DTLSClient Component

Properties   Methods   Events   Config Settings   Errors  

The DTLSClient component provides client-side functionality for secure UDP communication utilizing the Datagram Transport Layer Security (DTLS) protocol.

Syntax

TipdDTLSClient

Remarks

The DTLSClient component functions as a client that facilitates in connecting to DTLS servers and offers a convenient means of transmitting and receiving datagrams over the established, secure connection.

Connecting to a Server

First, the RemoteHost and RemotePort must be set to the address and port of the target DTLS server. The Timeout property can be used to specify a timeout when connecting to the server. To initiate the connection, call Connect.

After doing so, the handshake process will begin. Relevant handshake details will be reported by the SSLStatus event. Initially, the server will present its certificate to the client. The certificate can be evaluated within the SSLServerAuthentication event. By default, the component will provide a recommendation of whether to accept or reject the certificate, and reasoning behind the recommendation. Regardless, the certificate can be manually accepted (or rejected) within this event.

In some cases, the server requires the client to present a certificate as well. In this case, a valid certificate will need to be specified via the SSLCert* properties.

Once the connection is complete (or fails), the Connected event will fire. Note that this event will fire if a connection succeeds or fails. If successful, the event will fire with a StatusCode of 0. If this value is non-zero, it indicates the connection was unsuccessful. The Description parameter will contain relevant details. Upon successful connection, the Connected property will be set to True. This process may look like the following:

dtlsclient.OnConnected += (o, e) => { if (e.StatusCode == 0) { Console.WriteLine("Connection successful!"); } else { Console.WriteLine("Connection failed."); Console.WriteLine("Error code: " + e.StatusCode); Console.WriteLine("Error description: " + e.Description); } }; dtlsclient.OnSSLServerAuthentication += (o, e) => { if (e.Accept) return; Console.Write("Server provided the following certificate:\nIssuer: " + e.CertIssuer + "\nSubject: " + e.CertSubject + "\n"); Console.Write("The following problems have been determined for this certificate: " + e.Status + "\n"); Console.Write("Would you like to accept anyways? [y/n] "); if (Console.Read() == 'y') e.Accept = true; }; dtlsclient.RemoteHost = "remote_ip"; dtlsclient.RemotePort = 1234; dtlsclient.Timeout = 30; // if client authentication is applicable dtlsclient.SSLCert = new Certificate("/path/to/cert.pfx", CertStoreTypes.cstPFXFile, "cert_password", "cert_subject"); dtlsclient.Connect();

Sending and Receiving Data

Once a successful connection is established, the component can send data to the server via SendText or SendBytes.

The component will also be able to receive data from the server via the DataIn event. Note that this event is non-reentrant, and it is recommended to offload time-consuming operations to ensure the best performance.

If required, the PauseData method can be called, disabling the reception of incoming data from the server. Data reception can later be enabled via the ProcessData method. Note that if this reception is disabled, the server may continue sending data, which will remain unprocessed by the component. In this case, the underlying socket buffer may be filled. This can result in possible data loss originating from the server. Please use these methods with caution.

The complete process may look like the following:

dtlsclient.OnSSLServerAuthentication += (o, e) => { e.Accept = true; }; dtlsclient.OnDataIn += (o, e) => { Console.WriteLine("Packet received from server."); Console.WriteLine("Datagram: " + e.Datagram); } dtlsclient.RemoteHost = "remote_ip"; dtlsclient.RemotePort = 1234; dtlsclient.Connect(); dtlsclient.SendText("Hello World!"); while (true) { dtlsclient.DoEvents(); }

Disconnecting from a Server

Once the connection to the server is broken, the Disconnected event will fire. The disconnection can be performed by calling Disconnect, or performed by the server.

In the case a connection ends and an error is encountered, the StatusCode and Description parameters will contain relevant details regarding the error. For example:

dtlsclient.OnDisconnected += (o, e) => { if (e.StatusCode == 0) { Console.WriteLine("Connection ended."); } else { Console.WriteLine("Connection ended."); Console.WriteLine("Error code: " + e.StatusCode); Console.WriteLine("Error description: " + e.Description); } }; dtlsclient.RemoteHost = "remote_ip"; dtlsclient.RemotePort = 1234; dtlsclient.Connect(); ... ... ... dtlsclient.Disconnect();

Additional Information

To support KeepAlive functionality, it is important to note that DoEvents must be called regularly in both console and form-based applications.

For KeepAlive, DoEvents must be called frequently to ensure the component sends keep-alive (or Heartbeat) packets to existing connections in a timely manner.

In form-based applications, this does not apply if KeepAlive is False.

Property List

---

The following is the full list of the properties of the component with short descriptions. Click on the links for further details.

