LuaSec https.request in Corona SDK

I have my own server to which my app is connected and I want the communication to be over HTTPS.

As stated in this forum thread, the network.* API doesn’t currently support self-signed certificates (although this feature is quite highly voted).

One of the suggestions to go around this issue was to use LuaSec and and wrap a TCP connection with a secured one.

However, this still is no HTTPS. It’s just secured TCP. I still need to HTTP-format the requests on my own. But hey, I’m already using LuaSec, why not use its already existing HTTPS client? Unfortunately, I had no success with that.

So, how do I use LuaSec HTTPS client in Corona SDK?

BTW, I also tried installing Lua, LuaSocket and LuaSec (along with its HTTPS client) on my machine but had no idea how to cause Corona to use them…

Any help appreciated!

Yair

Why do you want to use a self-signed certificate?  You can get CA signed certificates for very low prices or even free…

I tried using www.startssl.com but received 405 error…

I tried using www.cacert.org but got cold feet because of my experience with startssl…

I considered using www.instantssl.com, they have a 90 trial. But I need more than 90 days… And I couldn’t understand what is their renewal policy regarding free certificates.

Also, I want to do several tests using different domains / subdomains / IPs (like dev server) which I’m not sure how all of this is supported (do I need distinct certificates for each subdomain?), and naturally it should be done quick and free.

Do you mean a 405 http error code?  If so, that does not have any relation with SSL. That error means that you are trying to do a operation that is not allowed (example: making a POST to a server that is not configured to receive POST requests).

About testing, one of the advantages of using HTTPS is that all the encryption is done automatically for you and it is totally independent of your code. So, you could develop and test all your app with any server not using SSL and only when you have finished all the development you add the HTTPS on your code and install the SSL certificate on your server.

No no no, wait, the 405 I received was inside startssl’s site itself when trying to register as a user in order to retrieve a certificate… I never got into actually getting it. And that’s a baaad experience I don’t expect to get from a SSL certificate site…

I know about the testing with HTTP and then switching to HTTPS when ready. I’m just ready . I wanted to test my server to see if it’s listening correctly for https requests and responses adequately. And I wanted to test it on subdomains and such…

Ah, got it.

About the 405, I think you may have had bad luck. I once successfully got a certificate there. So, you should try it again.

About the other domains, a SSL Certificate can be issued to validate 1 domain (like www.redbeachgames.com) or several domains. So, CAs have several packages with different prices. One package that is pretty common is the Wildcard SSL certificate, that is when 1 SSL certificate can be used for validating any subdomain variation, like redbeachgames.com, www.redbeachgames.com, news.redbeachgames.com, blog.redbeachgames.com,… Usually we indicate wildcard domain using “*” as *.redbeachgames.com.

My suggestion to you is try the startSSL (although I think they are only free for personal use) and buy one from valid CA. (I bought mine from Namecheap that is a CA reseller).

Tried several times with startssl, could be anything (btw, their detailed error message indicates that it shouldn’t have happened to me if only I were human… :-o )

Your explanation regarding certificates-to-domains relationship is really going to save me time! Special thanks for that

I guess buying a wildcard certificate would be my plan B for the least

So no way I can use LusSec HTTPS client in Corona SDK?

Yes, you can use. But the time that you will spent to learn, make it work and all the overhead added in the code (and potential bugs on Android devices) it is simply not worthwhile in order to save 9 dollars! (the cost of a 1-domain PositiveSSL certificate)

It **is** 9 dollars… Fair enough… I guess that’s what I’ll do…

Thanks for the help!

Why do you want to use a self-signed certificate?  You can get CA signed certificates for very low prices or even free…

I tried using www.startssl.com but received 405 error…

I tried using www.cacert.org but got cold feet because of my experience with startssl…

I considered using www.instantssl.com, they have a 90 trial. But I need more than 90 days… And I couldn’t understand what is their renewal policy regarding free certificates.

Also, I want to do several tests using different domains / subdomains / IPs (like dev server) which I’m not sure how all of this is supported (do I need distinct certificates for each subdomain?), and naturally it should be done quick and free.

Do you mean a 405 http error code?  If so, that does not have any relation with SSL. That error means that you are trying to do a operation that is not allowed (example: making a POST to a server that is not configured to receive POST requests).

About testing, one of the advantages of using HTTPS is that all the encryption is done automatically for you and it is totally independent of your code. So, you could develop and test all your app with any server not using SSL and only when you have finished all the development you add the HTTPS on your code and install the SSL certificate on your server.

No no no, wait, the 405 I received was inside startssl’s site itself when trying to register as a user in order to retrieve a certificate… I never got into actually getting it. And that’s a baaad experience I don’t expect to get from a SSL certificate site…

I know about the testing with HTTP and then switching to HTTPS when ready. I’m just ready . I wanted to test my server to see if it’s listening correctly for https requests and responses adequately. And I wanted to test it on subdomains and such…

Ah, got it.

About the 405, I think you may have had bad luck. I once successfully got a certificate there. So, you should try it again.

About the other domains, a SSL Certificate can be issued to validate 1 domain (like www.redbeachgames.com) or several domains. So, CAs have several packages with different prices. One package that is pretty common is the Wildcard SSL certificate, that is when 1 SSL certificate can be used for validating any subdomain variation, like redbeachgames.com, www.redbeachgames.com, news.redbeachgames.com, blog.redbeachgames.com,… Usually we indicate wildcard domain using “*” as *.redbeachgames.com.

My suggestion to you is try the startSSL (although I think they are only free for personal use) and buy one from valid CA. (I bought mine from Namecheap that is a CA reseller).

Tried several times with startssl, could be anything (btw, their detailed error message indicates that it shouldn’t have happened to me if only I were human… :-o )

Your explanation regarding certificates-to-domains relationship is really going to save me time! Special thanks for that

I guess buying a wildcard certificate would be my plan B for the least

So no way I can use LusSec HTTPS client in Corona SDK?

Yes, you can use. But the time that you will spent to learn, make it work and all the overhead added in the code (and potential bugs on Android devices) it is simply not worthwhile in order to save 9 dollars! (the cost of a 1-domain PositiveSSL certificate)

It **is** 9 dollars… Fair enough… I guess that’s what I’ll do…

Thanks for the help!