displays a message about the security check failing and asks whether I want to continue […] in my Wimp app, which uses the URL and AcornHTTP modules, it just hangs for 30 seconds before failing with “Unable to connect to remote host”. Is this expected to work when called via URL/AcornHTTP or is it only if using the AcornSSL SWIs directly?

URL_ReadData, which ultimately calls HTTP_ReadData, looks to be modelled on our good friend OS_GBPB. In other words, you ask for 500 bytes and you’ll get up to 500 bytes in reply, but maybe less. A typical Wimp app structure is outlined in the URL spec docs. Since the Wimp is cooperative multitasking, you need to poll the Wimp around the URL_ReadData calls otherwise the task that wants to show the certificate dialogue wont get a look in.

Is URL_ReadData returning zero bytes (or, maybe an error?). What do you do in that case? Is there any Wimp polling going on in your app?

Is URL_ReadData returning zero bytes (or, maybe an error?).

It should ideally return a specific error code. Otherwise how does one tell between “stalled because dialogue on screen” and “stalled so invoke timeout”?

To be honest I find it odd that one “connects” and then keeps hitting the send function until it works or gives a proper error (referring to low level AcornSSL here). Wouldn’t it make more sense to do it like SecureSockets with a connection poll and that is when establishing the session happens and when problems can be resolved? Keep it logically apart – getting the session running and transferring data within the session…?
[I guess it’s following the old API?]

I’ve downloaded Beta1 and I’m trying the HTTP_Client demo, but it falls at the first hurdle with “unrecoverable error in run time system: free failed”, which must be in SWI XAcornSSL_Creat in FNsocket().

Anyone else tried it? Anyone had more success?

Is there anything else I should have done prior to running it other than double-click the AcornSSL module?

Is there anything else I should have done prior to running it other than double-click the AcornSSL module?

I’ve not run the latest version (not at the computer today) so I can’t comment, however there should be no such error especially when calling an X SWI. That error is typical of C when trying to release a bogus pointer (null, already freed, corrupted, etc etc).

One thing, though – have you downloaded a very recent copy of Harddisc4 to pull out the CAbundle file from within Boot, Resources, Internet (data? files? it’s in there somewhere) ? Without that, AcornSSL won’t work correctly…

Thanks, Rick – lack of the CertData file was the problem.

So I can report an error that shouldn’t happen, and the bogus error message that it generates…

Since the Wimp is cooperative multitasking, you need to poll the Wimp around the URL_ReadData calls

Ahh, yes, I’ve probably forgotten to do this. I don’t have the code on hand, but it’d make sense (and for non-HTTPS use I wouldn’t have noticed the problem because the files I’m getting are only a few kilobytes and therefore wouldn’t normally stall the desktop). It’s also blatantly obvious in hindsight!

Thanks for the tip; I’ll give it a go tonight :)

Edit: Confirmed working (for certain definitions of “working”; I don’t have it pulling data back yet, but it is at least displaying the confirmation prompt now).

Seems to work OK with AntiSpam. Suggestion: don’t silently ignore options/flags you don’t support. It took me a while to realise there is no way to make the transfer calls non-blocking, even though the Ioctl SWI accepts that setting without protest.

I haven’t tried to invoke certificate errors yet, but the first of Jeffrey’s points should definitely have priority. I’m OK with using it myself, but I think distributing a version of AntiSpam which uses a module that could block a non-interactive run would be a bad idea.

Oh, and fix the AcornSSL_Version SWI. I don’t believe 100*version should result in 10000.

Wait – it doesn’t support non-blocking?!?!?

Actually, I wouldn’t know … I just replaced the SocketLib calls with AcornSSL equivalents “and it just worked”. The code is written on the assumption that it is a non-blocking connection, and I suppose if it blocks then it would simply always return with data (and never EWOULDBLOCK). I hope non-blocking is “to come” because it would be, well, weird otherwise. Especially given RISC OS’ multitasking doesn’t exactly lend itself to coping with things stalling. :-)

I don’t believe 100*version should result in 10000.

It’s probably already been done and held in the code as “100”, and then it’s multiplied by 100 again to end up with 10,000!

Now that the module has been “released” into the wild, it is imperative to increment this number, so the next will be 101, and so on.

Yup. That would be the logical thing to do. Or make it version 100.01…

Another thing, does anyone have any info about the *_Stat SWI? What exactly does it return? The AcornSSL doc says the AcornSSL_Stat’s use is analogous to Socket_Stat, but I can’t seem to find any info on that. There’s nothing useful in the InetSocket StrongHelp manual (v1.06).

It’s in PRM5a it does socketstat( int sock, struct stat *stats). struct stat is in sys/stat.h