cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Learn all about the Community Ranking System, a fun gamification element of the PTC Community. X

No SSL certification in C SDK

ShengLiangQiu
12-Amethyst
12-Amethyst
‎Mar 02, 2016 03:58 AM
‎Mar 02, 2016 03:58 AM

No SSL certification in C SDK

Just a simple method to disable SSL certification in the SteamSensor sample in C SDK, for those who wants to use that in development mode or show to customer, as you may know use twApi_DisableCertValidation() function will not work:

1. Locate the src/config/twConfig.h in the SDK file, add:

#define USING_NO_TLS

#undef USING_AXTLS

right after #define OFFLINE_MSG_STORE 1, the result should be like:

2016-3-2 16-53-39.png

2. Locate  the src/tls/twTls.h in the SDK file, modify #include TW_TLS_INCLUDE to include more condition:

#if defined USING_AXTLS

#include "twAxTls.h"

#elif defined USING_NO_TLS

#include "twNoTls.h"

#else

#include TW_TLS_INCLUDE

#endif

and the result should be like:

2016-3-2 16-57-08.png

After all these are done, compile your code and start, you will connect to your Thingworx server without SSL.

Labels:
0 Kudos
Notify Moderator
4 REPLIES 4
PaiChung
22-Sapphire I
22-Sapphire I
(To:ShengLiangQiu)
‎Mar 02, 2016 10:52 AM
‎Mar 02, 2016 10:52 AM

Although we provide this capability to make development easier, never deploy the EMS in production without SSL.

0 Kudos
Notify Moderator
ShengLiangQiu
12-Amethyst
12-Amethyst
(To:PaiChung)
‎Mar 02, 2016 10:01 PM
‎Mar 02, 2016 10:01 PM

Agreed, I was asked about how to disable the SSL in the C SDK several times for demo purpose in the past couple of months, just for those who need this.

0 Kudos
Notify Moderator
jcanosa
1-Visitor
1-Visitor
(To:ShengLiangQiu)
‎Apr 02, 2016 09:49 AM
‎Apr 02, 2016 09:49 AM

Why do you say twApi_DisableCertValidation() does not work?  What that does is prevent the checking of the certificate entries to ensure they match those that are set using twApi_SetX509Fields().


If you want to disable checking valid signing authority of the certificate so that you can use self-signed certificates for demo purposes, you should use the function twApi_SetSelfSignedOk(). 

If you want to induce MAJOR SECURITY RISKS by disabling encryption altogether then you would use USING_NO_TLS.  This should only be used in very limited circumstances where the edge and ThingWorx server are deployed inside a firewall within the same security domain and where deep packet inspection of all traffic is a requirement (i.e. some military installations may require that)

"It's just a demo" is never an excuse to not use encryption. The ThingWorx server ships with self-signed certificates (at least it used to, even if not, it is a simple single command to create one), so using TLS requires very, very little extra effort.

0 Kudos
Notify Moderator
ShengLiangQiu
12-Amethyst
12-Amethyst
(To:jcanosa)
‎Apr 04, 2016 09:42 PM
‎Apr 04, 2016 09:42 PM

Yes, you are right, not using ecryption shouldn't be recommanded.

I have done several tests with the combination of twApi_DisableCertValidation() and twApi_SetSelfSignedOk(), but seems that doesn't work if you don't use SSL on Thingworx server side, so my purpose is just to give a way for those who doesn't want to use SSL at server side for presales demo.

0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags