1 ! Copyright (C) 2008 Slava Pestov.
2 ! See http://factorcode.org/license.txt for BSD license.
3 USING: accessors kernel symbols namespaces continuations
4 destructors io.sockets sequences inspector calendar delegate ;
7 SYMBOL: secure-socket-timeout
9 1 minutes secure-socket-timeout set-global
11 SYMBOL: secure-socket-backend
13 SINGLETONS: SSLv2 SSLv23 SSLv3 TLSv1 ;
24 : <secure-config> ( -- config )
27 1024 >>ephemeral-key-bits
28 "resource:extra/openssl/cacert.pem" >>ca-file
31 TUPLE: secure-context config handle disposed ;
33 HOOK: <secure-context> secure-socket-backend ( config -- context )
35 : with-secure-context ( config quot -- )
37 [ <secure-context> ] [ [ secure-context set ] prepose ] bi*
41 TUPLE: secure addrspec ;
45 CONSULT: inet secure addrspec>> ;
47 M: secure resolve-host ( secure -- seq )
48 addrspec>> resolve-host [ <secure> ] map ;
50 HOOK: check-certificate secure-socket-backend ( host handle -- )
54 PREDICATE: secure-inet < secure addrspec>> inet? ;
56 M: secure-inet (client)
58 [ resolve-host (client) [ |dispose ] dip ] keep
59 addrspec>> host>> pick handle>> check-certificate
64 ERROR: premature-close ;
66 M: premature-close summary
67 drop "Connection closed prematurely - potential truncation attack" ;
69 ERROR: certificate-verify-error result ;
71 M: certificate-verify-error summary
72 drop "Certificate verification failed" ;
74 ERROR: common-name-verify-error expected got ;
76 M: common-name-verify-error summary
77 drop "Common name verification failed" ;