DTLSClient Control

Properties   Methods   Events   Config Settings   Errors  

The DTLSClient control provides client-side functionality for secure UDP communication utilizing the Datagram Transport Layer Security (DTLS) protocol.

Syntax

DTLSClient

Remarks

The DTLSClient control functions as a client that facilitates in connecting to DTLS servers and offers a convenient means of transmitting and receiving datagrams over the established, secure connection.

Connecting to a Server

First, the RemoteHost and RemotePort must be set to the address and port of the target DTLS server. The Timeout property can be used to specify a timeout when connecting to the server. To initiate the connection, call Connect.

After doing so, the handshake process will begin. Relevant handshake details will be reported by the SSLStatus event. Initially, the server will present its certificate to the client. The certificate can be evaluated within the SSLServerAuthentication event. By default, the control will provide a recommendation of whether to accept or reject the certificate, and reasoning behind the recommendation. Regardless, the certificate can be manually accepted (or rejected) within this event.

In some cases, the server requires the client to present a certificate as well. In this case, a valid certificate will need to be specified via the SSLCert* properties.

Once the connection is complete (or fails), the Connected event will fire. Note that this event will fire if a connection succeeds or fails. If successful, the event will fire with a StatusCode of 0. If this value is non-zero, it indicates the connection was unsuccessful. The Description parameter will contain relevant details. Upon successful connection, the Connected property will be set to True. This process may look like the following:

dtlsclient.OnConnected += (o, e) => { if (e.StatusCode == 0) { Console.WriteLine("Connection successful!"); } else { Console.WriteLine("Connection failed."); Console.WriteLine("Error code: " + e.StatusCode); Console.WriteLine("Error description: " + e.Description); } }; dtlsclient.OnSSLServerAuthentication += (o, e) => { if (e.Accept) return; Console.Write("Server provided the following certificate:\nIssuer: " + e.CertIssuer + "\nSubject: " + e.CertSubject + "\n"); Console.Write("The following problems have been determined for this certificate: " + e.Status + "\n"); Console.Write("Would you like to accept anyways? [y/n] "); if (Console.Read() == 'y') e.Accept = true; }; dtlsclient.RemoteHost = "remote_ip"; dtlsclient.RemotePort = 1234; dtlsclient.Timeout = 30; // if client authentication is applicable dtlsclient.SSLCert = new Certificate("/path/to/cert.pfx", CertStoreTypes.cstPFXFile, "cert_password", "cert_subject"); dtlsclient.Connect();

Sending and Receiving Data

Once a successful connection is established, the control can send data to the server via SendText or SendBytes.

The control will also be able to receive data from the server via the DataIn event. Note that this event is non-reentrant, and it is recommended to offload time-consuming operations to ensure the best performance.

If required, the PauseData method can be called, disabling the reception of incoming data from the server. Data reception can later be enabled via the ProcessData method. Note that if this reception is disabled, the server may continue sending data, which will remain unprocessed by the control. In this case, the underlying socket buffer may be filled. This can result in possible data loss originating from the server. Please use these methods with caution.

The complete process may look like the following:

dtlsclient.OnSSLServerAuthentication += (o, e) => { e.Accept = true; }; dtlsclient.OnDataIn += (o, e) => { Console.WriteLine("Packet received from server."); Console.WriteLine("Datagram: " + e.Datagram); } dtlsclient.RemoteHost = "remote_ip"; dtlsclient.RemotePort = 1234; dtlsclient.Connect(); dtlsclient.SendText("Hello World!"); while (true) { dtlsclient.DoEvents(); }

Disconnecting from a Server

Once the connection to the server is broken, the Disconnected event will fire. The disconnection can be performed by calling Disconnect, or performed by the server.

In the case a connection ends and an error is encountered, the StatusCode and Description parameters will contain relevant details regarding the error. For example:

dtlsclient.OnDisconnected += (o, e) => { if (e.StatusCode == 0) { Console.WriteLine("Connection ended."); } else { Console.WriteLine("Connection ended."); Console.WriteLine("Error code: " + e.StatusCode); Console.WriteLine("Error description: " + e.Description); } }; dtlsclient.RemoteHost = "remote_ip"; dtlsclient.RemotePort = 1234; dtlsclient.Connect(); ... ... ... dtlsclient.Disconnect();

Additional Information

To support KeepAlive functionality, it is important to note that DoEvents must be called regularly in both console and form-based applications.

