Socket VB.NET WinRT Reference Documentation
Socket
Current Version: 9.5.0.90
TCP socket component with SSL capability. Supports both asynchronous connect, accept, send, and read operations in all programming languages. The ActiveX and .NET socket components also include heartbeat, completion, and other events when blocking methods are called. DNS is supported in both synchronous and asynchronous modes. Supports the ability to abort all operations: connect, accept, send, receive, DNS lookups, etc. prior to completion.
Object Creation
Dim obj As New Chilkat.Socket()
Properties
AbortCurrent
When set to True, causes the currently running method to abort. Methods that always finish quickly (i.e.have no length file operations or network communications) are not affected. If no method is running, then this property is automatically reset to False when the next method is called. When the abort occurs, this property is reset to False. Both synchronous and asynchronous method calls can be aborted. (A synchronous method call could be aborted by setting this property from a separate thread.)
topAcceptFailReason
If a AcceptNextConnection method fails, this property can be checked to determine the reason for failure.
Note: If accepting a TLS connection, then this property can also have any of the values listed for the ReceiveFailReason and SendFailReason properties (because the TLS handshake involves sending/receiving on the initial TCP socket).
Possible values are:
0 = Success 1 = An async operation is in progress. 3 = An unspecified internal failure, perhaps out-of-memory, caused the failure. 5 = Timeout. No connections were accepted in the amount of time alotted. 6 = The receive was aborted by the application in an event callback. 9 = An unspecified fatal socket error occurred (less common). 20 = Must first bind and listen on a port. 99 = The component is not unlocked. Errors Relating to the SSL/TLS Handshake: 100 = TLS internal error. 102 = Unexpected handshake message. 109 = Failed to read handshake messages. 114 = Failed to send change cipher spec handshake message. 115 = Failed to send finished handshake message. 116 = Client's Finished message is invalid. 117 = Unable to agree on TLS protocol version. 118 = Unable to agree on a cipher spec. 119 = Failed to read the client's hello message. 120 = Failed to send handshake messages. 121 = Failed to process client cert message. 122 = Failed to process client cert URL message. 123 = Failed to process client key exchange message. 124 = Failed to process certificate verify message. 125 = Received and rejected an SSL 2.0 connection attempt.top
AlpnProtocol
For TLS connections. Can be set to the name of an application layer protocol. This causes the ALPN extension to be added to the TLS ClientHello with the given ALPN protocol name.
topBandwidthThrottleDown
If non-zero, limits (throttles) the receiving bandwidth to approximately this maximum number of bytes per second. The default value of this property is 0.
topBandwidthThrottleUp
If non-zero, limits (throttles) the sending bandwidth to approximately this maximum number of bytes per second. The default value of this property is 0.
BigEndian
Applies to the SendCount and ReceiveCount methods. If BigEndian is set to True (the default) then the 4-byte count is in big endian format. Otherwise it is little endian.
topClientIpAddress
The IP address to use for computers with multiple network interfaces or IP addresses. For computers with a single network interface (i.e. most computers), this property should not be set. For multihoming computers, the default IP address is automatically used if this property is not set.
The IP address is a string such as in dotted notation using numbers, not domain names, such as "165.164.55.124".
ClientPort
Normally left at the default value of 0, in which case a unique port is assigned with a value between 1024 and 5000. This property would only be changed if it is specifically required. For example, one customer's requirements are as follows:
"I have to connect to a Siemens PLC IP server on a technical network. This machine expects that I connect to its server from a specific IP address using a specific port otherwise the build in security disconnect the IP connection."top
ConnectFailReason
If the Connect method fails, this property can be checked to determine the reason for failure.
Possible values are:
0 = success Normal (non-SSL) sockets: 1 = empty hostname 2 = DNS lookup failed 3 = DNS timeout 4 = Aborted by application. 5 = Internal failure. 6 = Connect Timed Out 7 = Connect Rejected (or failed for some other reason) SSL/TLS: 100 = TLS internal error. 101 = Failed to send client hello. 102 = Unexpected handshake message. 103 = Failed to read server hello. 104 = No server certificate. 105 = Unexpected TLS protocol version. 106 = Server certificate verify failed (the server certificate is expired or the cert's signature verification failed). 107 = Unacceptable TLS protocol version. 108 = App-defined server certificate requirements failure. 109 = Failed to read handshake messages. 110 = Failed to send client certificate handshake message. 111 = Failed to send client key exchange handshake message. 112 = Client certificate's private key not accessible. 113 = Failed to send client cert verify handshake message. 114 = Failed to send change cipher spec handshake message. 115 = Failed to send finished handshake message. 116 = Server's Finished message is invalid.top
DebugLogFilePath
If set to a file path, causes each Chilkat method or property call to automatically append it's LastErrorText to the specified log file. The information is appended such that if a hang or crash occurs, it is possible to see the context in which the problem occurred, as well as a history of all Chilkat calls up to the point of the problem. The VerboseLogging property can be set to provide more detailed information.
This property is typically used for debugging the rare cases where a Chilkat method call hangs or generates an exception that halts program execution (i.e. crashes). A hang or crash should generally never happen. The typical causes of a hang are:
- a timeout related property was set to 0 to explicitly indicate that an infinite timeout is desired,
- the hang is actually a hang within an event callback (i.e. it is a hang within the application code), or
- there is an internal problem (bug) in the Chilkat code that causes the hang.
ElapsedSeconds
Contains the number of seconds since the last call to StartTiming, otherwise contains 0. (The StartTiming method and ElapsedSeconds property is provided for convenience.)
topHeartbeatMs
The number of milliseconds between periodic heartbeat callbacks for blocking socket operations (connect, accept, dns query, send, receive). Set this to 0 to disable heartbeat events. The default value is 1000 (i.e. 1 heartbeat callback per second).
topHttpProxyAuthMethod
If an HTTP proxy requiring authentication is to be used, set this property to the HTTP proxy authentication method name. Valid choices are "Basic" or "NTLM".
topHttpProxyDomain
The NTLM authentication domain (optional) if NTLM authentication is used.
topHttpProxyForHttp
If this connection is effectively used to send HTTP requests, then set this property to True when using an HTTP proxy. The default value of this property is False.
