I have app that is both client and server in terms of TCPIP connection.
Client1(externl) ---A---> My App ---B---> Server1(external)
Connections A and B are mostly done with CAsyncSocket but with CSocket too (there are more than 1 A and more than 1 B).
My task is to ADD SSL to A's and B's. We must get rid on stunnel for security requirements - admin could manipulate tunnel or listen connections between tunnel and My App. Dont ask but this is the requirement and idea why this must by done in My App not with stunnel.
Currently SSL is implemented with external SSL tunnel (stunnel).
Client1(externl) ---A---> STUNNEL1 ---> My App ---> STUNNEL2 ---B--> Server1(external)
Adding SSL to A's and B's with e.g. openssl API is lot of dirty work. Too much.
So I thought.. is it somehow possible to create SSL tunnel (instead stunnel) inside my app. And make existing sockets connect to tunnel but so that windows admin could not listen traffic between App and tunnel?
NOW is:
My app now:
Listens 192.168.1.1:5000
Listens 192.168.1.1:5001
Connects to 192.168.1.2:9000
Connects to 192.168.1.2:9001
New schema:
Listens 127.0.0.1:15000
Listens 127.0.0.1:15001
ThreadTunnel listens 192.168.1.1:5000 (forwards to 127.0.0.1:15000)
ThreadTunnel listens 192.168.1.1:5001 (forwards to 127.0.0.1:15001)
Connects to 127.0.0.1:19000
Connects to 127.0.0.1:19001
ThreadTunnel listens 192.168.1.1:19000 (forwards to 192.168.1.2:9000 )
ThreadTunnel listens 192.168.1.1:19001 (forwards to 192.168.1.2:9001 )
This schema would be ideal but problem is that admin could listen traffic between
127.0.0.1:15000 <-> 192.168.1.1:5000
or 127.0.0.1:19000 <-> 192.168.1.1:19000
Is there any way to make CSocket/CAsyncSocket and OpenSSL spead eachinother in same .exe so that admin could not capture traffic?
