how can i use ssl with raw sockets?
# ktoro
otakusenpai
04/24/2018, 1:14 PMhow can i use ssl with raw sockets?
✅ 1
📋 1
📝 1
otakusenpai
04/24/2018, 1:31 PMi cant find any documentation
d
Deactivated User
04/24/2018, 1:33 PMIt seems it is missing. Going to add it.
You have to include the
ktor-network-tlsaSocket().tcp().connect().tls(...)o
otakusenpai
04/24/2018, 1:34 PMok thanks
d
Deactivated User
04/24/2018, 1:53 PMTried this and seems to work:
tls_sample.kts Copy code
#!/usr/bin/env kscript
@file:MavenRepository("ktor", "<https://kotlin.bintray.com/ktor>")
@file:DependsOn("io.ktor:ktor-network-tls:0.9.2")
import io.ktor.cio.*
import io.ktor.network.sockets.*
import io.ktor.network.tls.*
import kotlinx.coroutines.experimental.*
import kotlinx.coroutines.experimental.io.*
import java.net.*
runBlocking {
val socket = aSocket().tcp().connect(InetSocketAddress("<http://google.com|google.com>", 443)).tls()
val w = socket.openWriteChannel(autoFlush = false)
w.write("GET / HTTP/1.1\r\n")
w.write("Host: <http://google.com|google.com>\r\n")
w.write("\r\n")
w.flush()
val r = socket.openReadChannel()
println(r.readASCIILine())
}o
otakusenpai
04/24/2018, 2:42 PMException in thread "io-thread-2" java.lang.IllegalArgumentException: Invalid TLS record type code: 58
otakusenpai
04/24/2018, 2:43 PMcan you help with that?
d
Deactivated User
04/24/2018, 2:43 PMThat happens with the snippet I put? Or with your own code?
o
otakusenpai
04/24/2018, 2:43 PMmy code
d
Deactivated User
04/24/2018, 2:43 PMDoes the snippet work for you?
o
otakusenpai
04/24/2018, 2:43 PMi didnt try
d
Deactivated User
04/24/2018, 2:43 PMCan you try?
o
otakusenpai
04/24/2018, 2:43 PMok
d
Deactivated User
04/24/2018, 2:44 PM(Is to be sure if it is related to the server certificate, or related to your network or other thing)
Deactivated User
04/24/2018, 2:45 PM^^ @e5l “Invalid TLS record type code: 58”
o
otakusenpai
04/24/2018, 2:46 PMit gives me some errors, not sure its the code or the way i launched it
otakusenpai
04/24/2018, 2:46 PMkotlinc ggl.kt
otakusenpai
04/24/2018, 2:46 PMi dont play around with scripts 😛
d
Deactivated User
04/24/2018, 2:47 PMthe snippet uses kscript https://github.com/holgerbrandl/kscript
But you can also copy the runBlocking block and put it in your main 🙂 As long as you include the required artifacts
o
otakusenpai
04/24/2018, 2:47 PMyeah
d
Deactivated User
04/24/2018, 2:48 PMAlso would help knowing the endpoint or the server/certificate that backend uses
o
otakusenpai
04/24/2018, 2:50 PMwell cant ktor accept invalid certificates?
d
Deactivated User
04/24/2018, 2:53 PMprobably, but can provide more information for troubleshooting? are you connecting to a ktor backend? to an internet backend? a local backend written un C++ with a self-signed certificate… etc.