This is because an HTTP proxy used for other protocols (IMAP, SMTP, SSH, FTP, etc.) can require some internal differences in behavior (i.e. how we do things).
For example, the Chilkat REST object can use this socket object's connection via the UseConnection method. This is a case where we know the proxied connection is for the HTTP protocol. Therefore we should set this property to True. (See the example below.)
HttpProxyHostname
If an HTTP proxy is to be used, set this property to the HTTP proxy hostname or IPv4 address (in dotted decimal notation).
topHttpProxyPassword
If an HTTP proxy requiring authentication is to be used, set this property to the HTTP proxy password.
topHttpProxyPort
If an HTTP proxy is to be used, set this property to the HTTP proxy port number. (Two commonly used HTTP proxy ports are 8080 and 3128.)
topHttpProxyUsername
If an HTTP proxy requiring authentication is to be used, set this property to the HTTP proxy login name.
topIsConnected
Returns True if the socket is connected. Otherwise returns False.
Note: In general, this property indicates the last known state of the socket. For example, if the socket is connected, and your application does not read or write the socket, then IsConnected will remain True. This property is updated when your application tries to read or write and discovers that the socket is no longer connected. It is also updated if your application explicitly closes the socket.
topKeepAlive
Controls whether the SO_KEEPALIVE socket option is used for the underlying TCP/IP socket. The default value is True.
topKeepSessionLog
Controls whether socket (or SSL) communications are logged to the SessionLog string property. To turn on session logging, set this property = True, otherwise set to False (which is the default value).
LastErrorHtml
Provides information in HTML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.
topLastErrorText
Provides information in plain-text format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.
LastErrorXml
Provides information in XML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.
topLastMethodFailed
True if the last method called on this object failed. This provides an easier (less confusing) way of determining whether a method such as ReceiveBytes succeeded or failed.
topLastMethodSuccess
Indicate whether the last method call succeeded or failed. A value of True indicates success, a value of False indicates failure. This property is automatically set for method calls. It is not modified by property accesses. The property is automatically set to indicate success for the following types of method calls:
- Any method that returns a string.
- Any method returning a Chilkat object, binary bytes, or a date/time.
- Any method returning a standard boolean status value where success = True and failure = False.
- Any method returning an integer where failure is defined by a return value less than zero.
Note: Methods that do not fit the above requirements will always set this property equal to True. For example, a method that returns no value (such as a "void" in C++) will technically always succeed.
topListenIpv6
If set to True, then a socket that listens for incoming connections (via the BindAndList and AcceptNextConnection method calls) will use IPv6 and not IPv4. The default value is False for IPv4.
topListenPort
The BindAndListen method will find a random unused port to listen on if you bind to port 0. This chosen listen port is available via this property.
LocalIpAddress
The local IP address for a bound or connected socket.
topLocalPort
The local port for a bound or connected socket.
topMaxReadIdleMs
The maximum number of milliseconds to wait on a socket read operation while no additional data is forthcoming. To wait indefinitely, set this property to 0. The default value is 0.
topMaxSendIdleMs
The maximum number of milliseconds to wait for the socket to become writeable on a socket write operation. To wait indefinitely, set this property to 0. The default value is 0.
topMyIpAddress
The local IP address of the local computer. For multi-homed computers (i.e. computers with multiple IP adapters) this property returns the default IP address.
Note: This will be the internal IP address, not an external IP address. (For example, if your computer is on a LAN, it is likely to be an IP address beginning with "192.168.".
Important: Use LocalIpAddress and LocalIpPort to get the local IP/port for a bound or connected socket.
topNumReceivedClientCerts
If the socket is the server-side of an SSL/TLS connection, the property represents the number of client-side certificates received during the SSL/TLS handshake (i.e. connection process). Each client-side cert may be retrieved by calling the GetReceivedClientCert method and passing an integer index value from 0 to N-1, where N is the number of client certs received.
Note: A client only sends a certificate if 2-way SSL/TLS is required. In other words, if the server demands a certificate from the client.
Important: This property should be examined on the socket object that is returned by AcceptNextConnection.
NumSslAcceptableClientCAs
If connected as an SSL/TLS client to an SSL/TLS server where the server requires a client-side certificate for authentication, then this property contains the number of acceptable certificate authorities sent by the server during connection establishment handshake. The GetSslAcceptableClientCaDn method may be called to get the Distinguished Name (DN) of each acceptable CA.
topObjectId
Each socket object is assigned a unique object ID. This ID is passed in event callbacks to allow your application to associate the event with the socket object.
topPercentDoneScale
This property is only valid in programming environment and languages that allow for event callbacks.
Sets the value to be defined as 100% complete for the purpose of PercentDone event callbacks. The defaut value of 100 means that at most 100 event PercentDone callbacks will occur in a method that (1) is event enabled and (2) is such that it is possible to measure progress as a percentage completed. This property may be set to larger numbers to get more fine-grained PercentDone callbacks. For example, setting this property equal to 1000 will provide callbacks with .1 percent granularity. For example, a value of 453 would indicate 45.3% competed. This property is clamped to a minimum value of 10, and a maximum value of 100000.
topPreferIpv6
If True, then use IPv6 over IPv4 when both are supported for a particular domain. The default value of this property is False, which will choose IPv4 over IPv6.
topRcvBytesPerSec
Returns the cumulative receive rate in bytes per second. The measurement includes the overhead bytes for protocols such as TLS or SSH tunneling. For example, if 1000 application bytes are received, the actual number of raw bytes received on a TLS connection is greater. This property measures the actual number of raw bytes received in a given time period. The ResetPerf method can be called to reset this property value and to begin the performance measurement afresh.
topReceivedCount
Any method that receives data will increase the value of this property by the number of bytes received. The application may reset this property to 0 at any point. It is provided as a way to keep count of the total number of bytes received on a socket connection, regardless of which method calls are used to receive the data.
Note: The ReceivedCount may be larger than the number of bytes returned by some methods. For methods such as ReceiveUntilMatch, the excess received on the socket (beyond the match), is buffered by Chilkat for subsequent method calls. The ReceivedCount is updated based on the actual number of bytes received on the underlying socket in real-time. (The ReceivedCount does not include the overhead bytes associated with the TLS and/or SSH protocols.
topReceivedInt
Contains the last integer received via a call to ReceiveByte, ReceiveInt16, or ReceiveInt32.
topReceiveFailReason
If a Receive method fails, this property can be checked to determine the reason for failure.
Possible values are:
0 = Success 1 = An async receive operation is already in progress. 2 = The socket is not connected, such as if it was never connected, or if the connection was previously lost. 3 = An unspecified internal failure, perhaps out-of-memory, caused the failure. 4 = Invalid parameters were passed to the receive method call. 5 = Timeout. Data stopped arriving for more than the amount of time specified by the MaxReadIdleMs property. 6 = The receive was aborted by the application in an event callback. 7 = The connection was lost -- the remote peer reset the connection. (The connection was forcibly closed by the peer.) 8 = An established connection was aborted by the software in your host machine. (See https://www.chilkatsoft.com/p/p_299.asp ) 9 = An unspecified fatal socket error occurred (less common). 10 = The connection was closed by the peer.top
ReceivePacketSize
The number of bytes to receive at a time (internally). This setting has an effect on methods such as ReadBytes and ReadString where the number of bytes to read is not explicitly specified. The default value is 4096.
topRemoteIpAddress
When a socket is connected, the remote IP address of the connected peer is available in this property.
topRemotePort
When a socket is connected, the remote port of the connected peer is available in this property.
topRequireSslCertVerify
If True, then the SSL/TLS client will verify the server's SSL certificate. The certificate is expired, or if the cert's signature is invalid, the connection is not allowed. The default value of this property is False.
topSendBytesPerSec
Returns the cumulative send rate in bytes per second. The measurement includes the overhead bytes for protocols such as TLS or SSH tunneling. For example, if 1000 application bytes are sent, the actual number of raw bytes sent on a TLS connection is greater. This property measures the actual number of raw bytes sent in a given time period. The ResetPerf method can be called to reset this property value and to begin the performance measurement afresh.
topSendFailReason
If a Send method fails, this property can be checked to determine the reason for failure.
Possible values are:
0 = Success 1 = An async receive operation is already in progress. 2 = The socket is not connected, such as if it was never connected, or if the connection was previously lost. 3 = An unspecified internal failure, perhaps out-of-memory, caused the failure. 4 = Invalid parameters were passed to the receive method call. 5 = Timeout. Data stopped arriving for more than the amount of time specified by the MaxReadIdleMs property. 6 = The receive was aborted by the application in an event callback. 7 = The connection was lost -- the remote peer reset the connection. (The connection was forcibly closed by the peer.) 8 = An established connection was aborted by the software in your host machine. (See https://www.chilkatsoft.com/p/p_299.asp ) 9 = An unspecified fatal socket error occurred (less common). 10 = The connection was closed by the peer. 11 = Decoding error (possible in SendString when coverting to the StringCharset, or in SendBytesENC).top
SendPacketSize
The number of bytes to send at a time (internally). This can also be though of as the "chunk size". If a large amount of data is to be sent, the data is sent in chunks equal to this size in bytes. The default value is 65535. (Note: This only applies to non-SSL/TLS connections. SSL and TLS have their own pre-defined packet sizes.)
topSessionLog
Contains a log of the bytes sent and received on this socket. The KeepSessionLog property must be set to True for logging to occur.
SessionLogEncoding
Controls how the data is encoded in the SessionLog. Possible values are "esc" and "hex". The default value is "esc".
When set to "hex", the bytes are encoded as a hexidecimalized string. The "esc" encoding is a C-string like encoding, and is more compact than hex if most of the data to be logged is text. Printable us-ascii chars are unmodified. Common "C" control chars are represented as "\r", "\n", "\t", etc. Non-printable and byte values greater than 0x80 are escaped using a backslash and hex encoding: \xHH. Certain printable chars are backslashed: SPACE, double-quote, single-quote, etc.
SniHostname
Specifies the SNI hostname to be used in the TLS ClientHello. This property is only needed when the domain is specified via a dotted IP address and an SNI hostname is desired. (Normally, Chilkat automatically uses the domain name in the SNI hostname TLS ClientHello extension.)
topSocksHostname
The SOCKS4/SOCKS5 hostname or IPv4 address (in dotted decimal notation). This property is only used if the SocksVersion property is set to 4 or 5).
topSocksPassword
The SOCKS5 password (if required). The SOCKS4 protocol does not include the use of a password, so this does not apply to SOCKS4.
topSocksPort
The SOCKS4/SOCKS5 proxy port. The default value is 1080. This property only applies if a SOCKS proxy is used (if the SocksVersion property is set to 4 or 5).
topSocksUsername
The SOCKS4/SOCKS5 proxy username. This property is only used if the SocksVersion property is set to 4 or 5).
topSocksVersion
SocksVersion May be set to one of the following integer values:
0 - No SOCKS proxy is used. This is the default.
4 - Connect via a SOCKS4 proxy.
5 - Connect via a SOCKS5 proxy.
SoRcvBuf
Sets the receive buffer size socket option. Normally, this property should be left unchanged. The default value is 4194304.
