cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - If community subscription notifications are filling up your inbox you can set up a daily digest and get all your notifications in a single email. X

No SSL certification in C SDK

ShengLiangQiu
10-Marble

No SSL certification in C SDK

Just a simple method to disable SSL certification in the SteamSensor sample in C SDK, for those who wants to use that in development mode or show to customer, as you may know use twApi_DisableCertValidation() function will not work:

1. Locate the src/config/twConfig.h in the SDK file, add:

#define USING_NO_TLS

#undef USING_AXTLS

right after #define OFFLINE_MSG_STORE 1, the result should be like:

2016-3-2 16-53-39.png

2. Locate  the src/tls/twTls.h in the SDK file, modify #include TW_TLS_INCLUDE to include more condition:

#if defined USING_AXTLS

#include "twAxTls.h"

#elif defined USING_NO_TLS

#include "twNoTls.h"

#else

#include TW_TLS_INCLUDE

#endif

and the result should be like:

2016-3-2 16-57-08.png

After all these are done, compile your code and start, you will connect to your Thingworx server without SSL.

4 REPLIES 4

Although we provide this capability to make development easier, never deploy the EMS in production without SSL.

Agreed, I was asked about how to disable the SSL in the C SDK several times for demo purpose in the past couple of months, just for those who need this.

Why do you say twApi_DisableCertValidation() does not work?  What that does is prevent the checking of the certificate entries to ensure they match those that are set using twApi_SetX509Fields().


If you want to disable checking valid signing authority of the certificate so that you can use self-signed certificates for demo purposes, you should use the function twApi_SetSelfSignedOk(). 

If you want to induce MAJOR SECURITY RISKS by disabling encryption altogether then you would use USING_NO_TLS.  This should only be used in very limited circumstances where the edge and ThingWorx server are deployed inside a firewall within the same security domain and where deep packet inspection of all traffic is a requirement (i.e. some military installations may require that)

"It's just a demo" is never an excuse to not use encryption. The ThingWorx server ships with self-signed certificates (at least it used to, even if not, it is a simple single command to create one), so using TLS requires very, very little extra effort.

Yes, you are right, not using ecryption shouldn't be recommanded.

I have done several tests with the combination of twApi_DisableCertValidation() and twApi_SetSelfSignedOk(), but seems that doesn't work if you don't use SSL on Thingworx server side, so my purpose is just to give a way for those who doesn't want to use SSL at server side for presales demo.

Top Tags