I’m checking TLS record types: https://tools.ietf.org/html/rfc5246#section-7.2
And 58 doesn’t seems to be a valid record
e
e5l
04/24/2018, 2:54 PM`Invalid TLS record type code: 58`: need some code sample. It looks like a server error
d
Deactivated User
04/24/2018, 2:54 PMcan you also provide the stacktrace/or part of it? there are two places in ktor with that exception
o
otakusenpai
04/24/2018, 2:54 PMsure
otakusenpai
04/24/2018, 2:57 PMits a irc server written in c probably
otakusenpai
04/24/2018, 2:57 PMException in thread "io-thread-2" java.lang.IllegalArgumentException: Invalid TLS record type code: 58
at io.ktor.network.tls.TLSRecordType$Companion.byCode(TLSRecordType.kt:15)
at io.ktor.network.tls.ParserKt.readTLSRecordHeader(Parser.kt:12)
at io.ktor.network.tls.TLSClientSession.readTLSRecordHeader(TLSClientSession.kt:201)
at io.ktor.network.tls.TLSClientSession.tlsHandshakeAndNegotiation(TLSClientSession.kt:60)
at io.ktor.network.tls.TLSClientSession.negotiate(TLSClientSession.kt:46)
at io.ktor.network.tls.TLSKt.tls(TLS.kt:42)
at io.ktor.network.tls.TLSKt.tls$default(TLS.kt:32)
at com.otakusenpai.aghora.connection.SslConnection$1.doResume(SslConnection.kt:21)
at kotlin.coroutines.experimental.jvm.internal.CoroutineImpl.resume(CoroutineImpl.kt:54)
at kotlinx.coroutines.experimental.DispatchedTask$DefaultImpls.run(Dispatched.kt:161)
at kotlinx.coroutines.experimental.DispatchedContinuation.run(Dispatched.kt:25)
at kotlinx.coroutines.experimental.EventLoopBase.processNextEvent(EventLoop.kt:147)
at kotlinx.coroutines.experimental.BlockingCoroutine.joinBlocking(Builders.kt:244)
at kotlinx.coroutines.experimental.BuildersKt.runBlocking(Builders.kt:185)
at kotlinx.coroutines.experimental.BuildersKt.runBlocking$default(Builders.kt:175)
at com.otakusenpai.aghora.connection.SslConnection.<init>(SslConnection.kt:15)
at com.otakusenpai.aghora.bot.BasicBot.<init>(BasicBot.kt:23)
at com.otakusenpai.aghora.MainKt.main(main.kt:37)
java.lang.IllegalArgumentException: Invalid TLS record type code: 58
at io.ktor.network.tls.TLSRecordType$Companion.byCode(TLSRecordType.kt:15)
at io.ktor.network.tls.ParserKt.readTLSRecordHeader(Parser.kt:12)
at io.ktor.network.tls.TLSClientSession.readTLSRecordHeader(TLSClientSession.kt:201)
at io.ktor.network.tls.TLSClientSession.tlsHandshakeAndNegotiation(TLSClientSession.kt:60)
at io.ktor.network.tls.TLSClientSession.negotiate(TLSClientSession.kt:46)
at io.ktor.network.tls.TLSKt.tls(TLS.kt:42)
at io.ktor.network.tls.TLSKt.tls$default(TLS.kt:32)
at com.otakusenpai.aghora.connection.SslConnection$1.doResume(SslConnection.kt:21)
at kotlin.coroutines.experimental.jvm.internal.CoroutineImpl.resume(CoroutineImpl.kt:54)
at kotlinx.coroutines.experimental.DispatchedTask$DefaultImpls.run(Dispatched.kt:161)
at kotlinx.coroutines.experimental.DispatchedContinuation.run(Dispatched.kt:25)
at kotlinx.coroutines.experimental.EventLoopBase.processNextEvent(EventLoop.kt:147)
at kotlinx.coroutines.experimental.BlockingCoroutine.joinBlocking(Builders.kt:244)
at kotlinx.coroutines.experimental.BuildersKt.runBlocking(Builders.kt:185)
at kotlinx.coroutines.experimental.BuildersKt.runBlocking$default(Builders.kt:175)
at com.otakusenpai.aghora.connection.SslConnection.<init>(SslConnection.kt:15)
at com.otakusenpai.aghora.bot.BasicBot.<init>(BasicBot.kt:23)
at com.otakusenpai.aghora.MainKt.main(main.kt:37)
Exception in thread "main" kotlin.UninitializedPropertyAccessException: lateinit property socket has not been initialized
at com.otakusenpai.aghora.connection.Connection.getSocket(Connection.kt:23)
at com.otakusenpai.aghora.connection.SslConnection$1.doResume(SslConnection.kt:26)
at kotlin.coroutines.experimental.jvm.internal.CoroutineImpl.resume(CoroutineImpl.kt:54)
at kotlinx.coroutines.experimental.DispatchedTask$DefaultImpls.run(Dispatched.kt:161)
at kotlinx.coroutines.experimental.DispatchedContinuation.run(Dispatched.kt:25)
at kotlinx.coroutines.experimental.EventLoopBase.processNextEvent(EventLoop.kt:147)
at kotlinx.coroutines.experimental.BlockingCoroutine.joinBlocking(Builders.kt:244)
at kotlinx.coroutines.experimental.BuildersKt.runBlocking(Builders.kt:185)
at kotlinx.coroutines.experimental.BuildersKt.runBlocking$default(Builders.kt:175)
at com.otakusenpai.aghora.connection.SslConnection.<init>(SslConnection.kt:15)
at com.otakusenpai.aghora.bot.BasicBot.<init>(BasicBot.kt:23)
at com.otakusenpai.aghora.MainKt.main(main.kt:37)
d
Deactivated User
04/24/2018, 3:00 PMI see. Is it a public IRC server that we can try to connect to?
