Problem with https

Jan 13, 2015 at 5:02 AM
I have developed a listener application using Casablanca SDK, in VS 2012. The details I have mentioned this thread.

https://casablanca.codeplex.com/discussions/564796

I have recently discovered a new problem. In Windows 8.1,
 Mixed Content: The page at 'https://www.google.co.in/?gfe_rd=cr&ei=S7S0VJGqO4LV8gev84HICw&gws_rd=ssl' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://localhost:2001/?name='. This request has been blocked; the content must be served over HTTPS.chrome-extension://kbeoccojlmfnigpcnkjedepgjdhpdmkn/jquery.js:4 send
chrome-extension://kbeoccojlmfnigpcnkjedepgjdhpdmkn/jquery.js:4 Mixed Content: The page at 'https://www.google.co.in/?gfe_rd=cr&ei=S7S0VJGqO4LV8gev84HICw&gws_rd=ssl' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://localhost:2001/'. This request has been blocked; the content must be served over HTTPS.
chrome-extension://kbeoccojlmfnigpcnkjedepgjdhpdmkn/jquery.js:4 Mixed Content: The page at 'https://www.google.co.in/?gfe_rd=cr&ei=S7S0VJGqO4LV8gev84HICw&gws_rd=ssl#q=maverick+meaning' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://localhost:2001/?name=maverick+meaning'. This request has been blocked; the content must be served over HTTPS.
chrome-extension://kbeoccojlmfnigpcnkjedepgjdhpdmkn/jquery.js:4 Mixed Content: The page at 'https://www.google.co.in/?gfe_rd=cr&ei=S7S0VJGqO4LV8gev84HICw&gws_rd=ssl#q=maverick+meaning' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://localhost:2001/'. This request has been blocked; the content must be served over HTTPS.
chrome-extension://kbeoccojlmfnigpcnkjedepgjdhpdmkn/jquery.js:4 Mixed Content: The page at 'https://www.google.co.in/?gfe_rd=cr&ei=S7S0VJGqO4LV8gev84HICw&gws_rd=ssl#q=maverick+meaning' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://localhost:2001/?name=maverick+meaning'. This request has been blocked; the content must be served over HTTPS.
chrome-extension://kbeoccojlmfnigpcnkjedepgjdhpdmkn/jquery.js:4 Mixed Content: The page at 'https://www.google.co.in/?gfe_rd=cr&ei=S7S0VJGqO4LV8gev84HICw&gws_rd=ssl#q=maverick+meaning' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://localhost:2001/'. This request has been blocked; the content must be served over HTTPS.
This problem happens in Windows 8.1 because instead of http, it takes https. Now in the original source code.
int _tmain(int argc, _TCHAR* argv[])
{
    __uri_builder uri(L"http://localhost:2001/");__
    http_listener listener(uri.to_uri());
    std::cout << "Welcome to Casablanca" << std::endl;

    CheckOSVersion();

    listener.support(methods::GET, [](http_request req)
    {
        HKEY hKey;
        LONG lRes = RegOpenKeyExW(HKEY_CURRENT_USER, L"SOFTWARE\\Casablanca", 0, KEY_READ, &hKey);

        bool bExistsAndSuccess (lRes == ERROR_SUCCESS);
        bool bDoesNotExistsSpecifically (lRes == ERROR_FILE_NOT_FOUND);

        std::wstring strValueOfBinDir;
        GetStringRegKey(hKey, L"Encryption", strValueOfBinDir, L"1");

