1 ! Copyright (C) 2008, 2010 Slava Pestov.
2 ! See http://factorcode.org/license.txt for BSD license.
3 USING: accessors alien.libraries calendar combinators delegate
4 destructors io io.sockets io.sockets.private kernel namespaces
5 present sequences summary system vocabs.platforms ;
9 SYMBOL: secure-socket-timeout
11 1 minutes secure-socket-timeout set-global
13 SYMBOL: secure-socket-backend
15 HOOK: ssl-supported? secure-socket-backend ( -- ? )
16 HOOK: ssl-certificate-verification-supported? secure-socket-backend ( -- ? )
18 M: object ssl-supported? f ;
19 M: object ssl-certificate-verification-supported? f ;
21 SINGLETONS: TLSv1 TLSv1.1 TLSv1.2 ;
23 ERROR: no-tls-supported ;
25 MEMO: best-tls-method ( -- class )
27 { [ "TLSv1_2_method" "libssl" dlsym? ] [ TLSv1.2 ] }
28 { [ "TLSv1_1_method" "libssl" dlsym? ] [ TLSv1.1 ] }
29 { [ "TLSv1_method" "libssl" dlsym? ] [ TLSv1 ] }
41 alpn-supported-protocols ;
43 : <secure-config> ( -- config )
45 best-tls-method >>method
46 1024 >>ephemeral-key-bits
47 ssl-certificate-verification-supported? >>verify ;
49 TUPLE: secure-context < disposable config handle ;
51 HOOK: <secure-context> secure-socket-backend ( config -- context )
53 : with-secure-context ( config quot -- )
55 [ <secure-context> ] [ [ secure-context set ] prepose ] bi*
60 { addrspec read-only }
61 { hostname read-only } ;
65 M: secure present addrspec>> present " (secure)" append ;
67 M: secure (server) addrspec>> (server) ;
69 CONSULT: inet secure addrspec>> ;
71 M: secure resolve-host
72 [ addrspec>> resolve-host ] [ hostname>> ] bi
73 [ <secure> ] curry map ;
75 HOOK: check-certificate secure-socket-backend ( host handle -- )
77 PREDICATE: secure-inet < secure addrspec>> inet? ;
81 M: secure-inet (client)
83 [ resolve-host (client) [ |dispose ] dip ] keep
84 addrspec>> host>> pick handle>> check-certificate
89 ERROR: premature-close-error ;
91 M: premature-close-error summary
92 drop "Connection closed prematurely" ;
94 ERROR: certificate-verify-error result ;
96 M: certificate-verify-error summary
97 drop "Certificate verification failed" ;
99 ERROR: subject-name-verify-error expected got ;
101 M: subject-name-verify-error summary
102 drop "Subject name verification failed" ;
104 ERROR: certificate-missing-error ;
106 M: certificate-missing-error summary
107 drop "Host did not present any certificate" ;
109 ERROR: upgrade-on-non-socket ;
111 M: upgrade-on-non-socket summary
113 "send-secure-handshake can only be used if input-stream and" print
114 "output-stream are a socket" ;
116 ERROR: upgrade-buffers-full ;
118 M: upgrade-buffers-full summary
120 "send-secure-handshake can only be used if buffers are empty" ;
122 HOOK: non-ssl-socket? os ( obj -- ? )
124 HOOK: socket-handle os ( obj -- ? )
126 HOOK: send-secure-handshake secure-socket-backend ( -- )
128 HOOK: accept-secure-handshake secure-socket-backend ( -- )
130 USE-UNIX: io.sockets.secure.unix
131 USE-WINDOWS: io.sockets.secure.windows