1 ! Copyright (C) 2007 Elie CHAFTARI
2 ! Portions copyright (C) 2008 Slava Pestov
3 ! See http://factorcode.org/license.txt for BSD license.
4 USING: alien alien.syntax combinators kernel system namespaces
5 assocs parser lexer sequences words quotations math.bitwise ;
10 { [ os openbsd? ] [ ] } ! VM is linked with it
11 { [ os winnt? ] [ "libssl" "ssleay32.dll" "cdecl" add-library ] }
12 { [ os macosx? ] [ "libssl" "libssl.dylib" "cdecl" add-library ] }
13 { [ os unix? ] [ "libssl" "libssl.so" "cdecl" add-library ] }
16 : X509_FILETYPE_PEM 1 ; inline
17 : X509_FILETYPE_ASN1 2 ; inline
18 : X509_FILETYPE_DEFAULT 3 ; inline
20 : SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 ; inline
21 : SSL_FILETYPE_PEM X509_FILETYPE_PEM ; inline
23 : SSL_CTRL_NEED_TMP_RSA 1 ; inline
24 : SSL_CTRL_SET_TMP_RSA 2 ; inline
25 : SSL_CTRL_SET_TMP_DH 3 ; inline
26 : SSL_CTRL_SET_TMP_RSA_CB 4 ; inline
27 : SSL_CTRL_SET_TMP_DH_CB 5 ; inline
29 : SSL_CTRL_GET_SESSION_REUSED 6 ; inline
30 : SSL_CTRL_GET_CLIENT_CERT_REQUEST 7 ; inline
31 : SSL_CTRL_GET_NUM_RENEGOTIATIONS 8 ; inline
32 : SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 9 ; inline
33 : SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 10 ; inline
34 : SSL_CTRL_GET_FLAGS 11 ; inline
35 : SSL_CTRL_EXTRA_CHAIN_CERT 12 ; inline
37 : SSL_CTRL_SET_MSG_CALLBACK 13 ; inline
38 : SSL_CTRL_SET_MSG_CALLBACK_ARG 14 ; inline
40 : SSL_CTRL_SESS_NUMBER 20 ; inline
41 : SSL_CTRL_SESS_CONNECT 21 ; inline
42 : SSL_CTRL_SESS_CONNECT_GOOD 22 ; inline
43 : SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 ; inline
44 : SSL_CTRL_SESS_ACCEPT 24 ; inline
45 : SSL_CTRL_SESS_ACCEPT_GOOD 25 ; inline
46 : SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 ; inline
47 : SSL_CTRL_SESS_HIT 27 ; inline
48 : SSL_CTRL_SESS_CB_HIT 28 ; inline
49 : SSL_CTRL_SESS_MISSES 29 ; inline
50 : SSL_CTRL_SESS_TIMEOUTS 30 ; inline
51 : SSL_CTRL_SESS_CACHE_FULL 31 ; inline
52 : SSL_CTRL_OPTIONS 32 ; inline
53 : SSL_CTRL_MODE 33 ; inline
55 : SSL_CTRL_GET_READ_AHEAD 40 ; inline
56 : SSL_CTRL_SET_READ_AHEAD 41 ; inline
57 : SSL_CTRL_SET_SESS_CACHE_SIZE 42 ; inline
58 : SSL_CTRL_GET_SESS_CACHE_SIZE 43 ; inline
59 : SSL_CTRL_SET_SESS_CACHE_MODE 44 ; inline
60 : SSL_CTRL_GET_SESS_CACHE_MODE 45 ; inline
62 : SSL_CTRL_GET_MAX_CERT_LIST 50 ; inline
63 : SSL_CTRL_SET_MAX_CERT_LIST 51 ; inline
65 : SSL_ERROR_NONE 0 ; inline
