Changeset 10509 in ntrip for trunk/BNC


Ignore:
Timestamp:
Jun 13, 2024, 10:32:26 PM (6 months ago)
Author:
stuerze
Message:

minor changes

Location:
trunk/BNC/src
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/BNC/src/bnchelp.html

    r10503 r10509  
    13151315<p><h4 id="network">2.2 Network</h4></p>
    13161316<p>
    1317 You may need to specify a proxy when running BNC in a protected network. You may also like to use the Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL) cryptographic protocols for secure Ntrip communication over the Internet.
     1317You may need to specify a proxy when running BNC in a protected network. You may also like to use the Transport Layer Security (TLS) and its predecessor,
     1318Secure Sockets Layer (SSL) cryptographic protocols for secure Ntrip communication over the Internet.
    13181319</p>
    13191320<p><h4 id="proxy">2.2.1 Proxy - Usage in a protected LAN</h4></p>
    13201321<p>
    1321 If you are running BNC within a protected Local Area Network (LAN), you might need to use a proxy server to access the Internet. Enter your proxy server IP and port number in case one is operated in front of BNC. If you do not know the IP and port of your proxy server, check the proxy server settings in your Internet browser or ask your network administrator. Without any entry, BNC will try to use the system proxies.</p>
    1322 <p>
    1323 Note that IP streaming is often not allowed in a LAN. In this case you need to ask your network administrator for an appropriate modification of the local security policy or for the installation of a TCP relay to the Ntrip Broadcaster you need to access. If this is not possible, you might need to run BNC outside your LAN on a host that has unobstructed connection to the Internet.
    1324 </p>
     1322If you are running BNC within a protected Local Area Network (LAN), you might need to use a proxy server to access the Internet.
     1323Enter your proxy server IP and port number in case one is operated in front of BNC.
     1324If you do not know the IP and port of your proxy server, check the proxy server settings in your Internet browser or ask your network administrator.
     1325Without any entry, BNC will try to use the system proxies.</p>
     1326<p>
     1327Note that IP streaming is often not allowed in a LAN. In this case you need to ask your network administrator for an appropriate modification
     1328of the local security policy or for the installation of a TCP relay to the Ntrip Broadcaster you need to access.
     1329If this is not possible, you might need to run BNC outside your LAN on a host that has unobstructed connection to the Internet.</p>
    13251330
    13261331<p><h4 id="ssl">2.2.2 SSL - Transport Layer Security</h4></p>
    1327 <p>Communication with an Ntrip Broadcaster over Secure Sockets Layer (SSL) as well as the download of RINEX skeleton files when available from HTTPS websites requires the exchange of client and/or server certificates. Specify the path to a directory where you save certificates on your system. You may like to check out <u>http://software.rtcm-ntrip.org/wiki/Certificates</u> for a list of known Ntrip Server certificates. You may also just try communication via SSL to check out whether this is supported by the involved Ntrip Broadcaster. </p>
    1328 <p>SSL communication may involve queries coming from the Ntrip Broadcaster or from a HTTPS website hosting RINEX skeletons. Such a query could show up under BNC's 'Log' tab especially when self-signed SSL certificates are used. Example:
    1329 <pre>
     1332<p>
     1333Communication with an Ntrip Broadcaster over Secure Sockets Layer (SSL) as well as the download of RINEX skeleton files when available from HTTPS websites
     1334requires the exchange of client and/or server certificates.  </p><p>
     1335Specify the path to a directory where you save CA certificates on your system.
     1336BNC creates from *.crt and *.pem files a CA certificate database, which is used by the socket during the handshake phase to validate the peer's certificate. </p>
     1337<p>
     1338SSL communication may involve queries coming from the Ntrip Broadcaster or from a HTTPS website hosting RINEX skeletons.
     1339Such a query could show up under BNC's 'Log' tab especially when self-signed SSL certificates are used. Example:
     1340<pre><p style="font-family:Monospace">
    13301341   SSL Error
    13311342   Server Certificate Issued by:
     
    13381349   No certificates could be verified
    13391350</pre>
    1340 Queries should not be received by a client when a server uses official SSL certificates.
    1341 </p>
    1342 <p>
    1343 Tick 'Ignore SSL authorization errors' if you generally trust the server and do not want to be bothered with this. Note that SSL communication is usually done over port 443.
    1344 </p>
     1351</p>
     1352<p>
     1353Queries should not be received by a client when a server uses official SSL certificates. </p>
     1354<p>
     1355You may also just try communication via SSL to check out whether this is supported by the involved Ntrip Broadcaster.
     1356Note that SSL communication is usually done over port 443.</p>
     1357<p>
     1358Two-sided communication with an Ntrip Broadcaster over SSL requires in addition the exchange of client certificates.
     1359Specify the full path to the client certificates on your system. The file naming convention for client certificates in BNC is as follows:
     1360<pre>
     1361   &lt;hostname&gt;.&lt;port&gt;.crt for the certificate and
     1362   &lt;hostname&gt;.&lt;port&gt;.key for the private key, where &lt;hostname&gt; is without https://.
     1363</pre>
     1364</p>
     1365<p>
     1366If available, the client or personal authentication certificate is presented to the peer during the SSL handshake process.
     1367Password protected key files are not supported.
     1368Don't try communication via two sided SSL if you are not sure whether this is supported by the involved Ntrip Broadcaster. </p>
     1369<p>
     1370Tick 'Ignore SSL authorization errors' if you generally trust the server and do not want to be bothered with this. </p>
    13451371<p><img src="IMG/Figure07.png"width=800/></p>
    13461372<p>Figure 7: BNC's 'Network' panel configured to ignore eventually occurring SSL error messages</p>
     
