Overview

Programmer Reference : Secure Socket Layer (SSL) : Overview

Overview

The SciSslSocketInterface provides a Smalltalk application with a set of classes and methods to construct tasks that use the Secure Socket Layer and/or Transport Layer Security protocols to provide secure communications over TCP/IP.

Support for these protocols is based on the OpenSSL API, an open source implementation of SSL/TLS based on the SSLeay library developed by Eric A. Young and Tim J. Hudson. The use of OpenSSL is provided under a dual license, the OpenSSL License and the SSLeay License. The binaries for the OpenSSL library are not included with VA Smalltalk and must be downloaded or compiled from source.

Binaries are readily available on most platforms and Source/Documentation can be found at http://www.openssl.org. Installation instructions for most platforms are provided. Another excellent source of information are the various mailing lists that exist for OpenSSL users and developers to share information. There are instructions at the above url for joining the list, or you can search archives for answers to your questions.

The API for OpenSSL is very large; therefore, VA Smalltalk supports a subset of the functions in the library. You can easily add additional OpenSSL functions calls. The steps to do so are:

1. Check the documentation or source code for the function for which you wish to add support. Visit http://www.openssl.org/docs or, if you've compiled the OpenSSL library yourself, check the man pages.

2. Create a new application which has a prerequisite of SciSslSocketInterface, this is where your extended functionality should live.

3. Create new pool dictionaries to the application which will contain the OpenSSL functions and/or constants you wish to add in the same manner that is done in SciSslOpenSSLInterface.

4. Extend the SciSslOpenSSLLibraryDispatcher class from SciSslOpenSSLInterface subapplication and add new calls. These calls will reference your new functions and constants.

•The dispatcher is responsible for performing the actual calls to OpenSSL. Look to the OpenSSL documentation to see how the return values of specific functions are to be interpreted. There should be enough existing calls available to understand how to implement them.

5. With few exceptions, all new calls should be performed by the responsible OpenSSL OSObject. Locate the responsible OSObject and add extension methods defined in the new application.

•For example, if you add a new function beginning with SSL_CTX, then it is the responsibility of the OSSslCtx context object to actually perform the call. Therefore, this class should be extended in the new application.

•If the developer creates new functions that require the creation of a new OSObject, the developer should create the a new OSObject that subclasses either OSSslCryptoStructure of OSSciSslStructure depending on which OpenSSL shared library the function lives in (i.e. the crypto library or the SSL/TLS library).

Note:

There are two main libraries in which the OpenSSL API resides. SSL_LIB includes all the OpenSSL API calls. CRYPTO_LIB contains all the cryptographic API calls. There is a third supporting library provided by VA Smalltalk called THREAD_LIB and provides thread-safety to OpenSSL usage within VA Smalltalk

Last modified date: 11/06/2015