This property can be increased if download performance seems slow. It is recommended to be a multiple of 4096.
SoReuseAddr
Sets the SO_REUSEADDR socket option for a socket that will bind to a port and listen for incoming connections. The default value is True, meaning that the SO_REUSEADDR socket option is set. If the socket option must be unset, set this property equal to False prior to calling BindAndListen or InitSslServer.
topSoSndBuf
Sets the send buffer size socket option. Normally, this property should be left unchanged. The default value is 262144.
This property can be increased if upload performance seems slow. It is recommended to be a multiple of 4096. Testing with sizes such as 512K and 1MB is reasonable.
Ssl
Set this property to True if SSL/TLS is required for accepted connections (AcceptNextConnection). The default value is False.
Note: This property should have been more precisely named "RequireSslClient". It is a property that if set to True, requires all accepted connections use SSL/TLS. If a client attempts to connect but cannot establish the TLS connection, then it is not accepted. This property is not meant to reflect the current state of the connection.
The TlsVersion property shows the current or last negotiated TLS version of the connection. The TlsVersion will be empty for a non-SSL/TLS connection.
topSslAllowedCiphers
Provides a means for setting a list of ciphers that are allowed for SSL/TLS connections. The default (empty string) indicates that all implemented ciphers are possible. The TLS ciphers supported in Chilkat v9.5.0.55 and later are:
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHATo restrict SSL/TLS connections to one or more specific ciphers, set this property to a comma-separated list of ciphers such as "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384". The order should be in terms of preference, with the preferred algorithms listed first. (Note that the client cannot specifically choose the algorithm is picked because it is the server that chooses. The client simply provides the server with a list from which to choose.)
The property can also disallow connections with servers having certificates with RSA keys less than a certain size. By default, server certificates having RSA keys of 512 bits or greater are allowed. Add the keyword "rsa1024" to disallow connections with servers having keys smaller than 1024 bits. Add the keyword "rsa2048" to disallow connections with servers having keys smaller than 2048 bits.
Note: Prior to Chilkat v9.5.0.55, it was not possible to explicitly list allowed cipher suites. The deprecated means for indicating allowed ciphers was both incomplete and unprecise. For example, the following keywords could be listed to allow matching ciphers: "aes256-cbc", "aes128-cbc", "3des-cbc", and "rc4". These keywords will still be recognized, but programs should be updated to explicitly list the allowed ciphers.
secure-renegotiation: Starting in Chilkat v9.5.0.55, the keyword "secure-renegotiation" may be added to require that all renegotions be done securely (as per RFC 5746).
best-practices: Starting in Chilkat v9.5.0.55, this property may be set to the single keyword "best-practices". This will allow ciphers based on the current best practices. As new versions of Chilkat are released, the best practices may change. Changes will be noted here. The current best practices are:
- If the server uses an RSA key, it must be 1024 bits or greater.
- All renegotations must be secure renegotiations.
- All ciphers using RC4, DES, or 3DES are disallowed.
Example: The following string would restrict to 2 specific cipher suites, require RSA keys to be 1024 bits or greater, and require secure renegotiations: "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, rsa1024, secure-renegotiation"
topSslProtocol
Selects the secure protocol to be used for secure (SSL/TLS) connections. Possible values are:
defaultThe default value is "default" which will choose the, which allows for the protocol to be selected dynamically at runtime based on the requirements of the server. Choosing an exact protocol will cause the connection to fail unless that exact protocol is negotiated. It is better to choose "X or higher" than an exact protocol. The "default" is effectively "SSL 3.0 or higher". top
TLS 1.3
TLS 1.2
TLS 1.1
TLS 1.0
SSL 3.0
TLS 1.3 or higher
TLS 1.2 or higher
TLS 1.1 or higher
TLS 1.0 or higher
StringCharset
A charset such as "utf-8", "windows-1252", "Shift_JIS", "iso-8859-1", etc. Methods for sending and receiving strings will use this charset as the encoding. Strings sent on the socket are first converted (if necessary) to this encoding. When reading, it is assumed that the bytes received are converted FROM this charset if necessary. This ONLY APPLIES TO THE SendString and ReceiveString methods. The default value is "ansi".
TcpNoDelay
Controls whether the TCP_NODELAY socket option is used for the underlying TCP/IP socket. The default value is False. Setting the value to True disables the Nagle algorithm and allows for better performance when small amounts of data are sent on the socket connection.
topTlsCipherSuite
Contains the current or last negotiated TLS cipher suite. If no TLS connection has yet to be established, or if a connection as attempted and failed, then this will be empty. A sample cipher suite string looks like this: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256.
topTlsPinSet
Specifies a set of pins for Public Key Pinning for TLS connections. This property lists the expected SPKI fingerprints for the server certificates. If the server's certificate (sent during the TLS handshake) does not match any of the SPKI fingerprints, then the TLS handshake is aborted and the connection fails. The format of this string property is as follows:
hash_algorithm, encoding, SPKI_fingerprint_1, SPKI_fingerprint_2, ...For example, the following string specifies a single sha256 base64-encoded SPKI fingerprint:
"sha256, base64, lKg1SIqyhPSK19tlPbjl8s02yChsVTDklQpkMCHvsTE="This example specifies two SPKI fingerprints:
"sha256, base64, 4t37LpnGmrMEAG8HEz9yIrnvJV2euVRwCLb9EH5WZyI=, 68b0G5iqMvWVWvUCjMuhLEyekM5729PadtnU5tdXZKs="Any of the following hash algorithms are allowed:.sha1, sha256, sha384, sha512, md2, md5, haval, ripemd128, ripemd160,ripemd256, or ripemd320.
The following encodings are allowed: base64, hex, and any of the encodings indicated in the link below.
