× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. LINUX5250
  3. September 2001

Re: tn5250 and SSL

On Mon, 24 Sep 2001, Jay 'Eraserhead' Felice wrote:
>
> I used tn5250 with SSH port forwarding for the longest time as my only
> access to an AS/400 from home.  I also use CIPE (you can search freshmeat.net
> for it) to create a tunnel from my Linux laptop to the firewall, then you
> can use tn5250 to connect to the AS/400 as if you were on the AS/400's LAN.  I
> can still use this method.

Thanks, I'll take a look at CIPE.  It sounds like you're running a PPTP
through a tunnel -- that could be useful...

I also discovered that it was pretty easy to write a simple proxy that
I could run on my home PC that would encrypt the data and connect to the
telnet-ssl server on my AS/400.

>
> As for SSL, it should be very easy to add SSL support to tn5250 - it was
> modularized that way originally.  A new stream "class" has to be implemented
> which uses the OpenSSL API instead of the plain socketing API.  I wish I
> had the time to work on it, as I can probably hack it out in a day or two.
> Such is the life of the business owner *sigh*.
>
> -Jay 'Eraserhead' Felice

Actually, on Sunday I started hacking out an 'sslstream' module for
tn5250...  starting with telnetstr.c as a base, and changing it to work
with the SSL API's.

The pain is going to be in curses_terminal_waitevent, since it tries
to do a select() on the socket descriptor as well as on fd 0.  This
won't work with SSL, since select() will only see what's happening on
the TCP level.   SSL reads data from TCP in blocks, and buffers the
decrypted data, so you can't simply use select() on the descriptor.

And since that's in the terminal object, rather than the stream object,
anything I do to fix it seems like a kludge :)

But... I'll figure something out.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.