For KeepAlive, DoEvents must be called frequently to ensure the control sends keep-alive (or Heartbeat) packets to existing connections in a timely manner.

In form-based applications, this does not apply if KeepAlive is False.

Property List

---

The following is the full list of the properties of the control with short descriptions. Click on the links for further details.

Method List

---

The following is the full list of the methods of the control with short descriptions. Click on the links for further details.

Event List

---

The following is the full list of the events fired by the control with short descriptions. Click on the links for further details.

Config Settings

---

The following is a list of config settings for the control with short descriptions. Click on the links for further details.

AcceptData Property (DTLSClient Control)

This property indicates whether data reception is currently enabled.

Syntax

dtlsclientcontrol.AcceptData

Default Value

True

Remarks

This property indicates whether data reception is currently enabled. When , data reception is disabled and the DataIn event will not fire. Use the PauseData and ProcessData methods to pause and resume data reception.

This property is read-only and not available at design time.

Data Type

Boolean

Connected Property (DTLSClient Control)

This property indicates whether the control is connected.

Syntax

dtlsclientcontrol.Connected

Default Value

False

Remarks

This property indicates whether the control is connected to the remote host. Use the Connect and Disconnect methods to manage the connection.

This property is read-only and not available at design time.

Data Type

Boolean

KeepAlive Property (DTLSClient Control)

When True, keep-alive functionality is enabled via the DTLS Heartbeat Extension.

Syntax

dtlsclientcontrol.KeepAlive[=boolean]

Default Value

False

Remarks

This property enables keep-alive functionality for the established connection via the DTLS Heartbeat Extension (RFC 6520). Enabling this option can prevent a long connection from timing out in case of inactivity.

Note: For this functionality to work as intended, DoEvents must be called frequently in both console and form-based applications (e.g., using a loop or timer).

Additionally, DTLS server implementations are not required to support Heartbeats.

Data Type

Boolean

LocalHost Property (DTLSClient Control)

This property includes the name of the local host or user-assigned IP interface through which connections are initiated or accepted.

Syntax

dtlsclientcontrol.LocalHost[=string]

Default Value

""

Remarks

The LocalHost property contains the name of the local host as obtained by the gethostname() system call, or if the user has assigned an IP address, the value of that address.

In multihomed hosts (machines with more than one IP interface) setting LocalHost to the value of an interface will make the control initiate connections (or accept in the case of server controls) only through that interface.

If the control is connected, the LocalHost property shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multihomed hosts (machines with more than one IP interface).

Note: LocalHost is not persistent. You must always set it in code, and never in the property window.

Data Type

String

LocalPort Property (DTLSClient Control)

This property includes the User Datagram Protocol (UDP) port in the local host where UDP binds.

Syntax

dtlsclientcontrol.LocalPort[=integer]

Default Value

0

Remarks

The LocalPort property must be set before UDP is activated (Active is set to True). This instructs the control to bind to a specific port (or communication endpoint) in the local machine.

Setting it to 0 (default) enables the Transmission Control Protocol (TCP)/IP stack to choose a port at random. The chosen port will be shown by the LocalPort property after the connection is established.

LocalPort cannot be changed once the control is Active. Any attempt to set the LocalPort property when the control is Active will generate an error.

The LocalPort property is useful when trying to connect to services that require a trusted port on the client side.

Data Type

Integer

RemoteHost Property (DTLSClient Control)

This property includes the address of the remote host. Domain names are resolved to IP addresses.

Syntax

dtlsclientcontrol.RemoteHost[=string]

Default Value

""

Remarks

The RemoteHost property specifies the IP address (IP number in dotted internet format) or domain name of the remote host.

If RemoteHost is set to 255.255.255.255, the control broadcasts data on the local subnet.

If the RemoteHost property is set to a domain name, a DNS request is initiated, and upon successful termination of the request, the RemoteHost property is set to the corresponding address. If the search is not successful, an error is returned.

If UseConnection is set to True, the RemoteHost must be set before the control is activated (Active is set to True).

Data Type

String

RemotePort Property (DTLSClient Control)

This property specifies the User Datagram Protocol (UDP) port in the remote host.

Syntax

dtlsclientcontrol.RemotePort[=integer]

Default Value

0

Remarks

The RemotePort is the UDP port on the RemoteHost to send UDP datagrams to.

A valid port number (a value between 1 and 65535) is required.

If UseConnection is set to True, the RemotePort must be set before the control is activated (Active is set to True).