TlsVersion
Contains the current or last negotiated TLS protocol version. If no TLS connection has yet to be established, or if a connection as attempted and failed, then this will be empty. Possible values are "SSL 3.0", "TLS 1.0", "TLS 1.1", "TLS 1.2", and "TLS 1.3".
topUncommonOptions
This is a catch-all property to be used for uncommon needs. This property defaults to the empty string and should typically remain empty. Can be set to a list of the following comma separated keywords:
- "ProtectFromVpn" - Introduced in v9.5.0.80. On Android systems, will bypass any VPN that may be installed or active.
- "EnableTls13" - Introduced in v9.5.0.82. Causes TLS 1.3 to be offered in the ClientHello of the TLS protocol, allowing the server to select TLS 1.3 for the session. Future versions of Chilkat will enable TLS 1.3 by default. This option is only necessary in v9.5.0.82 if TLS 1.3 is desired.
UserData
Provides a way to store text data with the socket object. The UserData is purely for convenience and is not involved in the socket communications in any way. An application might use this property to keep extra information associated with the socket.
topVerboseLogging
If set to True, then the contents of LastErrorText (or LastErrorXml, or LastErrorHtml) may contain more verbose information. The default value is False. Verbose logging should only be used for debugging. The potentially large quantity of logged information may adversely affect peformance.
topVersion
Version of the component/library, such as "9.5.0.63"
topMethods
AcceptNextConnection
Blocking call to accept the next incoming connection on the socket. maxWaitMs specifies the maximum time to wait (in milliseconds). Set this to 0 to wait indefinitely. If successful, a new socket object is returned.
Important: If accepting an SSL/TLS connection, the SSL handshake is part of the connection establishment process. This involves a few back-and-forth messages between the client and server to establish algorithms and a shared key to create the secure channel. The sending and receiving of these messages are governed by the MaxReadIdleMs and MaxSendIdleMs properties. If these properties are set to 0 (and this is the default unless changed by your application), then the AcceptNextConnection can hang indefinitely during the SSL handshake process. Make sure these properties are set to appropriate values before calling this method.
Returns Nothing on failure
topAddSslAcceptableClientCaDn
If this object is a server-side socket accepting SSL/TLS connections, and wishes to require a client-side certificate for authentication, then it should make one or more calls to this method to identify the CA's it will accept for client-side certificates.
If no CA DN's are added by this method, then client certificates from any root CA are accepted.
Important: If calling this method, it must be called before calling InitSslServer.
Returns True for success, False for failure.
BindAndListen
Binds a TCP socket to a port and configures it to listen for incoming connections. The size of the backlog is passed in backLog. The backLog is necessary when multiple connections arrive at the same time, or close enough in time such that they cannot be serviced immediately. (A typical value to use for backLog is 5.) This method should be called once prior to receiving incoming connection requests via the AcceptNextConnection or AsyncAcceptStart methods.
Note:This method will find a random unused port to listen on if you bind to port 0. The chosen port is available via the read-only ListenPort property after this method returns successful.
To bind and listen using IPv6, set the ListenIpv6 property = True prior to calling this method.
What is a reasonable value for backLog? The answer depends on how many simultaneous incoming connections could be expected, and how quickly your application can process an incoming connection and then return to accept the next connection.
Returns True for success, False for failure.
BindAndListenPortRange
Binds a TCP socket to an unused port within a port range (beginPort to endPort) and configures it to listen for incoming connections. The size of the backlog is passed in endPort. The endPort is necessary when multiple connections arrive at the same time, or close enough in time such that they cannot be serviced immediately. (A typical value to use for endPort is 5.) This method should be called once prior to receiving incoming connection requests via the AcceptNextConnection method.
To bind and listen using IPv6, set the ListenIpv6 property = True prior to calling this method.
Returns the port number that was bound, or -1 if no port was available or if it failed for some other reason.
topBuildHttpGetRequest
Convenience method for building a simple HTTP GET request from a URL.
Returns Nothing on failure
CheckWriteable
Determines if the socket is writeable. Returns one of the following integer values:
1: If the socket is connected and ready for writing.
0: If a timeout occurred or if the application aborted the method during an event callback.
-1: The socket is not connected.
A maxWaitMs value of 0 indicates a poll.
topClearSessionLog
Clears the contents of the SessionLog property.
topCloneSocket
Creates a copy that shares the same underlying TCP (or SSL/TLS) connection. This allows for simultaneous reading/writing by different threads on the socket. When using asynchronous reading/writing, it is not necessary to clone the socket. However, if separate background threads are making synchronous calls to read/write, then one thread may use the original socket, and the other should use a clone.
Returns Nothing on failure
Close
Cleanly terminates and closes a TCP, TLS, or SSH channel connection.
Returns True for success, False for failure.
topConnect
Establishes a secure SSL/TLS or a plain non-secure TCP connection with a remote host:port. This is a blocking call. The maximum wait time (in milliseconds) is passed in maxWaitMs. This is the amount of time the app is willing to wait for the TCP connection to be accepted.
To establish an SSL/TLS connection, set ssl = True, otherwise set ssl = False for a normal TCP connection. Note: The timeouts that apply to the internal SSL/TLS handshaking messages are the MaxReadIdleMs and MaxSendIdleMs properties.
Note: Connections do not automatically close because of inactivity. A connection will remain open indefinitely even if there is no activity.
Important: All TCP-based Internet communications, regardless of the protocol (such as HTTP, FTP, SSH, IMAP, POP3, SMTP, etc.), and regardless of SSL/TLS, begin with establishing a TCP connection to a remote host:port. External security-related infrastructure such as software firewalls (Windows Firewall), hardware firewalls, anti-virus, at either source or destination (or both) can block the connection. If the connection fails, make sure to check all potential external causes of blockage.