    13531379<p><h4 id="genlog">2.3.1 Logfile - optional</h4></p>
    13541380<p>
    1355 Records of BNC's activities are shown in the 'Log' tab on the bottom of the main window. These logs can be saved into a file when a valid path is specified in the 'Logfile (full path)' field. The logfile name will automatically be extended by a string '_YYMMDD' for the current date. This leads to series of daily logfiles when running BNC continuously. Message logs cover the communication status between BNC and the Ntrip Broadcaster as well as problems that may occur in the communication link, stream availability, stream delay, stream conversion etc. The time stamps within the 'Log' tab are given in UTC. The time stamps within the logfile are given in GPS Time. The default value for 'Logfile (full path)' is an empty option field, meaning that BNC logs will not be saved into a file.
     1381Records of BNC's activities are shown in the 'Log' tab on the bottom of the main window.
     1382These logs can be saved into a file when a valid path is specified in the 'Logfile (full path)' field.
     1383The logfile name will automatically be extended by a string '_YYMMDD' for the current date.
     1384This leads to series of daily logfiles when running BNC continuously.
     1385Message logs cover the communication status between BNC and the Ntrip Broadcaster as well as problems
     1386that may occur in the communication link, stream availability, stream delay, stream conversion etc.
     1387The time stamps within the 'Log' tab are given in UTC. The time stamps within the logfile are given in GPS Time.
     1388The default value for 'Logfile (full path)' is an empty option field, meaning that BNC logs will not be saved into a file.
    13561389</p>
    13571390<p>
  • trunk/BNC/src/bncwindow.cpp

    r10503 r10509  
    14071407  _proxyHostLineEdit->setWhatsThis(tr("<p>If you are running BNC within a protected Local Area Network (LAN), you may need to use a proxy server to access the Internet. Enter your proxy server IP and port number in case one is operated in front of BNC. If you do not know the IP and port of your proxy server, check the proxy server settings in your Internet browser or ask your network administrator. Without any entry, BNC will try to use the system proxies. </p><p>Note that IP streaming is sometimes not allowed in a LAN. In this case you need to ask your network administrator for an appropriate modification of the local security policy or for the installation of a TCP relay to the Ntrip Broadcasters. If this is not possible, you may need to run BNC outside your LAN on a network that has unobstructed connection to the Internet. <i>[key: proxyHost]</i></p>"));
    14081408  _proxyPortLineEdit->setWhatsThis(tr("<p>Enter your proxy server port number in case a proxy is operated in front of BNC. <i>[key: proxyPort]</i></p>"));
    1409   _sslCaCertPathLineEdit->setWhatsThis(tr("<p>Communication with an Ntrip Broadcaster over SSL requires the exchange of server certificates. Specify the path to a directory where you save CA certificates on your system. </p><p>BNC creates from *.crt and *.pem files a CA certificate database, which is used by the socket during the handshake phase to validate the peer's certificate. </p><p>Don't try communication via SSL if you are not sure whether this is supported by the involved Ntrip Broadcaster.</p><p>Note that SSL communication is usually done over port 443. <i>[key: sslCaCertPath]</i></p>"));
     1409  _sslCaCertPathLineEdit->setWhatsThis(tr("<p>Communication with an Ntrip Broadcaster over SSL requires the exchange of server certificates. Specify the path to a directory where you save CA certificates on your system. </p><p>BNC creates from *.crt and *.pem files a CA certificate database, which is used by the socket during the handshake phase to validate the peer's certificate. </p><p>Note that SSL communication is usually done over port 443. <i>[key: sslCaCertPath]</i></p>"));
    14101410  _sslClientCertPathLineEdit->setWhatsThis(tr("<p>Two-sided communication with an Ntrip Broadcaster over SSL requires in addition the exchange of client certificates. Specify the full path to the client certificates on your system.</p><p></p><p>The file naming convention for client certificates in BNC is as follows: &lt;hostname&gt;.&lt;port&gt;.crt for the certificate and &lt;hostname&gt;.&lt;port&gt;.key for the private key, where &lt;hostname&gt; is without https://. </p><p> If available, the client or personal authentication certificate is presented to the peer during the SSL handshake process. Password protected key files are not supported. </p><p>Don't try communication via two sided SSL if you are not sure whether this is supported by the involved Ntrip Broadcaster. </p><p>Note that SSL communication is usually done over port 443. <i>[key: sslClientCertPath]</i></p>"));
    14111411  _sslIgnoreErrorsCheckBox->setWhatsThis(tr("<p>SSL communication may involve queries coming from the Ntrip Broadcaster. Tick 'Ignore SSL authorization errors' if you don't want to be bothered with this. <i>[key: sslIgnoreErrors]</i></p>"));
Note: See TracChangeset for help on using the changeset viewer.