Data Type

Integer

SSLAcceptServerCertEffectiveDate Property (DTLSClient Control)

This is the date on which this certificate becomes valid.

Syntax

dtlsclientcontrol.SSLAcceptServerCertEffectiveDate

Default Value

""

Remarks

This is the date on which this certificate becomes valid. Before this date, it is not valid. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

Data Type

String

SSLAcceptServerCertEncoded Property (DTLSClient Control)

This is the certificate (PEM/base64 encoded).

Syntax

dtlsclientcontrol.SSLAcceptServerCertEncoded[=string]

Default Value

""

Remarks

This is the certificate (PEM/base64 encoded). This property is used to assign a specific certificate. The SSLAcceptServerCertStore and SSLAcceptServerCertSubject properties also may be used to specify a certificate.

When SSLAcceptServerCertEncoded is set, a search is initiated in the current SSLAcceptServerCertStore for the private key of the certificate. If the key is found, SSLAcceptServerCertSubject is updated to reflect the full subject of the selected certificate; otherwise, SSLAcceptServerCertSubject is set to an empty string.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .SSLAcceptServerCertEncodedB.

This property is not available at design time.

Data Type

Binary String

SSLAcceptServerCertExpirationDate Property (DTLSClient Control)

This is the date the certificate expires.

Syntax

dtlsclientcontrol.SSLAcceptServerCertExpirationDate

Default Value

""

Remarks

This is the date the certificate expires. After this date, the certificate will no longer be valid. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

Data Type

String

SSLAcceptServerCertExtendedKeyUsage Property (DTLSClient Control)

This is a comma-delimited list of extended key usage identifiers.

Syntax

dtlsclientcontrol.SSLAcceptServerCertExtendedKeyUsage

Default Value

""

Remarks

This is a comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

Data Type

String

SSLAcceptServerCertFingerprint Property (DTLSClient Control)

This is the hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

dtlsclientcontrol.SSLAcceptServerCertFingerprint

Default Value

""

Remarks

This is the hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

Data Type

String

SSLAcceptServerCertFingerprintSHA1 Property (DTLSClient Control)

This is the hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

dtlsclientcontrol.SSLAcceptServerCertFingerprintSHA1

Default Value

""

Remarks

This is the hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

Data Type

String

SSLAcceptServerCertFingerprintSHA256 Property (DTLSClient Control)

This is the hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

dtlsclientcontrol.SSLAcceptServerCertFingerprintSHA256

Default Value

""

Remarks

This is the hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

Data Type

String

SSLAcceptServerCertIssuer Property (DTLSClient Control)

This is the issuer of the certificate.

Syntax

dtlsclientcontrol.SSLAcceptServerCertIssuer

Default Value

""

Remarks

This is the issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

Data Type

String

SSLAcceptServerCertPrivateKey Property (DTLSClient Control)

This is the private key of the certificate (if available).

Syntax

dtlsclientcontrol.SSLAcceptServerCertPrivateKey

Default Value

""

Remarks

This is the private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The SSLAcceptServerCertPrivateKey may be available but not exportable. In this case, SSLAcceptServerCertPrivateKey returns an empty string.

This property is read-only.

Data Type

String

SSLAcceptServerCertPrivateKeyAvailable Property (DTLSClient Control)

This property shows whether a PrivateKey is available for the selected certificate.

Syntax

dtlsclientcontrol.SSLAcceptServerCertPrivateKeyAvailable

Default Value

False

Remarks

This property shows whether a SSLAcceptServerCertPrivateKey is available for the selected certificate. If SSLAcceptServerCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

Data Type

Boolean

SSLAcceptServerCertPrivateKeyContainer Property (DTLSClient Control)

This is the name of the PrivateKey container for the certificate (if available).

Syntax

dtlsclientcontrol.SSLAcceptServerCertPrivateKeyContainer

Default Value

""

Remarks

This is the name of the SSLAcceptServerCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

Data Type

String

SSLAcceptServerCertPublicKey Property (DTLSClient Control)

This is the public key of the certificate.

Syntax

dtlsclientcontrol.SSLAcceptServerCertPublicKey

Default Value

""

Remarks

This is the public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

Data Type

String

SSLAcceptServerCertPublicKeyAlgorithm Property (DTLSClient Control)

This property contains the textual description of the certificate's public key algorithm.