Question: How do I Choose the TLS version, such as 1.2? Answer: The client does not specifically choose the TLS version. In the TLS handshake (which is what occurs internally in this method), the client tells the server the version of the TLS protocol it wishes to use, which should be the highest version is supports. In this case, (at the time of this writing on 22-June-2017) it is TLS 1.2. The server then chooses the TLS version that will actually be used. In most cases it will be TLS 1.2. The client can then choose to accept or reject the connection based on the TLS version chosen by the server. By default, Chilkat will reject anything lower than SSL 3.0 (i.e. SSL 2.0 or lower is rejected). The SslProtocol property can be set to change what is accepted by Chilkat. For example, it can be set to "TLS 1.0 or higher".
Returns True for success, False for failure.
ConvertFromSsl
Closes the secure (TLS/SSL) channel leaving the socket in a connected state where data sent and received is unencrypted.
Returns True for success, False for failure.
topConvertToSsl
Converts a non-SSL/TLS connected socket to a secure channel using TLS/SSL.
Returns True for success, False for failure.
topDnsCacheClear
Clears the Chilkat-wide in-memory hostname-to-IP address DNS cache. Chilkat automatically maintains this in-memory cache to prevent redundant DNS lookups. If the TTL on the DNS A records being accessed are short and/or these DNS records change frequently, then this method can be called clear the internal cache. Note: The DNS cache is used/shared among all Chilkat objects in a program, and clearing the cache affects all Chilkat objects.
topDnsLookup
Performs a DNS query to resolve a hostname to an IP address. The IP address is returned if successful. The maximum time to wait (in milliseconds) is passed in maxWaitMs. To wait indefinitely, set maxWaitMs = 0.
Returns Nothing on failure
GetMyCert
Returns the digital certificate to be used for SSL connections. This method would only be called by an SSL server application. The SSL certificate is initially specified by calling InitSslServer.
Returns Nothing on failure
topGetReceivedClientCert
Returns the Nth client certificate received during an SSL/TLS handshake. This method only applies to the server-side of an SSL/TLS connection. The 1st client certificate is at index 0. The NumReceivedClientCerts property indicates the number of client certificates received during the SSL/TLS connection establishment.
Client certificates are customarily only sent when the server demands client-side authentication, as in 2-way SSL/TLS. This method provides the ability for the server to access and examine the client-side certs immediately after a connection is established. (Of course, if the client-side certs are inadequate for authentication, then the application can choose to immediately disconnect.)
Important: This method should be called from the socket object that is returned by AcceptNextConnection.
Returns Nothing on failure
GetSslAcceptableClientCaDn
If connected as an SSL/TLS client to an SSL/TLS server where the server requires a client-side certificate for authentication, then the NumSslAcceptableClientCAs property contains the number of acceptable certificate authorities sent by the server during connection establishment handshake. This method may be called to get the Distinguished Name (DN) of each acceptable CA. The index should range from 0 to NumSslAcceptableClientCAs - 1.
Returns Nothing on failure
topGetSslServerCert
Returns the SSL server's digital certificate. This method would only be called by the client-side of an SSL connection. It returns the certificate of the remote SSL server for the current SSL connection. If the socket is not connected, or is not connected via SSL, then a NULL reference is returned.
Returns Nothing on failure
InitSslServer
SSL Server applications should call this method with the SSL server certificate to be used for SSL connections. It should be called prior to accepting connections. This method has an intended side-effect: If not already connected, then the Ssl property is set to True.
Returns True for success, False for failure.
LastJsonData
Provides information about what transpired in the last method called on this object instance. For many methods, there is no information. However, for some methods, details about what occurred can be obtained by getting the LastJsonData right after the method call returns.
Returns Nothing on failure
topPollDataAvailable
Check to see if data is available for reading on the socket. Returns True if data is waiting and False if no data is waiting to be read.
topReceiveBd
Receives as much data as is immediately available on a connected TCP socket and appends the incoming data to binData. If no data is immediately available, it waits up to MaxReadIdleMs milliseconds for data to arrive.
Returns True for success, False for failure.
topReceiveBdN
Reads exactly numBytes bytes from the connection. This method blocks until numBytes bytes are read or the read times out. The timeout is specified by the MaxReadIdleMs property (in milliseconds).
Returns True for success, False for failure.
topReceiveByte
Receives a single byte. The received byte will be available in the ReceivedInt property. If bUnsigned is True, then a value from 0 to 255 is returned in ReceivedInt. If bUnsigned is False, then a value from -128 to +127 is returned.
Returns True for success, False for failure.
topReceiveBytes
Receives as much data as is immediately available on a connected TCP socket. If no data is immediately available, it waits up to MaxReadIdleMs milliseconds for data to arrive.
Returns an empty byte array on failure
ReceiveBytesENC
The same as ReceiveBytes, except the bytes are returned in encoded string form according to encodingAlg. The encodingAlg can be "Base64", "modBase64", "Base32", "UU", "QP" (for quoted-printable), "URL" (for url-encoding), "Hex", "Q", "B", "url_oath", "url_rfc1738", "url_rfc2396", or "url_rfc3986".
Returns Nothing on failure
topReceiveBytesN
Reads exactly numBytes bytes from a connected SSL or non-SSL socket. This method blocks until numBytes bytes are read or the read times out. The timeout is specified by the MaxReadIdleMs property (in milliseconds).
Returns an empty byte array on failure
topReceiveBytesToFile
Receives as much data as is immediately available on a connected TCP socket. If no data is immediately available, it waits up to MaxReadIdleMs milliseconds for data to arrive.
The received data is appended to the file specified by appendFilename.
Returns True for success, False for failure.
topReceiveCount
Receives a 4-byte signed integer and returns the value received. Returns -1 on error.
topReceiveInt16
Receives a 16-bit integer (2 bytes). The received integer will be available in the ReceivedInt property. Set bigEndian equal to True if the incoming 16-bit integer is in big-endian byte order. Otherwise set bigEndian equal to False for receving a little-endian integer. If bUnsigned is True, the ReceivedInt will range from 0 to 65,535. If bUnsigned is False, the ReceivedInt will range from -32,768 through 32,767.
