httpSuppInfo.h File Reference

Detailed Description

Open SSL related supplementary information.

This file contains configuration information for documentation generation; it does not contain any API-specific information.

SSL

Default of secret code list and the detail

The default of OpenSSL, CipherList is as below (in case of using OpenSSL-0.9.8e):

TLS_DHE_RSA_WITH_AES_256_CBC_SHA = { 0x00, 0x39 }
TLS_DHE_DSS_WITH_AES_256_CBC_SHA = { 0x00, 0x38 }
TLS_RSA_WITH_AES_256_CBC_SHA = { 0x00, 0x35 }
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x16 }
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x13 }
TLS_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x0A }
SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = { 0x07, 0x00, 0xC0 }
TLS_DHE_RSA_WITH_AES_128_CBC_SHA = { 0x00, 0x33 }
TLS_DHE_DSS_WITH_AES_128_CBC_SHA = { 0x00, 0x32 }
TLS_RSA_WITH_AES_128_CBC_SHA = { 0x00, 0x2F }
TLS_RSA_WITH_IDEA_CBC_SHA = { 0x00, 0x07 }
SSL_CK_IDEA_128_CBC_WITH_MD5 = { 0x05, 0x00, 0x80 }
SSL_CK_RC2_128_CBC_WITH_MD5 = { 0x03, 0x00, 0x80 }
TLS_RSA_WITH_RC4_128_SHA = { 0x00, 0x05 }
TLS_RSA_WITH_RC4_128_MD5 = { 0x00, 0x04 }
SSL_CK_RC4_128_WITH_MD5 = { 0x01, 0x00, 0x80 }
TLS_DHE_RSA_WITH_DES_CBC_SHA = { 0x00, 0x15 }
TLS_DHE_DSS_WITH_DES_CBC_SHA = { 0x00, 0x12 }
TLS_RSA_WITH_DES_CBC_SHA = { 0x00, 0x09 }
SSL_CK_DES_64_CBC_WITH_MD5 = { 0x06, 0x00, 0x40 }
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00, 0x14 }
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00, 0x11 }
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00, 0x08 }
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = { 0x00, 0x06 }
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = { 0x04, 0x00, 0x80 }
TLS_RSA_EXPORT_WITH_RC4_40_MD5 = { 0x00, 0x03 }
SSL_CK_RC4_128_EXPORT40_WITH_MD5 = { 0x02, 0x00, 0x80 }

Description of CIPHER LIST FORMAT is as below:
Ex 1) "ALL:!ADH:+RC4:@STRENGTH"
Ex 2) "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA: DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:IDEA-CBC-SHA:IDEA-CBC-MD5: RC2-CBC-MD5:RC4-SHA:RC4-MD5:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5: EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5: EXP-RC4-MD5:EXP-RC4-MD5"

See OpenSSL manual for the detail.

Relation of session and SSL

Specify SSL ON/OFF in each session.

So, the session using NetHttpStartSSL establish SSL communication, and the session which doesn't use NetHttpStartSSL establish the communication without SSL. The library does not consider the Request URI.

HTTP library will send the request with no check, even when "RequestURI http://xxx" is specified under SSL session. Also, HTTP library will send the request with no check, even when "RequestURI https://xxx" is specified under non-SSL session. Therefore, under SSL session, Calling application can only specify "https://xxx" as a Request URI, and when it specifies "http://xxx", it should be controlled to establish a different session.

Establish tunneling

Tunneling establishment using Connect method should be done by Calling application.

Certificate storage

Trusted-Root CA certificate file should be stored as below:

The certificate should be stored under the directry "$HOME/certificates/", with the rule below in DER format.
rootca??.der : "??" is decimal value with double digit (00 to 99)

Timer

HTTP library provides the timer as below. Calling application can specify in NetHttpInitialize if necessary:

When timeout occurs, report NET_HTTP_EV_TRANSACTION_ABORT to all the transaction that requests NetHttpRequest. Then, connection will be terminated.

SendTimer : Boots when request is completely sent. It ends when it starts receiving response.
ReceiveTimer : Boots while receiving the data from the timing when it starts receiving response to the timing it ends receiving response completely. It ends when receiving the next data.
Keep-AliveTimer : Boots when the response is received completely. It ends when start sending another request, or when it receives FIN.

Other Restrictions

The maximum request or response size the HTTPLib can handle is 2Gbytes. If the response more than this size is received, the connection will be disconnected; the return value of NET_HTTP_EV_DISCONNECTED is NET_HTTP_RC_ERR_INVALID_DATA.

Generated on Mon Mar 31 01:01:00 2008 by

1.5.4