LabVIEW

cancel
Showing results for 
Search instead for 
Did you mean: 

How do I send an HTTP request to a web server using the TCP functions?

Solved!
Go to solution

mrbean wrote:

I have an IP address instead of a URI, so I assume my call would look like this

 

GET 10.4.32.1 HTTP/1.1\r\n

 

One question, you said ...

"but it is of course much more practical to have stunnel take the address from the GET command"

 

I'm not sure how stunnel "takes" the address from the GET command.  I thought stunnel looked at what you had in the stunnel.conf in the [https] accept.  Is that not correct?

 

[https]
connect  = 80
accept   = 10.4.32.1:443
TIMEOUTclose = 0

 


I'm not to familiar with the stunnel conf file. It is probably possible to tell it to what server address to connect, or in your above case from what client to accept connections, but the way I used it I only had a minimal conf file and I connected to it as client.

 

And no your GET line would most likely look like:

 

GET https://10.4.32.1/something HTTP/1.1\r\n

Message Edited by rolfk on 10-30-2009 01:24 PM
Rolf Kalbermatter
My Blog
0 Kudos
Message 21 of 34
(3,271 Views)

maybe a silly question ...

 

can Stunnel be used for non-secure channels, or ONLY for secure?  The reason I ask is that I currently put the radio in a non-secure mode and run WireShark on it to determine the message traffic going back and forth (when Internet Explorer is the client).  I (using LabVIEW TCP/IP) then manually build all of my http messages based on what I see in WireShark.  I'm told (by the guys that did the IE client) that I shouldn't have to send over so much stuff, just the start line (post/get) and the Message Body (data).  This is sounds nice, and I hope Stunnel takes care of that stuff for me.  However, since I can't get the secure link established yet, I think I have to manually build all my packets since IE/Stunnel aren't even running.  That's why I ask if there's a non-secure option of Stunnel that would at least send all this Message-Header and Message-Trailer stuff.

0 Kudos
Message 22 of 34
(3,260 Views)

Why bother with stunnel when you want non-secure connection? Just connect directly to the non-secured server!

 

I'm not understanding why you try to make this so complicated. You do not use a proxy unless it has some usefull functionality. stunnel's useful functionality is its stunnel encryptio, a normal prosie's useful functionality is usually to get around a firewall or something. If there is no need to do either of this you simply connect to the server directly.

 

The only thing that usually changes between proxy communication and non-proxy communication is that in the first line for a proxy you do need a a full absolute URI, that includes the server address. For non-proxy operation that part can also be an absolute URI, since a good web server should be able to resolve that anyhow, but it can also be just an absolute path, or in http 1.1 also a relative one, but then you need to add an extra parameter to the header that tells the server from what page you are coming.

 

All the extra stuff after the first line is indeed not really necessary. But in such a case I usually make the last part to read HTTP 1.0. HTTP 1.1 indicates to the server that you are able to understand all kinds of extra attributes in the server response header, that you rather do not want to parse for a start.

Message Edited by rolfk on 10-31-2009 08:06 AM
Rolf Kalbermatter
My Blog
0 Kudos
Message 23 of 34
(3,247 Views)

As I still don't have a secure link working, I'd like to ask some questions (that I was asked) that will hopefully confirm that Stunnel will indeed do everything I need to eventually do.  It may be, instead, that Stunnel does what I need, but LabVIEW (and its TCP/IP utilities) is where the shortcoming is.  I was asked these questions.  Some I have answers for, but others, I'm not sure.  I'd like to get your take on them from a Stunnel/LabVIEW (client) perspective.

 

-----------------------

Does Stunnel provide https handshake process?

 

How are you going to integrate your own http implementation with SSL?

There will be two issues:

1) http protocol uses port 80 and https protocol uses port 443

2) For https protocol, there is handshake between the client and web server. How are you going to handle handshake to support https protocol?

eg how is your client app going to retrieve SSL cert from the server for encryption/decryption

 

Typically, for any web dev dealing with http/https protocols, the application developer uses a framework such as QT, .net framework or equivalent.

Application developer doesn't care how to build http request msg b/c the lib that supports http protocol will handle that.

For example, QT framework/Qhttp lib can be used to handle all communication related issues.  We should only need to worry about what to do with application data (i.e., name of url link, configurable parameter list and method of the call)

 

If lib function in the Labview supports http implementation, you should not even worry about what is happening at transport layer.  If Stunnel only provides SSL implementation, then it will not work.

What you need is https implementation, not SSL implementation alone.

-----------------

What are your thoughts on some these comments/questions?

 

 

0 Kudos
Message 24 of 34
(3,217 Views)

HTTPS handshaking is done by OpenSSL and hence stunnel.

 

Port selection 443 is done by stunnel based on the configuration setting in its conf file but probably also automatically when it recognizes an HTTPS address https://..... in an HTTP request.

 

HTTP implementation is done in LabVIEW with your VIs. There is some HTTP VI library in the Internet Toolkit but that is an add-on and I'm not sure about its features. There are various HTTP VI libraries around, but most are rather limited by what they do. So no there is no ready made fully functional HTTP library for LabVIEW and you have to do that somehow.

 

So while you may feel yourself like an app developer and would like to not have to worry about HTTP implementation, you will likely have to do some work on HTTP protocol level in LabVIEW anyhow.