Syntax

dtlsclientcontrol.SSLAcceptServerCertPublicKeyAlgorithm

Default Value

""

Remarks

This property contains the textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLAcceptServerCertPublicKeyLength Property (DTLSClient Control)

This is the length of the certificate's public key (in bits).

Syntax

dtlsclientcontrol.SSLAcceptServerCertPublicKeyLength

Default Value

0

Remarks

This is the length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

Data Type

Integer

SSLAcceptServerCertSerialNumber Property (DTLSClient Control)

This is the serial number of the certificate encoded as a string.

Syntax

dtlsclientcontrol.SSLAcceptServerCertSerialNumber

Default Value

""

Remarks

This is the serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

Data Type

String

SSLAcceptServerCertSignatureAlgorithm Property (DTLSClient Control)

The property contains the text description of the certificate's signature algorithm.

Syntax

dtlsclientcontrol.SSLAcceptServerCertSignatureAlgorithm

Default Value

""

Remarks

The property contains the text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLAcceptServerCertStore Property (DTLSClient Control)

This is the name of the certificate store for the client certificate.

Syntax

dtlsclientcontrol.SSLAcceptServerCertStore[=string]

Default Value

"MY"

Remarks

This is the name of the certificate store for the client certificate.

The SSLAcceptServerCertStoreType property denotes the type of the certificate store specified by SSLAcceptServerCertStore. If the store is password protected, specify the password in SSLAcceptServerCertStorePassword.

SSLAcceptServerCertStore is used in conjunction with the SSLAcceptServerCertSubject property to specify client certificates. If SSLAcceptServerCertStore has a value, and SSLAcceptServerCertSubject or SSLAcceptServerCertEncoded is set, a search for a certificate is initiated. Please see the SSLAcceptServerCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is PFXFile, this property must be set to the name of the file. When the type is PFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS12 certificate store).

To read or write binary data to the property, a Variant (Byte Array) version is provided in .SSLAcceptServerCertStoreB.

Data Type

Binary String

SSLAcceptServerCertStorePassword Property (DTLSClient Control)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

dtlsclientcontrol.SSLAcceptServerCertStorePassword[=string]

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Data Type

String

SSLAcceptServerCertStoreType Property (DTLSClient Control)

This is the type of certificate store for this certificate.

Syntax

dtlsclientcontrol.SSLAcceptServerCertStoreType[=integer]

Possible Values

cstUser(0), 
cstMachine(1), 
cstPFXFile(2), 
cstPFXBlob(3), 
cstJKSFile(4), 
cstJKSBlob(5), 
cstPEMKeyFile(6), 
cstPEMKeyBlob(7), 
cstPublicKeyFile(8), 
cstPublicKeyBlob(9), 
cstSSHPublicKeyBlob(10), 
cstP7BFile(11), 
cstP7BBlob(12), 
cstSSHPublicKeyFile(13), 
cstPPKFile(14), 
cstPPKBlob(15), 
cstXMLFile(16), 
cstXMLBlob(17), 
cstJWKFile(18), 
cstJWKBlob(19), 
cstSecurityKey(20), 
cstBCFKSFile(21), 
cstBCFKSBlob(22), 
cstPKCS11(23), 
cstAuto(99)

Default Value

0

Remarks

This is the type of certificate store for this certificate.

The control supports both public and private keys in a variety of formats. When the cstAuto value is used, the control will automatically determine the type. This property can take one of the following values:

Data Type

Integer

SSLAcceptServerCertSubject Property (DTLSClient Control)

This is the subject of the certificate used for client authentication.

Syntax

dtlsclientcontrol.SSLAcceptServerCertSubject[=string]

Default Value

""

Remarks

This is the subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, or E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

Data Type

String

SSLAcceptServerCertSubjectAltNames Property (DTLSClient Control)

This property contains comma-separated lists of alternative subject names for the certificate.

Syntax

dtlsclientcontrol.SSLAcceptServerCertSubjectAltNames

Default Value

""

Remarks

This property contains comma-separated lists of alternative subject names for the certificate.

This property is read-only.

Data Type

String

SSLAcceptServerCertThumbprintMD5 Property (DTLSClient Control)

This property contains the MD5 hash of the certificate.

Syntax

dtlsclientcontrol.SSLAcceptServerCertThumbprintMD5

Default Value

""

Remarks

This property contains the MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLAcceptServerCertThumbprintSHA1 Property (DTLSClient Control)

This property contains the SHA-1 hash of the certificate.

