1 ! Copyright (C) 2008, 2010 Slava Pestov.
2 ! See http://factorcode.org/license.txt for BSD license.
3 USING: accessors kernel namespaces continuations destructors io
4 debugger io.sockets io.sockets.private sequences summary
5 calendar delegate system vocabs combinators present ;
8 SYMBOL: secure-socket-timeout
10 1 minutes secure-socket-timeout set-global
12 SYMBOL: secure-socket-backend
14 HOOK: ssl-supported? secure-socket-backend ( -- ? )
16 M: object ssl-supported? f ;
18 SINGLETONS: SSLv2 SSLv23 SSLv3 TLSv1 ;
29 : <secure-config> ( -- config )
32 1024 >>ephemeral-key-bits
35 TUPLE: secure-context < disposable config handle ;
37 HOOK: <secure-context> secure-socket-backend ( config -- context )
39 : with-secure-context ( config quot -- )
41 [ <secure-context> ] [ [ secure-context set ] prepose ] bi*
45 TUPLE: secure { addrspec read-only } ;
49 M: secure present addrspec>> present " (secure)" append ;
51 CONSULT: inet secure addrspec>> ;
53 M: secure resolve-host ( secure -- seq )
54 addrspec>> resolve-host [ <secure> ] map ;
56 HOOK: check-certificate secure-socket-backend ( host handle -- )
58 PREDICATE: secure-inet < secure addrspec>> inet? ;
62 M: secure-inet (client)
64 [ resolve-host (client) [ |dispose ] dip ] keep
65 addrspec>> host>> pick handle>> check-certificate
70 ERROR: premature-close ;
72 M: premature-close summary
73 drop "Connection closed prematurely - potential truncation attack" ;
75 ERROR: certificate-verify-error result ;
77 M: certificate-verify-error summary
78 drop "Certificate verification failed" ;
80 ERROR: common-name-verify-error expected got ;
82 M: common-name-verify-error summary
83 drop "Common name verification failed" ;
85 ERROR: upgrade-on-non-socket ;
87 M: upgrade-on-non-socket summary
89 "send-secure-handshake can only be used if input-stream and" print
90 "output-stream are a socket" ;
92 ERROR: upgrade-buffers-full ;
94 M: upgrade-buffers-full summary
96 "send-secure-handshake can only be used if buffers are empty" ;
98 HOOK: send-secure-handshake secure-socket-backend ( -- )
100 HOOK: accept-secure-handshake secure-socket-backend ( -- )
103 { [ os unix? ] [ "io.sockets.secure.unix" require ] }
104 { [ os windows? ] [ "openssl" require ] }