PureBasic Forums - English

Again I came to a point where I can not use PB, since there is no native possibility to use SSL/TLS.

The current problem: I use websockets to communicate with a web page.
In windows with FireFox it is still working (don't know how long) but on macOS with safari ... no way
If the web page uses https all elemnts inside needs to be secured, also websockets so I need wss:// instead of ws://

I also asked chilkat, but they only do the client side.

So I need to go the hard way: at the moment I'm writing a wrapper for mbedTLS
It uses the apache license, so it is also free for commercial applications.
And it is available fo all PB platforms and it is written in plain C. (C99)

So I needed some tweaks to compile it in VS2010 (no C99 supported) for a static lib which I can use in PB.

Such a lib could also be used for direct secured posgres access and ,,,

Such a SSL/TLS lib for PB is needed. (sooner or later, no longer way for networking without the S)

I 100% agree, the whole network lib is more or less useless these days.

+1

+1

+1
And I would like to add: for a fully working SSL/TLS library for using in a PB client and as PB server I would also pay extra

hoerbie wrote: Sat Feb 05, 2022 6:43 pm And I would like to add: for a fully working SSL/TLS library for using in a PB client and as PB server I would also pay extra

Me too!

Maybe a fundraiser to sponsor Fred to do the development work and add it to PB?
Maybe he's too busy?

infratec wrote: Sat Feb 05, 2022 11:27 am Again I came to a point where I can not use PB, since there is no native possibility to use SSL/TLS.
~~~
Such a SSL/TLS lib for PB is needed.

Did you have a look at Fossil's approach with OpenSSL?
I agree https is absolutely necessary if not behind a firewall.
With raspberryPI devices as remote servers, this would round out PB v6 quite nicely!

Please don't add SSL/TLS as a static library but use the libraries already installed on the system. Software based on these libraries should keep secure even if it gets no updates for itself.

+1

NicTheQuick wrote: Mon Feb 07, 2022 3:36 pm Please don't add SSL/TLS as a static library but use the libraries already installed on the system. Software based on these libraries should keep secure even if it gets no updates for itself.

Yes, if you mean Linux or macOS. No if you mean windows.

That's one of the advantages of OpenSource: you can fix it by yourself. (If needed)
How long needs MS to fix something? OpenSSL, for example, gets a lot of more security updates then the windows SSL stuff.
I know this, because we use OPNsense and I see how often they use a new version of OpenSSL. And the reason is not that it is not a good piece
of software. All other major OSs uses OpenSSL as default security stack.
And how good is the MS documentation to implement a secured server with sockets?
And what do I do after 2025 when Win10 gets no updates anymore?
Maybe the 'good programmers' write then software which don't need PCs of the next generation to work at a normal speed.

Especially if security is affected, I trust more an OpenSource solution.

+1

I would pay for an SSL compatible Network Library.

+1

Also willing to help fund, as always

+1

+1