        GIDSdkWriteXML();

        http_response response (status_codes::OK);

        response.headers().add(U("Access-Control-Allow-Origin"), U("*"));
        response.set_body(strValueOfBinDir, U("text/html"));

        req.set_request_uri(L"requestpath");
        req.reply(response);
    });

    listener.support(methods::PUT,[](http_request req)
    {
        std::cout << "Serving PUT" << std::endl;
        req.reply(status_codes::OK, U("<html><body><h1>It works!</h1>(Casablanca, that is a POST Request.)</body></html>"), 
            U("text/html"));
    });

    listener.support(methods::POST,[](http_request req)
    {
        std::cout << "Serving POST" << std::endl;
        req.extract_string(true).then([req](utility::string_t body)
        {
            std::wcout << body << std::endl;
            //req.reply(status_codes::OK, U("<html><body>Received.</body></html>"), U("text/html"));
        });
    }); 

    listener.open().wait();
    fgetc(stdin);
    listener.close().wait();
}
When I change from

uri_builder uri(L"http://localhost:2001/"); to uri_builder uri(L"https://localhost:2001/");, It simply doesn't work. Can someone tell me a solution to this?
Jan 14, 2015 at 8:53 AM
Hi,

Sorry if I missunderstand. HTTPS will not work only changing the url in the code. You must secure the socket with a certificate. Because of casablanca uses HTTP windows API on Windows, you can use any tutorial that secure the socket. I found one and works for windows 7. I will test with Windows 8.1.

This is the link:

http://blogs.msdn.com/b/jpsanders/archive/2009/09/29/walkthrough-using-httplistener-as-an-ssl-simple-server.aspx

You can create a self signed certificate easily with the next link:

http://www.howtogeek.com/107415/it-how-to-create-a-self-signed-security-ssl-certificate-and-deploy-it-to-client-machines/

Regards,
Jan 14, 2015 at 11:03 AM
Thanks for the help. I have to deploy this on Client's PC, so is there some easy way to get this SSL certificate registration?
Jan 16, 2015 at 7:53 AM
May be with some .bat script is possible. I don't experimented with it. But seems complicated due to hash finger print needed to add the ssl certificate to secure the port. I have the same problem, let me know if you find a good solution.

A good solution may be a wizard that executes the shell commands and have inputs for the needed data and image captures about whatr to do, or how to get the info.

By the way, I noticed recently that selfssl.exe needs to run as administrator on Windows 8.

Regards,
Jan 19, 2015 at 5:12 AM
jdiazdesico wrote:
May be with some .bat script is possible. I don't experimented with it. But seems complicated due to hash finger print needed to add the ssl certificate to secure the port. I have the same problem, let me know if you find a good solution.

A good solution may be a wizard that executes the shell commands and have inputs for the needed data and image captures about whatr to do, or how to get the info.

By the way, I noticed recently that selfssl.exe needs to run as administrator on Windows 8.

Regards,
The biggest problem is, I developed this project for one of the client, for a product. The moment he discovers tha this end users are facing this issue in Windows 8, he might escalate this to higher management, and I will be under trouble. Can you think of some alternative or some meaningful tip that I can provide to the client?
May 11, 2015 at 11:19 AM
jdiazdesico wrote:
Hi,

Sorry if I missunderstand. HTTPS will not work only changing the url in the code. You must secure the socket with a certificate. Because of casablanca uses HTTP windows API on Windows, you can use any tutorial that secure the socket. I found one and works for windows 7. I will test with Windows 8.1.

This is the link:

http://blogs.msdn.com/b/jpsanders/archive/2009/09/29/walkthrough-using-httplistener-as-an-ssl-simple-server.aspx

You can create a self signed certificate easily with the next link:

http://www.howtogeek.com/107415/it-how-to-create-a-self-signed-security-ssl-certificate-and-deploy-it-to-client-machines/

Regards,
OK I created a certificate using MakeCert. This is the command that I used.
Makecert -r -pe -n CN="http://172.29.15.63:2001/" -b 05/10/2015 -e 12/22/2025 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localmachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12
and then i followed this link to make it safe and truested.

http://blogs.msdn.com/b/jpsanders/archive/2009/09/29/walkthrough-using-httplistener-as-an-ssl-simple-server.aspx

Now how can I implement it with my URL or google chrome to make it work?