66 : SSL_ERROR_SSL 1 ; inline
67 : SSL_ERROR_WANT_READ 2 ; inline
68 : SSL_ERROR_WANT_WRITE 3 ; inline
69 : SSL_ERROR_WANT_X509_LOOKUP 4 ; inline
70 : SSL_ERROR_SYSCALL 5 ; inline ! consult errno for details
71 : SSL_ERROR_ZERO_RETURN 6 ; inline
72 : SSL_ERROR_WANT_CONNECT 7 ; inline
73 : SSL_ERROR_WANT_ACCEPT 8 ; inline
75 ! Error messages table
76 : error-messages ( -- hash )
78 { 0 "SSL_ERROR_NONE" }
80 { 2 "SSL_ERROR_WANT_READ" }
81 { 3 "SSL_ERROR_WANT_WRITE" }
82 { 4 "SSL_ERROR_WANT_X509_LOOKUP" }
83 { 5 "SSL_ERROR_SYSCALL" }
84 { 6 "SSL_ERROR_ZERO_RETURN" }
85 { 7 "SSL_ERROR_WANT_CONNECT" }
86 { 8 "SSL_ERROR_WANT_ACCEPT" }
89 TYPEDEF: void* ssl-method
90 TYPEDEF: void* SSL_CTX*
91 TYPEDEF: void* SSL_SESSION*
96 ! ===============================================
98 ! ===============================================
100 FUNCTION: char* SSL_get_version ( SSL* ssl ) ;
102 ! Maps OpenSSL errors to strings
103 FUNCTION: void SSL_load_error_strings ( ) ;
105 ! Must be called before any other action takes place
106 FUNCTION: int SSL_library_init ( ) ;
108 ! Sets the default SSL version
109 FUNCTION: ssl-method SSLv2_client_method ( ) ;
111 FUNCTION: ssl-method SSLv23_client_method ( ) ;
113 FUNCTION: ssl-method SSLv23_server_method ( ) ;
115 FUNCTION: ssl-method SSLv23_method ( ) ; ! SSLv3 but can rollback to v2
117 FUNCTION: ssl-method SSLv3_client_method ( ) ;
119 FUNCTION: ssl-method SSLv3_server_method ( ) ;
121 FUNCTION: ssl-method SSLv3_method ( ) ;
123 FUNCTION: ssl-method TLSv1_client_method ( ) ;
125 FUNCTION: ssl-method TLSv1_server_method ( ) ;
127 FUNCTION: ssl-method TLSv1_method ( ) ;
129 ! Creates the context
130 FUNCTION: SSL_CTX* SSL_CTX_new ( ssl-method method ) ;
132 ! Load the certificates and private keys into the SSL_CTX
133 FUNCTION: int SSL_CTX_use_certificate_chain_file ( SSL_CTX* ctx,
134 char* file ) ; ! PEM type
136 FUNCTION: SSL* SSL_new ( SSL_CTX* ctx ) ;
138 FUNCTION: int SSL_set_fd ( SSL* ssl, int fd ) ;
140 FUNCTION: void SSL_set_bio ( SSL* ssl, void* rbio, void* wbio ) ;
142 FUNCTION: int SSL_set_session ( SSL* to, SSL_SESSION* session ) ;
144 FUNCTION: int SSL_get_error ( SSL* ssl, int ret ) ;
146 FUNCTION: void SSL_set_connect_state ( SSL* ssl ) ;
148 FUNCTION: void SSL_set_accept_state ( SSL* ssl ) ;
150 FUNCTION: int SSL_connect ( SSL* ssl ) ;
152 FUNCTION: int SSL_accept ( SSL* ssl ) ;