Returns True for success, False for failure.
topReceiveInt32
Receives a 32-bit integer (4 bytes). The received integer will be available in the ReceivedInt property. Set bigEndian equal to True if the incoming 32-bit integer is in big-endian byte order. Otherwise set bigEndian equal to False for receving a little-endian integer.
Returns True for success, False for failure.
ReceiveNBytesENC
The same as ReceiveBytesN, except the bytes are returned in encoded string form using the encoding specified by numBytes. The numBytes can be "Base64", "modBase64", "Base32", "UU", "QP" (for quoted-printable), "URL" (for url-encoding), "Hex", "Q", "B", "url_oath", "url_rfc1738", "url_rfc2396", or "url_rfc3986".
Returns Nothing on failure
topReceiveSb
Receives as much data as is immediately available on the connection. If no data is immediately available, it waits up to MaxReadIdleMs milliseconds for data to arrive. The incoming bytes are interpreted according to the StringCharset property and appended to sb.
Returns True for success, False for failure.
topReceiveString
Receives as much data as is immediately available on a TCP/IP or SSL socket. If no data is immediately available, it waits up to MaxReadIdleMs milliseconds for data to arrive. The incoming bytes are interpreted according to the StringCharset property and returned as a string.
Returns Nothing on failure
ReceiveStringMaxN
Same as ReceiveString, but limits the amount of data returned to a maximum of maxByteCount bytes.
(Receives as much data as is immediately available on the TCP/IP or SSL socket. If no data is immediately available, it waits up to MaxReadIdleMs milliseconds for data to arrive. The incoming bytes are interpreted according to the StringCharset property and returned as a string.)
Returns Nothing on failure
topReceiveStringUntilByte
Receives bytes on a connected SSL or non-SSL socket until a specific 1-byte value is read. Returns a string containing all the bytes up to but excluding the lookForByte.
Returns Nothing on failure
topReceiveToCRLF
Reads text from the connected TCP/IP or SSL socket until a CRLF is received. Returns the text up to and including the CRLF. The incoming bytes are interpreted according to the charset specified by the StringCharset property.
Returns Nothing on failure
ReceiveUntilByte
Receives bytes on the TCP/IP or SSL socket until a specific 1-byte value is read. Returns all the bytes up to and including the lookForByte.
Returns an empty byte array on failure
topReceiveUntilByteBd
Receives bytes on the TCP/IP or SSL socket until a specific 1-byte value is read. Returns all the bytes up to and including the lookForByte. The received bytes are appended to bd.
Returns True for success, False for failure.
topReceiveUntilMatch
Reads text from the connected TCP/IP or SSL socket until a matching string (matchStr) is received. Returns the text up to and including the matching string. As an example, to one might read the header of an HTTP request or a MIME message by reading up to the first double CRLF ("\r\n\r\n"). The incoming bytes are interpreted according to the charset specified by the StringCharset property.
Returns Nothing on failure
ResetPerf
Resets the performance measurements for either receiving or sending. If rcvPerf is True, then the receive performance monitoring is reset. If rcvPerf is False, then the sending performance monitoring is reset.
topSendBd
Sends bytes from binData over a connected SSL or non-SSL socket. If transmission halts for more than MaxSendIdleMs milliseconds, the send is aborted. This is a blocking (synchronous) method. It returns only after the bytes have been sent.
Set offset and/or numBytes to non-zero values to send a portion of the binData. If offset and numBytes are both 0, then the entire binData is sent. If offset is non-zero and numBytes is zero, then the bytes starting at offset until the end are sent.
Returns True for success, False for failure.
topSendByte
Sends a single byte. The integer must have a value from 0 to 255.
Returns True for success, False for failure.
topSendBytes
Sends bytes over a connected SSL or non-SSL socket. If transmission halts for more than MaxSendIdleMs milliseconds, the send is aborted. This is a blocking (synchronous) method. It returns only after the bytes have been sent.
Returns True for success, False for failure.
SendBytesENC
The same as SendBytes, except the bytes are provided in encoded string form as specified by encodingAlg. The encodingAlg can be "Base64", "modBase64", "Base32", "Base58", "UU", "QP" (for quoted-printable), "URL" (for url-encoding), "Hex", "Q", "B", "url_oauth", "url_rfc1738", "url_rfc2396", and "url_rfc3986".
topSendCount
Sends a 4-byte signed integer on the connection. The receiver may call ReceiveCount to receive the integer. The SendCount and ReceiveCount methods are handy for sending byte counts prior to sending data. The sender would send a count followed by the data, and the receiver would receive the count first, and then knows how many data bytes it should expect to receive.
Returns True for success, False for failure.
topSendInt16
Sends a 16-bit integer (2 bytes). Set bigEndian equal to True to send the integer in big-endian byte order (this is the standard network byte order). Otherwise set bigEndian equal to False to send in little-endian byte order.
Returns True for success, False for failure.
topSendInt32
Sends a 32-bit integer (4 bytes). Set bigEndian equal to True to send the integer in big-endian byte order (this is the standard network byte order). Otherwise set bigEndian equal to False to send in little-endian byte order.
Returns True for success, False for failure.
topSendSb
Sends the contents of sb over the connection. If transmission halts for more than MaxSendIdleMs milliseconds, the send is aborted. The string is sent in the charset encoding specified by the StringCharset property.
This is a blocking (synchronous) method. It returns after the string has been sent.
Returns True for success, False for failure.
topSendString
Sends a string over a connected SSL or non-SSL (TCP/IP) socket. If transmission halts for more than MaxSendIdleMs milliseconds, the send is aborted. The string is sent in the charset encoding specified by the StringCharset property.