Method List

---

The following is the full list of the methods of the component with short descriptions. Click on the links for further details.

Event List

---

The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.

Config Settings

---

The following is a list of config settings for the component with short descriptions. Click on the links for further details.

AcceptData Property (DTLSClient Component)

This property indicates whether data reception is currently enabled.

Syntax

property AcceptData: Boolean read get_AcceptData;

Default Value

true

Remarks

This property indicates whether data reception is currently enabled. When False, data reception is disabled and the DataIn event will not fire. Use the PauseData and ProcessData methods to pause and resume data reception.

This property is read-only and not available at design time.

Connected Property (DTLSClient Component)

This property indicates whether the component is connected.

Syntax

property Connected: Boolean read get_Connected;

Default Value

false

Remarks

This property indicates whether the component is connected to the remote host. Use the Connect and Disconnect methods to manage the connection.

This property is read-only and not available at design time.

KeepAlive Property (DTLSClient Component)

When True, keep-alive functionality is enabled via the DTLS Heartbeat Extension.

Syntax

property KeepAlive: Boolean read get_KeepAlive write set_KeepAlive;

Default Value

false

Remarks

This property enables keep-alive functionality for the established connection via the DTLS Heartbeat Extension (RFC 6520). Enabling this option can prevent a long connection from timing out in case of inactivity.

Note: For this functionality to work as intended, DoEvents must be called frequently in both console and form-based applications (e.g., using a loop or timer).

Additionally, DTLS server implementations are not required to support Heartbeats.

LocalHost Property (DTLSClient Component)

This property includes the name of the local host or user-assigned IP interface through which connections are initiated or accepted.

Syntax

property LocalHost: String read get_LocalHost write set_LocalHost;

Default Value

''

Remarks

The LocalHost property contains the name of the local host as obtained by the gethostname() system call, or if the user has assigned an IP address, the value of that address.

In multihomed hosts (machines with more than one IP interface) setting LocalHost to the value of an interface will make the component initiate connections (or accept in the case of server components) only through that interface.

If the component is connected, the LocalHost property shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multihomed hosts (machines with more than one IP interface).

Note: LocalHost is not persistent. You must always set it in code, and never in the property window.

LocalPort Property (DTLSClient Component)

This property includes the User Datagram Protocol (UDP) port in the local host where UDP binds.

Syntax

property LocalPort: Integer read get_LocalPort write set_LocalPort;

Default Value

0

Remarks

The LocalPort property must be set before UDP is activated (Active is set to True). This instructs the component to bind to a specific port (or communication endpoint) in the local machine.

Setting it to 0 (default) enables the Transmission Control Protocol (TCP)/IP stack to choose a port at random. The chosen port will be shown by the LocalPort property after the connection is established.

LocalPort cannot be changed once the component is Active. Any attempt to set the LocalPort property when the component is Active will generate an error.

The LocalPort property is useful when trying to connect to services that require a trusted port on the client side.

RemoteHost Property (DTLSClient Component)

This property includes the address of the remote host. Domain names are resolved to IP addresses.

Syntax

property RemoteHost: String read get_RemoteHost write set_RemoteHost;

Default Value

''

Remarks

The RemoteHost property specifies the IP address (IP number in dotted internet format) or domain name of the remote host.

If RemoteHost is set to 255.255.255.255, the component broadcasts data on the local subnet.

If the RemoteHost property is set to a domain name, a DNS request is initiated, and upon successful termination of the request, the RemoteHost property is set to the corresponding address. If the search is not successful, an error is returned.

If UseConnection is set to True, the RemoteHost must be set before the component is activated (Active is set to True).

RemotePort Property (DTLSClient Component)

This property specifies the User Datagram Protocol (UDP) port in the remote host.

Syntax

property RemotePort: Integer read get_RemotePort write set_RemotePort;

Default Value

0

Remarks

The RemotePort is the UDP port on the RemoteHost to send UDP datagrams to.

A valid port number (a value between 1 and 65535) is required.

If UseConnection is set to True, the RemotePort must be set before the component is activated (Active is set to True).

SSLAcceptServerCert Property (DTLSClient Component)

This property instructs the component to unconditionally accept the server certificate that matches the supplied certificate.

Syntax

property SSLAcceptServerCert: TipdCertificate read get_SSLAcceptServerCert write set_SSLAcceptServerCert;

Remarks

If it finds any issues with the certificate presented by the server, the component will normally terminate the connection with an error.

You may override this behavior by supplying a value for SSLAcceptServerCert. If the certificate supplied in SSLAcceptServerCert is the same as the certificate presented by the server, then the server certificate is accepted unconditionally, and the connection will continue normally.

Note: This functionality is provided only for cases in which you otherwise know that you are communicating with the right server. If used improperly, this property may create a security breach. Use it at your own risk.