Syntax

dtlsclientcontrol.SSLAcceptServerCertThumbprintSHA1

Default Value

""

Remarks

This property contains the SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLAcceptServerCertThumbprintSHA256 Property (DTLSClient Control)

This property contains the SHA-256 hash of the certificate.

Syntax

dtlsclientcontrol.SSLAcceptServerCertThumbprintSHA256

Default Value

""

Remarks

This property contains the SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLAcceptServerCertUsage Property (DTLSClient Control)

This property contains the text description of UsageFlags .

Syntax

dtlsclientcontrol.SSLAcceptServerCertUsage

Default Value

""

Remarks

This property contains the text description of SSLAcceptServerCertUsageFlags.

This value will be of one or more of the following strings and will be separated by commas:

• Digital Signatures
• Key Authentication
• Key Encryption
• Data Encryption
• Key Agreement
• Certificate Signing
• Key Signing

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

Data Type

String

SSLAcceptServerCertUsageFlags Property (DTLSClient Control)

This property contains the flags that show intended use for the certificate.

Syntax

dtlsclientcontrol.SSLAcceptServerCertUsageFlags

Default Value

0

Remarks

This property contains the flags that show intended use for the certificate. The value of SSLAcceptServerCertUsageFlags is a combination of the following flags:

Please see the SSLAcceptServerCertUsage property for a text representation of SSLAcceptServerCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

Data Type

Integer

SSLAcceptServerCertVersion Property (DTLSClient Control)

This property contains the certificate's version number.

Syntax

dtlsclientcontrol.SSLAcceptServerCertVersion

Default Value

""

Remarks

This property contains the certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

Data Type

String

SSLCertEffectiveDate Property (DTLSClient Control)

This is the date on which this certificate becomes valid.

Syntax

dtlsclientcontrol.SSLCertEffectiveDate

Default Value

""

Remarks

This is the date on which this certificate becomes valid. Before this date, it is not valid. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

Data Type

String

SSLCertEncoded Property (DTLSClient Control)

This is the certificate (PEM/base64 encoded).

Syntax

dtlsclientcontrol.SSLCertEncoded[=string]

Default Value

""

Remarks

This is the certificate (PEM/base64 encoded). This property is used to assign a specific certificate. The SSLCertStore and SSLCertSubject properties also may be used to specify a certificate.

When SSLCertEncoded is set, a search is initiated in the current SSLCertStore for the private key of the certificate. If the key is found, SSLCertSubject is updated to reflect the full subject of the selected certificate; otherwise, SSLCertSubject is set to an empty string.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .SSLCertEncodedB.

This property is not available at design time.

Data Type

Binary String

SSLCertExpirationDate Property (DTLSClient Control)

This is the date the certificate expires.

Syntax

dtlsclientcontrol.SSLCertExpirationDate

Default Value

""

Remarks

This is the date the certificate expires. After this date, the certificate will no longer be valid. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

Data Type

String

SSLCertExtendedKeyUsage Property (DTLSClient Control)

This is a comma-delimited list of extended key usage identifiers.

Syntax

dtlsclientcontrol.SSLCertExtendedKeyUsage

Default Value

""

Remarks

This is a comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

Data Type

String

SSLCertFingerprint Property (DTLSClient Control)

This is the hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

dtlsclientcontrol.SSLCertFingerprint

Default Value

""

Remarks

This is the hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

Data Type

String

SSLCertFingerprintSHA1 Property (DTLSClient Control)

This is the hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

dtlsclientcontrol.SSLCertFingerprintSHA1

Default Value

""

Remarks

This is the hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

Data Type

String

SSLCertFingerprintSHA256 Property (DTLSClient Control)

This is the hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

dtlsclientcontrol.SSLCertFingerprintSHA256

Default Value

""

Remarks

This is the hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

Data Type

String

SSLCertIssuer Property (DTLSClient Control)

This is the issuer of the certificate.

Syntax

dtlsclientcontrol.SSLCertIssuer

Default Value

""

Remarks

This is the issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

Data Type

String

SSLCertPrivateKey Property (DTLSClient Control)

This is the private key of the certificate (if available).

Syntax

dtlsclientcontrol.SSLCertPrivateKey

Default Value

""

Remarks

This is the private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The SSLCertPrivateKey may be available but not exportable. In this case, SSLCertPrivateKey returns an empty string.

This property is read-only.