154 FUNCTION: int SSL_write ( SSL* ssl, void* buf, int num ) ;
156 FUNCTION: int SSL_read ( SSL* ssl, void* buf, int num ) ;
158 FUNCTION: int SSL_shutdown ( SSL* ssl ) ;
160 : SSL_SENT_SHUTDOWN 1 ;
161 : SSL_RECEIVED_SHUTDOWN 2 ;
163 FUNCTION: int SSL_get_shutdown ( SSL* ssl ) ;
165 FUNCTION: int SSL_CTX_set_session_id_context ( SSL_CTX* ctx, char* sid_ctx, uint len ) ;
167 FUNCTION: SSL_SESSION* SSL_get1_session ( SSL* ssl ) ;
169 FUNCTION: void SSL_free ( SSL* ssl ) ;
171 FUNCTION: void SSL_SESSION_free ( SSL_SESSION* ses ) ;
173 FUNCTION: int SSL_want ( SSL* ssl ) ;
175 : SSL_NOTHING 1 ; inline
176 : SSL_WRITING 2 ; inline
177 : SSL_READING 3 ; inline
178 : SSL_X509_LOOKUP 4 ; inline
180 FUNCTION: long SSL_get_verify_result ( SSL* ssl ) ;
182 FUNCTION: X509* SSL_get_peer_certificate ( SSL* s ) ;
184 FUNCTION: void SSL_CTX_free ( SSL_CTX* ctx ) ;
186 FUNCTION: void RAND_seed ( void* buf, int num ) ;
188 FUNCTION: int SSL_set_cipher_list ( SSL* ssl, char* str ) ;
190 FUNCTION: int SSL_use_RSAPrivateKey_file ( SSL* ssl, char* str ) ;
192 FUNCTION: int SSL_CTX_use_RSAPrivateKey_file ( SSL_CTX* ctx, int type ) ;
194 FUNCTION: int SSL_use_certificate_file ( SSL* ssl,
195 char* str, int type ) ;
197 FUNCTION: int SSL_CTX_load_verify_locations ( SSL_CTX* ctx, char* CAfile,
200 FUNCTION: int SSL_CTX_set_default_verify_paths ( SSL_CTX* ctx ) ;
202 : SSL_VERIFY_NONE 0 ; inline
203 : SSL_VERIFY_PEER 1 ; inline
204 : SSL_VERIFY_FAIL_IF_NO_PEER_CERT 2 ; inline
205 : SSL_VERIFY_CLIENT_ONCE 4 ; inline
207 FUNCTION: void SSL_CTX_set_verify ( SSL_CTX* ctx, int mode, void* callback ) ;
209 FUNCTION: void SSL_CTX_set_client_CA_list ( SSL_CTX* ctx, SSL* list ) ;
211 FUNCTION: SSL* SSL_load_client_CA_file ( char* file ) ;
213 ! Used to manipulate settings of the SSL_CTX and SSL objects.
214 ! This function should never be called directly
215 FUNCTION: long SSL_CTX_ctrl ( SSL_CTX* ctx, int cmd, long larg, void* parg ) ;
217 FUNCTION: void SSL_CTX_set_default_passwd_cb ( SSL_CTX* ctx, void* cb ) ;
219 FUNCTION: void SSL_CTX_set_default_passwd_cb_userdata ( SSL_CTX* ctx,
222 FUNCTION: int SSL_CTX_use_PrivateKey_file ( SSL_CTX* ctx, char* file,
225 ! Sets the maximum depth for the allowed ctx certificate chain verification
226 FUNCTION: void SSL_CTX_set_verify_depth ( SSL_CTX* ctx, int depth ) ;
228 ! Sets DH parameters to be used to be dh.