This is a blocking (synchronous) method. It returns after the string has been sent.
Returns True for success, False for failure.
SetSslClientCert
A client-side certificate for SSL/TLS connections is optional. It should be used only if the server demands it. This method allows the certificate to be specified using a certificate object.
Returns True for success, False for failure.
topSetSslClientCertPem
A client-side certificate for SSL/TLS connections is optional. It should be used only if the server demands it. This method allows the certificate to be specified using a PEM file.
Returns True for success, False for failure.
SetSslClientCertPfx
A client-side certificate for SSL/TLS connections is optional. It should be used only if the server demands it. This method allows the certificate to be specified using a PFX file.
Returns True for success, False for failure.
SleepMs
Convenience method to force the calling thread to sleep for a number of milliseconds.
topSshAuthenticatePk
Authenticates with the SSH server using public-key authentication. The corresponding public key must have been installed on the SSH server for the sshLogin. Authentication will succeed if the matching privateKey is provided.
Important: When reporting problems, please send the full contents of the LastErrorText property to support@chilkatsoft.com.
Returns True for success, False for failure.
topSshAuthenticatePw
Authenticates with the SSH server using a sshLogin and sshPassword. This method is only used for SSH tunneling. The tunnel is established by calling SshOpenTunnel, then (if necessary) authenticated by calling SshAuthenticatePw or SshAuthenticatePk.
Returns True for success, False for failure.
topSshCloseTunnel
Closes the SSH tunnel previously opened by SshOpenTunnel.
Returns True for success, False for failure.
topSshOpenChannel
Opens a new channel within an SSH tunnel. Returns the socket that is connected to the destination host:port through the SSH tunnel via port forwarding. If ssl is True, the connection is TLS (i.e. TLS inside the SSH tunnel). Returns the socket object that is the port-forwarded tunneled connection. Any number of channels may be opened within a single SSH tunnel, and may be port-forwarded to different remote host:port endpoints.
Returns Nothing on failure
SshOpenTunnel
Connects to an SSH server and creates a tunnel for port forwarding. The sshHostname is the hostname (or IP address) of the SSH server. The sshPort is typically 22, which is the standard SSH port number.
An SSH tunneling (port forwarding) session always begins by first calling SshOpenTunnel to connect to the SSH server, followed by calling either SshAuthenticatePw or SshAuthenticatePk to authenticate. A program would then call SshOpenChannel to connect to the destination server (via the SSH tunnel). Any number of channels can be opened over the same SSH tunnel.
Returns True for success, False for failure.
StartTiming
Used in combination with the ElapsedSeconds property, which will contain the number of seconds since the last call to this method. (The StartTiming method and ElapsedSeconds property is provided for convenience.)
topTakeConnection
Takes the connection from sock. If the caller of this method had an open connection, then it will be closed. This method is different than the TakeSocket method because the caller does not become a "socket set".
Returns True for success, False for failure.
topTakeSocket
Takes ownership of the sock. sock is added to the internal set of connected sockets. The caller object is now effectively a "socket set", i.e. a collection of connected and/or listener sockets. Method calls are routed to the internal sockets based on the value of the SelectorIndex property. For example, if SelectorIndex equals 2, then a call to SendBytes is actually a call to SendBytes on the 3rd socket in the set. (Indexing begins at 0.) Likewise, getting and setting properties are also routed to the contained socket based on SelectorIndex. It is possible to wait on a set of sockets for data to arrive on any of them by calling SelectForReading. See the example link below.
Returns True for success, False for failure.
TlsRenegotiate
Initiates a renegotiation of the TLS security parameters. This sends a ClientHello to re-do the TLS handshake to establish new TLS security params.
Returns True for success, False for failure.
topUseSsh
Uses an existing SSH tunnel for the connection. This is an alternative way of establishing a socket connection through an SSH tunnel. There are four ways of running a TCP or SSL/TLS connection through an SSH tunnel:
- UseSsh
- Establish the SSH connection and authenticate using the Chilkat SSH object.
- Call UseSsh to indicate that the connections should be made through the SSH tunnel.
- Call the Connect method to establish the TCP or SSL/TLS connection with a destination host:port. The connection is not direct, but will instead be routed through the SSH tunnel and then port-forwarded (from the SSH server) to the destination host:port. (Had UseSsh not been called, the connection would be direct.)
- SshOpenTunnel
- Call the Socket object's SshOpenTunnel method to connect to an SSH server.
- Call SshAuthenticatePw to authenticate with the SSH server.
- Instead of calling Connect to connect with the destination host:port, the SshOpenChannel method is called to connect via port-forwarding through the SSH tunnel.
- SshTunnel object with dynamic port forwarding
- The Chilkat SSH Tunnel object is utilized to run in a background thread. It connects and authenticates with an SSH server, and then listens at a port chosen by the application, and behaves as a SOCKS5 proxy server.
- The Socket object sets the SOCKS5 proxy host:port to localhost:<port>,
- The Socket's Connect method is called to connect via the SSH Tunnel. The connection is routed through the SSH tunnel via dynamic port forwarding.
- Once the background SSH Tunnel thread is running, it can handle any number of incoming connections from the foreground thread, other threads, or even other programs that are local or remote. Each incoming connection is routed via dynamic port forwarding to it's chosen destnation host:port on it's own logical SSH channel.
- SshTunnel object with hard-coded port forwarding
- The Chilkat SSH Tunnel object is utilized to run in a background thread. It connects and authenticates with an SSH server, and then listens at a port chosen by the application. It does not behave as a SOCKS5 proxy server, but instead has a hard-coded destination host:port.
- The Socket's Connect method is called to connect to localhost:<port>. The connection is automatically port-forwarded through the SSH tunnel to the hard-coded destination host:port.
Returns True for success, False for failure.