Data Type

String

SSLCertPrivateKeyAvailable Property (DTLSClient Control)

This property shows whether a PrivateKey is available for the selected certificate.

Syntax

dtlsclientcontrol.SSLCertPrivateKeyAvailable

Default Value

False

Remarks

This property shows whether a SSLCertPrivateKey is available for the selected certificate. If SSLCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

Data Type

Boolean

SSLCertPrivateKeyContainer Property (DTLSClient Control)

This is the name of the PrivateKey container for the certificate (if available).

Syntax

dtlsclientcontrol.SSLCertPrivateKeyContainer

Default Value

""

Remarks

This is the name of the SSLCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

Data Type

String

SSLCertPublicKey Property (DTLSClient Control)

This is the public key of the certificate.

Syntax

dtlsclientcontrol.SSLCertPublicKey

Default Value

""

Remarks

This is the public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

Data Type

String

SSLCertPublicKeyAlgorithm Property (DTLSClient Control)

This property contains the textual description of the certificate's public key algorithm.

Syntax

dtlsclientcontrol.SSLCertPublicKeyAlgorithm

Default Value

""

Remarks

This property contains the textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLCertPublicKeyLength Property (DTLSClient Control)

This is the length of the certificate's public key (in bits).

Syntax

dtlsclientcontrol.SSLCertPublicKeyLength

Default Value

0

Remarks

This is the length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

Data Type

Integer

SSLCertSerialNumber Property (DTLSClient Control)

This is the serial number of the certificate encoded as a string.

Syntax

dtlsclientcontrol.SSLCertSerialNumber

Default Value

""

Remarks

This is the serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

Data Type

String

SSLCertSignatureAlgorithm Property (DTLSClient Control)

The property contains the text description of the certificate's signature algorithm.

Syntax

dtlsclientcontrol.SSLCertSignatureAlgorithm

Default Value

""

Remarks

The property contains the text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLCertStore Property (DTLSClient Control)

This is the name of the certificate store for the client certificate.

Syntax

dtlsclientcontrol.SSLCertStore[=string]

Default Value

"MY"

Remarks

This is the name of the certificate store for the client certificate.

The SSLCertStoreType property denotes the type of the certificate store specified by SSLCertStore. If the store is password protected, specify the password in SSLCertStorePassword.

SSLCertStore is used in conjunction with the SSLCertSubject property to specify client certificates. If SSLCertStore has a value, and SSLCertSubject or SSLCertEncoded is set, a search for a certificate is initiated. Please see the SSLCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is PFXFile, this property must be set to the name of the file. When the type is PFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS12 certificate store).

To read or write binary data to the property, a Variant (Byte Array) version is provided in .SSLCertStoreB.

Data Type

Binary String

SSLCertStorePassword Property (DTLSClient Control)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

dtlsclientcontrol.SSLCertStorePassword[=string]

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Data Type

String

SSLCertStoreType Property (DTLSClient Control)

This is the type of certificate store for this certificate.

Syntax

dtlsclientcontrol.SSLCertStoreType[=integer]

Possible Values

cstUser(0), 
cstMachine(1), 
cstPFXFile(2), 
cstPFXBlob(3), 
cstJKSFile(4), 
cstJKSBlob(5), 
cstPEMKeyFile(6), 
cstPEMKeyBlob(7), 
cstPublicKeyFile(8), 
cstPublicKeyBlob(9), 
cstSSHPublicKeyBlob(10), 
cstP7BFile(11), 
cstP7BBlob(12), 
cstSSHPublicKeyFile(13), 
cstPPKFile(14), 
cstPPKBlob(15), 
cstXMLFile(16), 
cstXMLBlob(17), 
cstJWKFile(18), 
cstJWKBlob(19), 
cstSecurityKey(20), 
cstBCFKSFile(21), 
cstBCFKSBlob(22), 
cstPKCS11(23), 
cstAuto(99)

Default Value

0

Remarks

This is the type of certificate store for this certificate.

The control supports both public and private keys in a variety of formats. When the cstAuto value is used, the control will automatically determine the type. This property can take one of the following values:

Data Type

Integer

SSLCertSubject Property (DTLSClient Control)

This is the subject of the certificate used for client authentication.

Syntax

dtlsclientcontrol.SSLCertSubject[=string]

Default Value

""

Remarks

This is the subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, or E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

Data Type

String

SSLCertSubjectAltNames Property (DTLSClient Control)

This property contains comma-separated lists of alternative subject names for the certificate.