229 ! The key is inherited by all ssl objects created from ctx
230 FUNCTION: void SSL_CTX_set_tmp_dh_callback ( SSL_CTX* ctx, void* dh ) ;
232 FUNCTION: void SSL_CTX_set_tmp_rsa_callback ( SSL_CTX* ctx, void* rsa ) ;
234 FUNCTION: void* BIO_f_ssl ( ) ;
236 : SSL_CTX_set_tmp_rsa ( ctx rsa -- n )
237 >r SSL_CTRL_SET_TMP_RSA 0 r> SSL_CTX_ctrl ;
239 : SSL_CTX_set_tmp_dh ( ctx dh -- n )
240 >r SSL_CTRL_SET_TMP_DH 0 r> SSL_CTX_ctrl ;
242 : SSL_CTX_set_session_cache_mode ( ctx mode -- n )
243 >r SSL_CTRL_SET_SESS_CACHE_MODE r> f SSL_CTX_ctrl ;
245 : SSL_SESS_CACHE_OFF HEX: 0000 ; inline
246 : SSL_SESS_CACHE_CLIENT HEX: 0001 ; inline
247 : SSL_SESS_CACHE_SERVER HEX: 0002 ; inline
249 : SSL_SESS_CACHE_BOTH ( -- n )
250 { SSL_SESS_CACHE_CLIENT SSL_SESS_CACHE_SERVER } flags ; inline
252 : SSL_SESS_CACHE_NO_AUTO_CLEAR HEX: 0080 ; inline
253 : SSL_SESS_CACHE_NO_INTERNAL_LOOKUP HEX: 0100 ; inline
254 : SSL_SESS_CACHE_NO_INTERNAL_STORE HEX: 0200 ; inline
256 : SSL_SESS_CACHE_NO_INTERNAL ( -- n )
257 { SSL_SESS_CACHE_NO_INTERNAL_LOOKUP SSL_SESS_CACHE_NO_INTERNAL_STORE } flags ; inline
259 ! ===============================================
261 ! ===============================================
263 TYPEDEF: void* X509_NAME*
267 FUNCTION: int X509_NAME_get_text_by_NID ( X509_NAME* name, int nid, void* buf, int len ) ;
268 FUNCTION: X509_NAME* X509_get_subject_name ( X509* a ) ;
270 ! ===============================================
272 ! ===============================================
276 SYMBOL: verify-messages
278 H{ } clone verify-messages set-global
280 : verify-message ( n -- word ) verify-messages get-global at ;
283 scan "X509_V_" prepend create-in
285 [ 1quotation define-inline ]
286 [ verify-messages get set-at ] 2bi ; parsing
291 X509_V_: ERR_UNABLE_TO_GET_ISSUER_CERT 2
292 X509_V_: ERR_UNABLE_TO_GET_CRL 3
293 X509_V_: ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
294 X509_V_: ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
295 X509_V_: ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
296 X509_V_: ERR_CERT_SIGNATURE_FAILURE 7
297 X509_V_: ERR_CRL_SIGNATURE_FAILURE 8
298 X509_V_: ERR_CERT_NOT_YET_VALID 9
299 X509_V_: ERR_CERT_HAS_EXPIRED 10
300 X509_V_: ERR_CRL_NOT_YET_VALID 11
301 X509_V_: ERR_CRL_HAS_EXPIRED 12
302 X509_V_: ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
303 X509_V_: ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
304 X509_V_: ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
305 X509_V_: ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
306 X509_V_: ERR_OUT_OF_MEM 17
307 X509_V_: ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
308 X509_V_: ERR_SELF_SIGNED_CERT_IN_CHAIN 19
309 X509_V_: ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
310 X509_V_: ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
311 X509_V_: ERR_CERT_CHAIN_TOO_LONG 22
312 X509_V_: ERR_CERT_REVOKED 23
313 X509_V_: ERR_INVALID_CA 24
314 X509_V_: ERR_PATH_LENGTH_EXCEEDED 25
315 X509_V_: ERR_INVALID_PURPOSE 26
316 X509_V_: ERR_CERT_UNTRUSTED 27
317 X509_V_: ERR_CERT_REJECTED 28
318 X509_V_: ERR_SUBJECT_ISSUER_MISMATCH 29
319 X509_V_: ERR_AKID_SKID_MISMATCH 30
320 X509_V_: ERR_AKID_ISSUER_SERIAL_MISMATCH 31
321 X509_V_: ERR_KEYUSAGE_NO_CERTSIGN 32
322 X509_V_: ERR_UNABLE_TO_GET_CRL_ISSUER 33
323 X509_V_: ERR_UNHANDLED_CRITICAL_EXTENSION 34
324 X509_V_: ERR_KEYUSAGE_NO_CRL_SIGN 35
325 X509_V_: ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
326 X509_V_: ERR_INVALID_NON_CA 37
327 X509_V_: ERR_PROXY_PATH_LENGTH_EXCEEDED 38
328 X509_V_: ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39
329 X509_V_: ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40
330 X509_V_: ERR_APPLICATION_VERIFICATION 50
332 ! ===============================================
334 ! ===============================================
336 : NID_commonName 13 ; inline