1 ! Copyright (C) 2008 Slava Pestov.
2 ! See http://factorcode.org/license.txt for BSD license.
3 USING: accessors kernel symbols namespaces continuations
4 destructors io.sockets sequences summary calendar delegate
5 system vocabs.loader combinators ;
8 SYMBOL: secure-socket-timeout
10 1 minutes secure-socket-timeout set-global
12 SYMBOL: secure-socket-backend
14 SINGLETONS: SSLv2 SSLv23 SSLv3 TLSv1 ;
25 : <secure-config> ( -- config )
28 1024 >>ephemeral-key-bits
29 "resource:extra/openssl/cacert.pem" >>ca-file
32 TUPLE: secure-context config handle disposed ;
34 HOOK: <secure-context> secure-socket-backend ( config -- context )
36 : with-secure-context ( config quot -- )
38 [ <secure-context> ] [ [ secure-context set ] prepose ] bi*
42 TUPLE: secure addrspec ;
46 CONSULT: inet secure addrspec>> ;
48 M: secure resolve-host ( secure -- seq )
49 addrspec>> resolve-host [ <secure> ] map ;
51 HOOK: check-certificate secure-socket-backend ( host handle -- )
55 PREDICATE: secure-inet < secure addrspec>> inet? ;
57 M: secure-inet (client)
59 [ resolve-host (client) [ |dispose ] dip ] keep
60 addrspec>> host>> pick handle>> check-certificate
65 ERROR: premature-close ;
67 M: premature-close summary
68 drop "Connection closed prematurely - potential truncation attack" ;
70 ERROR: certificate-verify-error result ;
72 M: certificate-verify-error summary
73 drop "Certificate verification failed" ;
75 ERROR: common-name-verify-error expected got ;
77 M: common-name-verify-error summary
78 drop "Common name verification failed" ;
81 { [ os unix? ] [ "io.unix.sockets.secure" require ] }
82 { [ os windows? ] [ "openssl" require ] }