Syntax

dtlsclientcontrol.SSLCertSubjectAltNames

Default Value

""

Remarks

This property contains comma-separated lists of alternative subject names for the certificate.

This property is read-only.

Data Type

String

SSLCertThumbprintMD5 Property (DTLSClient Control)

This property contains the MD5 hash of the certificate.

Syntax

dtlsclientcontrol.SSLCertThumbprintMD5

Default Value

""

Remarks

This property contains the MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLCertThumbprintSHA1 Property (DTLSClient Control)

This property contains the SHA-1 hash of the certificate.

Syntax

dtlsclientcontrol.SSLCertThumbprintSHA1

Default Value

""

Remarks

This property contains the SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLCertThumbprintSHA256 Property (DTLSClient Control)

This property contains the SHA-256 hash of the certificate.

Syntax

dtlsclientcontrol.SSLCertThumbprintSHA256

Default Value

""

Remarks

This property contains the SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLCertUsage Property (DTLSClient Control)

This property contains the text description of UsageFlags .

Syntax

dtlsclientcontrol.SSLCertUsage

Default Value

""

Remarks

This property contains the text description of SSLCertUsageFlags.

This value will be of one or more of the following strings and will be separated by commas:

• Digital Signatures
• Key Authentication
• Key Encryption
• Data Encryption
• Key Agreement
• Certificate Signing
• Key Signing

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

Data Type

String

SSLCertUsageFlags Property (DTLSClient Control)

This property contains the flags that show intended use for the certificate.

Syntax

dtlsclientcontrol.SSLCertUsageFlags

Default Value

0

Remarks

This property contains the flags that show intended use for the certificate. The value of SSLCertUsageFlags is a combination of the following flags:

Please see the SSLCertUsage property for a text representation of SSLCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

Data Type

Integer

SSLCertVersion Property (DTLSClient Control)

This property contains the certificate's version number.

Syntax

dtlsclientcontrol.SSLCertVersion

Default Value

""

Remarks

This property contains the certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

Data Type

String

Timeout Property (DTLSClient Control)

This property specifies a timeout when connecting to a server.

Syntax

dtlsclientcontrol.Timeout[=integer]

Default Value

60

Remarks

This property specifies a timeout when connecting to a server. When calling Connect, if the connection is not established within Timeout seconds, an error is thrown.

Data Type

Integer

Config Method (DTLSClient Control)

This method sets or retrieves a configuration setting.

Syntax

dtlsclientcontrol.Config ConfigurationString

Remarks

Config is a generic method available in every control. It is used to set and retrieve configuration settings for the control.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the control, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

Connect Method (DTLSClient Control)

This method connects to a remote host.

Syntax

dtlsclientcontrol.Connect 

Remarks

This method connects to the remote host specified by RemoteHost and RemotePort. For instance: component.RemoteHost = "MyHostNameOrIP"; component.RemotePort = 7777; component.Connect();

Disconnect Method (DTLSClient Control)

This method disconnects from the remote host.

Syntax

dtlsclientcontrol.Disconnect 

Remarks

This method disconnects from the remote host. Calling this method is equivalent to setting the Connected property to False.

DoEvents Method (DTLSClient Control)

This method processes events from the internal message queue.

Syntax

dtlsclientcontrol.DoEvents 

Remarks

When DoEvents is called, the control processes any available events. If no events are available, it waits for a preset period of time, and then returns.

PauseData Method (DTLSClient Control)

This method pauses data reception.

Syntax

dtlsclientcontrol.PauseData 

Remarks

This method pauses data reception when called. While data reception is paused, the DataIn event will not fire. Call ProcessData to reenable data reception.

ProcessData Method (DTLSClient Control)

This method reenables data reception after a call to PauseData .

Syntax

dtlsclientcontrol.ProcessData 

Remarks

This method reenables data reception after a previous call to PauseData. When PauseData is called, the DataIn event will not fire. To reenable data reception and allow DataIn to fire, call this method.

Note: This method is used only after previously calling PauseData. It does not need to be called to process incoming data by default.

Reset Method (DTLSClient Control)

This method will reset the control.

Syntax

dtlsclientcontrol.Reset 

Remarks

This method will reset the control's properties to their default values.

SendBytes Method (DTLSClient Control)

This method sends binary data to the remote host.

