Thread: Text based web browser from scratch. HTTPS guidance needed.

  1. #1
    Registered User
    Join Date
    Feb 2014

    Text based web browser from scratch. HTTPS guidance needed.

    I have written a text based web browser from scratch. Meaning that I'm not using libcurl in any way to retrieve the web pages.

    Now I'd like to add HTTPS functionality to it, but I can't seem to find a guide like Beej's Guide to Network Programming related to HTTPS.

    Can anybody point me in the right direction?

  2. #2
    Master Apprentice phantomotap's Avatar
    Join Date
    Jan 2008

    You aren't really going to find such a beast.

    The networks layer--the sockets layer--must, practicably, exist to do any network communication on the internet. (Major operating systems support some flavor of "BSD Sockets".) The networks layer is what "Beej's Guide" discusses using those most common API available. For most intents, the networks layer as discussed by "Beej's Guide" may be considered a singular entity. The discussion "Beej's Guide" offers is relatively short and concise because only that most common API and a few platform specific consideration are offered.

    The Secure Sockets Layer and Transport Layer Security are protocols that use or live over the networks layer with which you are familiar. (In this way, SSL and TLS are an application layer the same as HTTP is being used in your browser over TCP/IP sockets.) A multitude of different combinations for encryption, hashing, and similar are used by SSL and TLS protocols. Without a significant foundation in cryptography and the assumption of a most common API, a "Beej's Guide" for HTTPS can't exist.

    You don't want to use an existing library to provide a secure networks layer. The networks layer--here the sockets API--already exists on most systems. (If you read "Beej's Guide", you read a tutorial on that layer.) You aren't forced to use a library like "libcurl" because you can use that existing layer to implement the HTTP protocol. The secure networks layer will be a similar, if far more complex. You aren't forced to use a library like "gnutls" because you will be required to implement the secure layer over the that existing layer.

    You are really asking about something that doesn't really exist. The "Beej's Guide" is really quite basic, but there is nothing basic about implementing such a range of cryptography primitives. If you wanted to use existing libraries, I could point you to something like "Beej's Guide to HTTPS Using the gnutls Libraries". However, that really is a completely different entity than what you are asking about because the gnutls libraries do the heavy lifting of implementing the secure sockets layer.

    You are, I'd say, thinking about the wrong layer. Before you can implement HTTPS, you have to implement the secure sockets layer. Ultimately though, I'd advise you to never start. I appreciate the spirit, but you'll spend months alone implementing the cryptography primitives. You will not get to work at the HTTPS layer for a very long time. If you start with a library that at least implements the secure sockets layer, you'd probably have HTTPS relatively soon because HTTPS is really just HTTP over the secure sockets layer. You have a little more "hoop jumpery", but you shouldn't be long if you have good HTTP interfaces coded.

    “Salem Was Wrong!” -- Pedant Necromancer
    “Four isn't random!” -- Gibbering Mouther

  3. #3
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    The edge of the known universe
    Beej only helps you to get a connection up and running.

    To understand each protocol that can be laid on top of the connection, you need to consult the relevant RFC.
    For example -
    RFC 2818 - HTTP Over TLS
    RFC 2246 - The TLS Protocol Version 1.0
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  4. #4
    Registered User
    Join Date
    Feb 2014
    I guess I was under the wrong impression. I thought ssl ran on top of tcp/ip and that I could just apply it to the already created code.

    Kind of disappointed because the text based version was so quick and I could make sure I controlled any scripting. I'm amazed at the wasted code/bandwidth of websites these days.

    Anyway, thank you for your advice.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Replies: 0
    Last Post: 02-13-2014, 02:22 PM
  2. Web browser based program
    By Lauris in forum C++ Programming
    Replies: 3
    Last Post: 11-14-2007, 05:01 PM
  3. looking for a programmer for browser based game (2)
    By acehowell in forum Projects and Job Recruitment
    Replies: 0
    Last Post: 04-10-2007, 04:22 PM
  4. looking for a programmer for browser based game
    By rhey in forum Projects and Job Recruitment
    Replies: 0
    Last Post: 04-04-2007, 10:31 PM
  5. text based browser "links"
    By Lord CyKill in forum Linux Programming
    Replies: 1
    Last Post: 05-11-2003, 03:46 PM

Tags for this Thread