I have to port OpenSSL to winRT(windows 8 metro on x86 not ARM), so i am planning to start with compiling for WinRt.
I have downloaded the source code from http://www.openssl.org/source/
In the source code i see some OS specific folders like MacOS, OS2 and there is ms folder as well, but i dont see any visual studio projects. whatever i have read so far about compiling OpesSSL talks about makefiles and mingw ,but i am not very comfortable with makefiles and moreover not sure whether cygwin and perl will be supported in windows 8. So i am looking for some ideas on how to compile OpenSSL on windows 8 using visual studio. Please share your knowledge or point me to a direction which can help me in doing this. Thanks a lot
The solution for SSL encryption in metro style works well. But if you are not connecting to a web service there are some disadvantages:
- you can not control the parameters of the SSL handshake (like cyphers, verification of server certificate)
- not possible to present user certificate to authenticate the client to the server
- dependent on Microsoft for upgrades of SSL stack new encryptions etc.
There are some people working on porting openssl to windows runtime. See
http://openssl.6102.n7.nabble.com/winrt-random-td42100.html
It means that you only configure and build openssl without winsock support (only memory BIO) and replace some not supported functions.
So it is possible to do it but is not yet supported out of the box and quite some work compared to the built-in solution. But if you want to port some software already using openssl this could be a solution.
OpenSSL will build under Windows 8 for desktop mode only. Metro/WinRT no longer provides Winsock (or API compatible alternatives), so you will not be able to compile directly for WinRT.
Why would you like to use OpenSSL in WinRT??
If you use it only for security purpose then you can omit it inmetro style WinRT. Because WinRT itself provide security for socket programming in metro style like
//0: A plain socket with no encryption.
socket->ConnectAsync(hostname, serviceName, SocketProtectionLevel::PlainSocket);
//1: A socket that must use the SSL for encryption. This value requires encryption and never allows a NULL cipher.
socket->ConnectAsync(hostname, serviceName, SocketProtectionLevel::Ssl);
//2: A socket that prefers to use the SSL for encryption. This value prefers that full encryption be used, but allows a NULL cipher (no encryption) based on the server configuration.
socket->ConnectAsync(hostname, serviceName, SocketProtectionLevel::SslAllowNullEncryption);
Related
I wrote a QT tool using WebSockets with SSL. When I roll it out to an other Windows 10 machine it doesn't connect but produces a QAbstractSocket::UnsupportedSocketOperationError on Client side. On server side I don't get any notification that a new client has connected.
The tool "Dependencies" shows no difference in dll's, a test without SSL worked fine as well as connecting from same network with my developer machine.
As is works fine with my developer machine I assume something is wrong/missing on the other Windows 10 machine. I have installed OpenSSL 1.1.0f on it but I have no idea what else to look for.
I found out that this was an encryption problem from QT. I solveded it by downloading the dll's (libcrypto-1_1-x64.dll, libssl-1_1-x64.dll) together with precompiled(!) MySql driver for my QT version from https://github.com/thecodemonkey86/qt_mysql_driver/releases and stored it into the application root folder. Additional I copied into here the "tls"-folder from qt/6.3.0/plugins/.
I want to support older Windows versions, but non updated 7 and pre 7 operating systems do not support sha256 code signing, so they cannot detect that the executable/file is properly digitally signed.
My questions are:
How can i check if a system has this update (KB4474419) installed, or basically check if it supports sha256, without causing false positives (for example detecting new windows 10 machines as not having the update by mistake)
How to install this update in the background, without user knowing, and check if installation was successful (in order to see if we should restart the machine or not, in case it was successful) ?
(I want to implement it using c/c++, so native windows APIs are available to solve this)
WUA defines interfaces and objects that are accessible from Visual Basic, Visual Basic Scripting Edition (VBScript), JScript, and from C and C++.
I suggest you could try to use wuapi.h header. This header is used by Windows Update Agent API. And there are some COM interfaces that can be used from C++.