Syntax

dtlsclientcontrol.SendBytes Data

Remarks

This method sends the specified binary data to the remote host. For example:

byte[] dataToSend = new byte[] { 72, 101, 108, 108, 111, 32, 87, 111, 114, 108, 100, 33 }; dtlsclient.SendBytes(dataToSend);

To send text, use the SendText method instead.

SendText Method (DTLSClient Control)

This method sends text to the remote host.

Syntax

dtlsclientcontrol.SendText Text

Remarks

This method sends the specified text to the remote host. For example:

dtlsclient.onSSLServerAuthentication += (o, e) => { e.Accept = true; }; dtlsclient.RemotePort = 8765; dtlsclient.RemoteHost = "HostNameOrIPAddress"; dtlsclient.Connect(); dtlsclient.SendText("Hello!");

To send binary data, use the SendBytes method instead.

Connected Event (DTLSClient Control)

This event is fired immediately after a connection completes (or fails).

Syntax

Sub dtlsclientcontrol_Connected(Address As String, Port As Integer, StatusCode As Integer, Description As String)

Remarks

This event is fired immediately after a connection completes (or fails).

If the connection is made normally, StatusCode is 0 and Description is "OK".

If the connection is broken for any other reason, StatusCode will be non-zero, and the Description parameter will contain a description of this code.

DataIn Event (DTLSClient Control)

This event is fired when data are received.

Syntax

Sub dtlsclientcontrol_DataIn(Datagram As String, SourceAddress As String, SourcePort As Integer)

Remarks

The DataIn event is fired every time a new datagram is received.

Datagram contains the packet as sent by the remote host.

SourceAddress contains the IP number (Internet address) of the remote host, and SourcePort contains the port from which the packet originated.

Note: Events are not re-entrant. Performing time-consuming operations within this event will prevent it from firing again in a timely manner and may affect overall performance.

Disconnected Event (DTLSClient Control)

This event is fired when a connection is closed.

Syntax

Sub dtlsclientcontrol_Disconnected(Address As String, Port As Integer, StatusCode As Integer, Description As String)

Remarks

This event is fired when a connection is closed.

If the connection is broken normally, StatusCode is 0 and Description is "OK".

If the connection is broken for any other reason, StatusCode will be non-zero, and the Description parameter will contain a description of this code.

Error Event (DTLSClient Control)

This event is fired for information about errors during data delivery.

Syntax

Sub dtlsclientcontrol_Error(ErrorCode As Integer, Description As String)

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the control fails with an error.

ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

Log Event (DTLSClient Control)

This event fires once for each log message.

Syntax

Sub dtlsclientcontrol_Log(LogLevel As Integer, Message As String, LogType As String)

Remarks

This event fires once for each log message generated by the control. The verbosity is controlled by the LogLevel setting.

LogLevel indicates the level of message. Possible values are as follows:

The value 1 (Info) logs basic information, including users logging in and out, files transferred, and directories listed.

The value 2 (Verbose) includes logs from the PITrail event as well as basic information about data transfer channels.

The value 3 (Debug) logs additional debug information, such as extended socket connection and data transfer information.

Message is the log entry.

LogType identifies the type of log entry. Possible values are as follows:

• "Info"
• "Error"
• "Verbose"
• "Debug"

SSLServerAuthentication Event (DTLSClient Control)

This event is fired after the server presents its certificate to the client.

Syntax

Sub dtlsclientcontrol_SSLServerAuthentication(SourceAddress As String, SourcePort As Integer, CertEncoded As String, CertSubject As String, CertIssuer As String, Status As String, Accept As Boolean)

Remarks

This event is fired after the server presents its certificate to the client.

During this event, the client can decide whether or not to continue with the connection process. The Accept parameter is a recommendation on whether to continue or close the connection. This is just a suggestion: application software must use its own logic to determine whether or not to continue.

When Accept is False, Status shows why the verification failed (otherwise, Status contains the string OK). If it is decided to continue, you can override and accept the certificate by setting the Accept parameter to True.

SSLStatus Event (DTLSClient Control)

This event shows the progress of the secure connection.

Syntax

Sub dtlsclientcontrol_SSLStatus(Message As String)

Remarks

The event is fired for informational and logging purposes only. This event tracks the progress of the connection.

Config Settings (DTLSClient Control)

The control accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the control, access to these internal properties is provided through the Config method.

DTLSClient Config Settings

UDP Config Settings

Socket Config Settings

Base Config Settings

Trappable Errors (DTLSClient Control)

DTLSClient Errors