Please refer to the Certificate type for a complete list of fields.

SSLCert Property (DTLSClient Component)

This property includes the certificate to be used during Secure Sockets Layer (SSL) negotiation.

Syntax

property SSLCert: TipdCertificate read get_SSLCert write set_SSLCert;

Remarks

This property includes the digital certificate that the component will use during SSL negotiation. Set this property to a valid certificate before starting SSL negotiation. To set a certificate, you may set the Encoded field to the encoded certificate. To select a certificate, use the store and subject fields.

Please refer to the Certificate type for a complete list of fields.

Timeout Property (DTLSClient Component)

This property specifies a timeout when connecting to a server.

Syntax

property Timeout: Integer read get_Timeout write set_Timeout;

Default Value

60

Remarks

This property specifies a timeout when connecting to a server. When calling Connect, if the connection is not established within Timeout seconds, an error is thrown.

Config Method (DTLSClient Component)

This method sets or retrieves a configuration setting.

Syntax

function Config(ConfigurationString: String): String;

Remarks

Config is a generic method available in every component. It is used to set and retrieve configuration settings for the component.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

Connect Method (DTLSClient Component)

This method connects to a remote host.

Syntax

procedure Connect();

Remarks

This method connects to the remote host specified by RemoteHost and RemotePort. For instance: component.RemoteHost = "MyHostNameOrIP"; component.RemotePort = 7777; component.Connect();

Disconnect Method (DTLSClient Component)

This method disconnects from the remote host.

Syntax

procedure Disconnect();

Remarks

This method disconnects from the remote host. Calling this method is equivalent to setting the Connected property to False.

DoEvents Method (DTLSClient Component)

This method processes events from the internal message queue.

Syntax

procedure DoEvents();

Remarks

When DoEvents is called, the component processes any available events. If no events are available, it waits for a preset period of time, and then returns.

PauseData Method (DTLSClient Component)

This method pauses data reception.

Syntax

procedure PauseData();

Remarks

This method pauses data reception when called. While data reception is paused, the DataIn event will not fire. Call ProcessData to reenable data reception.

ProcessData Method (DTLSClient Component)

This method reenables data reception after a call to PauseData .

Syntax

procedure ProcessData();

Remarks

This method reenables data reception after a previous call to PauseData. When PauseData is called, the DataIn event will not fire. To reenable data reception and allow DataIn to fire, call this method.

Note: This method is used only after previously calling PauseData. It does not need to be called to process incoming data by default.

Reset Method (DTLSClient Component)

This method will reset the component.

Syntax

procedure Reset();

Remarks

This method will reset the component's properties to their default values.

SendBytes Method (DTLSClient Component)

This method sends binary data to the remote host.

Syntax

procedure SendBytes(Data: TBytes);

Remarks

This method sends the specified binary data to the remote host. For example:

byte[] dataToSend = new byte[] { 72, 101, 108, 108, 111, 32, 87, 111, 114, 108, 100, 33 }; dtlsclient.SendBytes(dataToSend);

To send text, use the SendText method instead.

SendText Method (DTLSClient Component)

This method sends text to the remote host.

Syntax

procedure SendText(Text: String);

Remarks

This method sends the specified text to the remote host. For example:

dtlsclient.onSSLServerAuthentication += (o, e) => { e.Accept = true; }; dtlsclient.RemotePort = 8765; dtlsclient.RemoteHost = "HostNameOrIPAddress"; dtlsclient.Connect(); dtlsclient.SendText("Hello!");

To send binary data, use the SendBytes method instead.

Connected Event (DTLSClient Component)

This event is fired immediately after a connection completes (or fails).

Syntax

type TConnectedEvent = procedure (
  Sender: TObject;
  const Address: String;
  Port: Integer;
  StatusCode: Integer;
  const Description: String
) of Object;

property OnConnected: TConnectedEvent read FOnConnected write FOnConnected;

Remarks

This event is fired immediately after a connection completes (or fails).

If the connection is made normally, StatusCode is 0 and Description is "OK".

If the connection is broken for any other reason, StatusCode will be non-zero, and the Description parameter will contain a description of this code.

DataIn Event (DTLSClient Component)

This event is fired when data are received.

Syntax

type TDataInEvent = procedure (
  Sender: TObject;
  Datagram: String;
  DatagramB: TBytes;
  const SourceAddress: String;
  SourcePort: Integer
) of Object;

property OnDataIn: TDataInEvent read FOnDataIn write FOnDataIn;

Remarks

The DataIn event is fired every time a new datagram is received.

Datagram contains the packet as sent by the remote host.

SourceAddress contains the IP number (Internet address) of the remote host, and SourcePort contains the port from which the packet originated.