I've developed a filter driver for windows 10 that I sign via Attestation and am able to use with no issues. Recently a deployment was needed on a 2012 server installation (The driver is backwards compatible and works 100% with test signing on / verification off). I was led to believe that an EV signature on the file was enough prior to Windows 10, but this did not work for me, and I've seen others online say the same. Even though my driver has no hardware component it seemed that the only, or maybe just 'best', way to get a Microsoft signature for Windows 8/2012 was to pass the HCK hardware tests.
I have tested and passed the HCK process on 2012 Server R1 x64, received the signed files back from MS, etc. But I am still met with an unsigned driver error when trying to install on a fresh installation. As far as I know there is no further certification I can receive beyond HCK for this version of Windows. Attestation obviously works for W10 but not something older, and just an EV isn't helping either. My driver returned post-HCK has both my Sha1 EV and a Sha256 from MS.
I can't find any documentation of what's going on here. My understanding is that this driver should be "ready to be shipped" and that I should have no issues deploying it. Is there a further step, a reason this would happen, any guidance someone can give, etc?
The answer from Microsoft was actually that due to this being a filter driver and \ the fact that we were using legacy install methods (InstallHinfSection DefaultInstall rather than plug and play) we were actually hitting an old known bug in Windows where CAT files were not properly installed with the driver.
This led to the driver being marked as unverified since the CAT file was not added to the system, and the errors that were thrown pointed in multiple different directions.
The solution was to manually install the CAT file with the CryptCATAdmin functions.
I'm using a Cypress FX3 controller over USB 3 and I've had success with it on Windows 7 by modifying Cypress's driver .inf file to identify my device and then signing the driver package. Unfortunately, this method doesn't meet the more stringent signing requirements for drivers in Windows 10 [1].
I downloaded Windows' new WDK 10 and have been trying to go through the process of signing the driver with this new tool, but it doesn't seem to want to sign a pre-built DLL. Rather, it expects me to have source code files I can build into my own DLL, but I can't exactly expect Cypress to hand over their source code.
Does anyone know if signing an existing driver DLL is supported in WDK 10 or if that functionality has been removed to close a security loophole? Do I simply have to wait for Cypress to publish a driver compatible with Windows 10 v1607+?
For anyone wondering, I have already disabled secure boot and the driver signing verification on my machine for testing. The version 1.2.3 drivers from Cypress work with my device on Windows 10 except for the driver signing issue - but I would prefer if I didn't have to ask customers to disable secure boot in order to install the drivers for my device.
Thanks in advance,
Sheldon
[1] https://blogs.msdn.microsoft.com/windows_hardware_certification/2016/07/26/driver-signing-changes-in-windows-10-version-1607/
You can use SignTool to directly sign a DLL without needing to compile anything. I have never heard of a signed DLL being necessary in a driver, though. I wrote a big article about this stuff that might find helpful.
Is it possible to run Websphere Application Server 6.1 Test environment in Rational Software Architect (RSA) version 9.0?
I don't mean does it officially support it.. I mean, can you "somehow" get it working in RSA9.
For that you would need a server adapter that you can plug in into RSA. Since RSA is based on eclipse, a server adapter working for eclipse should work for RSA.
Having said that, it is very unlikely (although I do not know for sure) that anyone (in the very least IBM) has provided a publicly available server adapter for WAS 6.1. Usually these are preinstalled with the product and as you already have noticed WAS 6.1 <-> RSA 9.0 is not the best combo. Only supported combinations are preinstalled with IBM products.
It is quite possible to write your own server adapter but since WAS 6.1 is a closed product you may and probably will run into many problems along the way. To get started on writing on your own server adapter you can have a look here. Also some more information about WAS server adapters on eclipse in earlier stackoverflow posts.
Rational licensing is usually not limited to a certain product version, thus you could install and run (provided your licensing allows it) an older version of RSA that supports WAS 6.1 on the same machine where you have your RSA 9 installation.