1 USING: accessors alien alien.c-types alien.data alien.strings
2 calendar combinators combinators.short-circuit destructors io
3 io.encodings.utf8 io.ports io.sockets.private io.sockets.secure
4 io.sockets.secure.openssl io.sockets.windows kernel libc locals
5 math math.order openssl openssl.libcrypto openssl.libssl system
6 windows.crypt32 windows.errors windows.time windows.winsock ;
7 IN: io.sockets.secure.windows
9 M: openssl ssl-supported? t ;
10 M: openssl ssl-certificate-verification-supported? f ;
12 : close-windows-cert-store ( HCERTSTORE -- )
13 0 CertCloseStore win32-error=0/f ;
15 : load-windows-cert-store ( string -- HCERTSTORE )
16 [ f ] dip CertOpenSystemStore
17 [ win32-error ] when-zero ;
19 : X509-NAME. ( X509_NAME -- )
21 [ utf8 alien>string print ] [ (free) ] bi ;
25 [ X509_get_subject_name "subject: " write X509-NAME. ]
26 [ X509_get_issuer_name "issuer: " write X509-NAME. ]
29 : add-cert-to-store ( cert-store cert -- )
30 X509_STORE_add_cert ssl-error ;
32 :: set-windows-certs-for ( name -- )
34 name load-windows-cert-store :> cs
35 X509_STORE_new :> x509-store
39 cs ctx CertEnumCertificatesInStore ctx!
41 f ctx [ pbCertEncoded>> void* <ref> ]
42 [ cbCertEncoded>> ] bi d2i_X509
46 [ x509-store swap X509_STORE_add_cert ssl-error ]
52 ! XXX: the MSFT cert is in "CA" twice, and throws an error
53 ! when loading the second time.
54 : set-windows-certs ( -- )
55 ! "CA" set-windows-certs-for
56 "ROOT" set-windows-certs-for ;
58 M: windows socket-handle handle>> alien-address ;
60 M: secure remote>handle ( addrspec -- handle )
61 [ addrspec>> remote>handle ] [ hostname>> ] bi <ssl-socket> ;
63 GENERIC: windows-socket-handle ( obj -- handle )
64 M: ssl-handle windows-socket-handle file>> ;
65 M: win32-socket windows-socket-handle ;
67 M: secure (get-local-address) ( handle remote -- sockaddr )
68 [ windows-socket-handle ] [ addrspec>> ] bi* (get-local-address) ;
70 M: secure parse-sockaddr addrspec>> parse-sockaddr f <secure> ;
72 M:: secure establish-connection ( client-out addrspec -- )
73 client-out handle>> file>> :> socket
74 socket FIONBIO 1 set-ioctl-socket
75 socket <output-port> addrspec addrspec>> establish-connection
76 client-out addrspec secure-connection
77 socket FIONBIO 0 set-ioctl-socket ;
79 M: windows non-ssl-socket? win32-socket? ;