Note: Events are not re-entrant. Performing time-consuming operations within this event will prevent it from firing again in a timely manner and may affect overall performance.

Disconnected Event (DTLSClient Component)

This event is fired when a connection is closed.

Syntax

type TDisconnectedEvent = procedure (
  Sender: TObject;
  const Address: String;
  Port: Integer;
  StatusCode: Integer;
  const Description: String
) of Object;

property OnDisconnected: TDisconnectedEvent read FOnDisconnected write FOnDisconnected;

Remarks

This event is fired when a connection is closed.

If the connection is broken normally, StatusCode is 0 and Description is "OK".

If the connection is broken for any other reason, StatusCode will be non-zero, and the Description parameter will contain a description of this code.

Error Event (DTLSClient Component)

This event is fired for information about errors during data delivery.

Syntax

type TErrorEvent = procedure (
  Sender: TObject;
  ErrorCode: Integer;
  const Description: String
) of Object;

property OnError: TErrorEvent read FOnError write FOnError;

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the component raises an exception.

ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

Log Event (DTLSClient Component)

This event fires once for each log message.

Syntax

type TLogEvent = procedure (
  Sender: TObject;
  LogLevel: Integer;
  const Message: String;
  const LogType: String
) of Object;

property OnLog: TLogEvent read FOnLog write FOnLog;

Remarks

This event fires once for each log message generated by the component. The verbosity is controlled by the LogLevel setting.

LogLevel indicates the level of message. Possible values are as follows:

The value 1 (Info) logs basic information, including users logging in and out, files transferred, and directories listed.

The value 2 (Verbose) includes logs from the PITrail event as well as basic information about data transfer channels.

The value 3 (Debug) logs additional debug information, such as extended socket connection and data transfer information.

Message is the log entry.

LogType identifies the type of log entry. Possible values are as follows:

• "Info"
• "Error"
• "Verbose"
• "Debug"

SSLServerAuthentication Event (DTLSClient Component)

This event is fired after the server presents its certificate to the client.

Syntax

type TSSLServerAuthenticationEvent = procedure (
  Sender: TObject;
  const SourceAddress: String;
  SourcePort: Integer;
  CertEncoded: String;
  CertEncodedB: TBytes;
  const CertSubject: String;
  const CertIssuer: String;
  const Status: String;
  var Accept: Boolean
) of Object;

property OnSSLServerAuthentication: TSSLServerAuthenticationEvent read FOnSSLServerAuthentication write FOnSSLServerAuthentication;

Remarks

This event is fired after the server presents its certificate to the client.

During this event, the client can decide whether or not to continue with the connection process. The Accept parameter is a recommendation on whether to continue or close the connection. This is just a suggestion: application software must use its own logic to determine whether or not to continue.

When Accept is False, Status shows why the verification failed (otherwise, Status contains the string OK). If it is decided to continue, you can override and accept the certificate by setting the Accept parameter to True.

SSLStatus Event (DTLSClient Component)

This event shows the progress of the secure connection.

Syntax

type TSSLStatusEvent = procedure (
  Sender: TObject;
  const Message: String
) of Object;

property OnSSLStatus: TSSLStatusEvent read FOnSSLStatus write FOnSSLStatus;

Remarks

The event is fired for informational and logging purposes only. This event tracks the progress of the connection.

Certificate Type

This is the digital certificate being used.

Remarks

This type describes the current digital certificate. The certificate may be a public or private key. The fields are used to identify or select certificates.

Fields

Constructors

>

constructor Create();

Creates a Certificate instance whose properties can be set. This is useful for use with CERTMGR when generating new certificates.

>

constructor Create(valEncoded: TBytes);

Parses CertificateData as an X509 public key.

>

constructor Create(valCertStoreType: TipdCertStoreTypes; valStore: String; valStorePassword: String; valSubject: String);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a file containing the certificate store. StorePassword is the password used to protect the store. After the store has been successfully opened, the component will attempt to find the certificate identified by Subject . This can be either a complete or a substring match of the X509 certificate's subject Distinguished Name (DN).

>

constructor Create(valCertStoreType: TipdCertStoreTypes; valStoreBlob: TBytes; valStorePassword: String; valSubject: String);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. StoreBlob is a string (binary- or base64-encoded) containing the certificate data. StorePassword is the password used to protect the store. After the store has been successfully opened, the component will attempt to find the certificate identified by Subject . This can be either a complete or a substring match of the X509 certificate's subject Distinguished Name (DN).

Config Settings (DTLSClient Component)

The component accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

DTLSClient Config Settings

UDP Config Settings

Socket Config Settings

Base Config Settings

Trappable Errors (DTLSClient Component)

DTLSClient Errors