1 ! Copyright (C) 2008, 2010 Slava Pestov.
2 ! See https://factorcode.org/license.txt for BSD license.
3 USING: accessors alien.libraries calendar combinators delegate
4 destructors io io.sockets io.sockets.private kernel memoize namespaces
5 openssl.libssl present sequences summary system vocabs ;
8 SYMBOL: secure-socket-timeout
10 1 minutes secure-socket-timeout set-global
12 SYMBOL: secure-socket-backend
14 HOOK: ssl-supported? secure-socket-backend ( -- ? )
15 HOOK: ssl-certificate-verification-supported? secure-socket-backend ( -- ? )
17 M: object ssl-supported? f ;
18 M: object ssl-certificate-verification-supported? f ;
20 SINGLETONS: TLSv1 TLSv1.1 TLSv1.2 ;
22 ERROR: no-tls-supported ;
24 MEMO: best-tls-method ( -- class )
26 { [ "TLSv1_2_method" "libssl" dlsym? ] [ TLSv1.2 ] }
27 { [ "TLSv1_1_method" "libssl" dlsym? ] [ TLSv1.1 ] }
28 { [ "TLSv1_method" "libssl" dlsym? ] [ TLSv1 ] }
40 alpn-supported-protocols ;
42 : <secure-config> ( -- config )
44 best-tls-method >>method
45 1024 >>ephemeral-key-bits
46 ssl-certificate-verification-supported? >>verify ;
48 TUPLE: secure-context < disposable config handle ;
50 HOOK: <secure-context> secure-socket-backend ( config -- context )
52 : with-secure-context ( config quot -- )
54 [ <secure-context> ] [ [ secure-context set ] prepose ] bi*
59 { addrspec read-only }
60 { hostname read-only } ;
64 M: secure present addrspec>> present " (secure)" append ;
66 M: secure (server) addrspec>> (server) ;
68 CONSULT: inet secure addrspec>> ;
70 M: secure resolve-host
71 [ addrspec>> resolve-host ] [ hostname>> ] bi
72 [ <secure> ] curry map ;
74 HOOK: check-certificate secure-socket-backend ( host handle -- )
76 PREDICATE: secure-inet < secure addrspec>> inet? ;
80 M: secure-inet (client)
82 [ resolve-host (client) [ |dispose ] dip ] keep
83 addrspec>> host>> pick handle>> check-certificate
88 ERROR: premature-close-error ;
90 M: premature-close-error summary
91 drop "Connection closed prematurely" ;
93 ERROR: certificate-verify-error result ;
95 M: certificate-verify-error summary
96 drop "Certificate verification failed" ;
98 ERROR: subject-name-verify-error expected got ;
100 M: subject-name-verify-error summary
101 drop "Subject name verification failed" ;
103 ERROR: certificate-missing-error ;
105 M: certificate-missing-error summary
106 drop "Host did not present any certificate" ;
108 ERROR: upgrade-on-non-socket ;
110 M: upgrade-on-non-socket summary
112 "send-secure-handshake can only be used if input-stream and" print
113 "output-stream are a socket" ;
115 ERROR: upgrade-buffers-full ;
117 M: upgrade-buffers-full summary
119 "send-secure-handshake can only be used if buffers are empty" ;
121 HOOK: non-ssl-socket? os ( obj -- ? )
123 HOOK: socket-handle os ( obj -- ? )
125 HOOK: send-secure-handshake secure-socket-backend ( -- )
127 HOOK: accept-secure-handshake secure-socket-backend ( -- )
130 { [ os unix? ] [ "io.sockets.secure.unix" require ] }
131 { [ os windows? ] [ "io.sockets.secure.windows" require ] }