If it is not the case, maybe you can capture network traffic for that connection using wireshark to try to reproduce it locally
e
e5l
04/24/2018, 3:05 PMMake sure that you use proper ssl port
👍 1
o
otakusenpai
04/24/2018, 3:06 PMyes, chat.freenode.net
otakusenpai
04/24/2018, 3:06 PMand i use ssl port
d
Deactivated User
04/24/2018, 3:08 PMhttps://freenode.net/kb/answer/chat
or ports 6697, 7000 and 7070 for SSL-encrypted connections.
Deactivated User
04/24/2018, 3:08 PMgoing to try to connect ot one of those ports
Deactivated User
04/24/2018, 3:12 PM@e5l
Copy code
val socket = aSocket().tcp().connect(InetSocketAddress("<http://chat.freenode.net|chat.freenode.net>", 6697)).tls()
//Exception in thread "main" Exception in thread "io-thread-2" io.ktor.network.tls.TLSException: Unsupported TLS handshake type CertificateRequesto
otakusenpai
04/24/2018, 3:12 PMException in thread "io-thread-2" io.ktor.network.tls.TLSException: Unsupported TLS handshake type CertificateRequest
at io.ktor.network.tls.TLSClientSession.handshake(TLSClientSession.kt:308)
at io.ktor.network.tls.TLSClientSession.processHandshakeMessage(TLSClientSession.kt:79)
at io.ktor.network.tls.TLSClientSession.tlsHandshakeAndNegotiation(TLSClientSession.kt:64)
at io.ktor.network.tls.TLSClientSession$tlsHandshakeAndNegotiation$1.doResume(TLSClientSession.kt)
at kotlin.coroutines.experimental.jvm.internal.CoroutineImpl.resume(CoroutineImpl.kt:54)
at kotlin.coroutines.experimental.jvm.internal.CoroutineImpl.resume(CoroutineImpl.kt:53)
at kotlin.coroutines.experimental.jvm.internal.CoroutineImpl.resume(CoroutineImpl.kt:53)
at kotlinx.coroutines.experimental.DispatchedTask$DefaultImpls.run(Dispatched.kt:161)
at kotlinx.coroutines.experimental.io.internal.MutableDelegateContinuation.run(MutableDelegateContinuation.kt:14)
at kotlinx.coroutines.experimental.EventLoopBase.processNextEvent(EventLoop.kt:147)
at kotlinx.coroutines.experimental.BlockingCoroutine.joinBlocking(Builders.kt:244)
at kotlinx.coroutines.experimental.BuildersKt.runBlocking(Builders.kt:185)
at kotlinx.coroutines.experimental.BuildersKt.runBlocking$default(Builders.kt:175)
at com.otakusenpai.aghora.connection.SslConnection.<init>(SslConnection.kt:15)
at com.otakusenpai.aghora.bot.BasicBot.<init>(BasicBot.kt:23)
at com.otakusenpai.aghora.MainKt.main(main.kt:37)
d
Deactivated User
04/24/2018, 3:14 PMthat’s a different exception 🙂 that sounds like something is missing
o
otakusenpai
04/24/2018, 3:14 PMyeah, i didnt add ssl port the first time
otakusenpai
04/24/2018, 3:21 PMhello, how can i fix that?
d
Deactivated User
04/24/2018, 3:24 PMLooks like that packet is not handled, create an issue at github: https://github.com/ktorio/ktor/issues
Describing the error and include how to reproduce it:
val socket = aSocket().tcp().connect(InetSocketAddress("<http://chat.freenode.net|chat.freenode.net>", 6697)).tls()o
otakusenpai
04/24/2018, 3:24 PMok
423 Views