 

Stunnel acts as an HTTP proxy with the additional feature of converting HTTPs into HTTP and vice versa. As far as your conversation with stunnel is concerned you talk to it like an HTTP proxy. It will convert the requests into HTTPS automatically and convert the answer back into HTTP.

Message Edited by rolfk on 11-03-2009 12:14 AM
Rolf Kalbermatter
My Blog
0 Kudos
Message 25 of 34
(3,212 Views)

This is what I see in my stunnel log.  It all seems promising, but the one non-secure message I currently send successfully doesn't do squat in secure mode (if I'm even in a secure mode).  Shouldn't I see a client/server hello in the log?  That's part of my problem - I don't know what a successful log should look like.  I sent this log and several files to the stunnel user's group but no one has replied.

 

2009.11.03 07:29:03 LOG7[5592:4644]: RAND_status claims sufficient entropy for the PRNG
2009.11.03 07:29:03 LOG7[5592:4644]: PRNG seeded successfully
2009.11.03 07:29:03 LOG7[5592:4644]: Verify directory set to C:\Program Files\stunnel
2009.11.03 07:29:03 LOG7[5592:4644]: Added C:\Program Files\stunnel revocation lookup directory
2009.11.03 07:29:03 LOG5[5592:4644]: Peer certificate location C:\Program Files\stunnel
2009.11.03 07:29:03 LOG7[5592:4644]: SSL context initialized for service https
2009.11.03 07:29:03 LOG5[5592:4644]: stunnel 4.27 on x86-pc-mingw32-gnu with OpenSSL 0.9.8k 25 Mar 2009
2009.11.03 07:29:03 LOG5[5592:4644]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6
2009.11.03 07:29:03 LOG5[5592:5076]: No limit detected for the number of clients
2009.11.03 07:29:03 LOG7[5592:5076]: FD 212 in non-blocking mode
2009.11.03 07:29:03 LOG7[5592:5076]: SO_REUSEADDR option set on accept socket
2009.11.03 07:29:03 LOG7[5592:5076]: https bound to 10.4.28.8:80

0 Kudos
Message 26 of 34
(3,199 Views)

mrbean wrote:

This is what I see in my stunnel log.  It all seems promising, but the one non-secure message I currently send successfully doesn't do squat in secure mode (if I'm even in a secure mode).  Shouldn't I see a client/server hello in the log?  That's part of my problem - I don't know what a successful log should look like.  I sent this log and several files to the stunnel user's group but no one has replied.

 

2009.11.03 07:29:03 LOG7[5592:4644]: RAND_status claims sufficient entropy for the PRNG
2009.11.03 07:29:03 LOG7[5592:4644]: PRNG seeded successfully
2009.11.03 07:29:03 LOG7[5592:4644]: Verify directory set to C:\Program Files\stunnel
2009.11.03 07:29:03 LOG7[5592:4644]: Added C:\Program Files\stunnel revocation lookup directory
2009.11.03 07:29:03 LOG5[5592:4644]: Peer certificate location C:\Program Files\stunnel
2009.11.03 07:29:03 LOG7[5592:4644]: SSL context initialized for service https
2009.11.03 07:29:03 LOG5[5592:4644]: stunnel 4.27 on x86-pc-mingw32-gnu with OpenSSL 0.9.8k 25 Mar 2009
2009.11.03 07:29:03 LOG5[5592:4644]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6
2009.11.03 07:29:03 LOG5[5592:5076]: No limit detected for the number of clients
2009.11.03 07:29:03 LOG7[5592:5076]: FD 212 in non-blocking mode
2009.11.03 07:29:03 LOG7[5592:5076]: SO_REUSEADDR option set on accept socket
2009.11.03 07:29:03 LOG7[5592:5076]: https bound to 10.4.28.8:80


No! stunnel log does not log the actual traffic. Would be quite counterproductive to have a tool that encrypts messages and logs everything it encrypts into a human readable log file!

Message Edited by rolfk on 11-03-2009 08:06 PM
Rolf Kalbermatter
My Blog
0 Kudos
Message 27 of 34
(3,186 Views)

I agree that the stunnel log should not log the actual traffic.  However, it IS logging the initial handshake, and I guess I'm wondering if it seems complete.

0 Kudos
Message 28 of 34
(3,180 Views)

mrbean wrote:

I agree that the stunnel log should not log the actual traffic.  However, it IS logging the initial handshake, and I guess I'm wondering if it seems complete.


Maybe it does, but defnitly not in the log you posted. That are only the startup initialization messages.

Rolf Kalbermatter
My Blog
0 Kudos
Message 29 of 34
(3,167 Views)

Unfortunately, that is ALL that is in my stunnel.log.  I'm looking at the stunnel.conf file, and I'm suspecting that my problems are in the area of authentication.  I know for sure that I haven't run the c_rehash mentioned on line three.  Not even sure what that's about.  All I have is a stunnel.conf and a stunnel.pem.  I'm not getting on the web, so I thought stunnel.pem would be sufficient.  I'm just not sure that I'm setting the below fields correctly.

 

; Authentication stuff
verify = 3
; Don't forget to c_rehash CApath
CApath = F:\ajgonz\ClientServerTests
; It's often easier to use CAfile
;CAfile = certs.pem
; Don't forget to c_rehash CRLpath
;CRLpath = crls
; Alternatively you can use CRLfile
;CRLfile = crls.pem

0 Kudos
Message 30 of 34
(3,147 Views)