]> gitweb.factorcode.org Git - factor.git/commitdiff
projects / factor.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b02710e)
io.sockets.secure: new hook variable ssl-certificate-verification-supported?
authorBjörn Lindqvist <bjourne@gmail.com>
Mon, 14 Oct 2013 12:45:33 +0000 (14:45 +0200)
committerDoug Coleman <doug.coleman@gmail.com>
Wed, 2 Apr 2014 17:11:53 +0000 (12:11 -0500)
t if the backend is able to verify certificates, f
otherwise. Currently certificate validation isn't implemented on Windows

basis/io/sockets/secure/secure-tests.factor patch | blob | history
basis/io/sockets/secure/secure.factor patch | blob | history
basis/io/sockets/secure/unix/unix.factor patch | blob | history
basis/io/sockets/secure/windows/windows.factor patch | blob | history

diff --git a/basis/io/sockets/secure/secure-tests.factor b/basis/io/sockets/secure/secure-tests.factor
index b5af1301688b9e1e97b5c87facefe3e8520166b9..79d2ceaf4605fb01955bf37d3e27c441683717d4 100644 (file)
--- a/basis/io/sockets/secure/secure-tests.factor
+++ b/basis/io/sockets/secure/secure-tests.factor
@@ -1,5 +1,5 @@
 IN: io.sockets.secure.tests
-USING: accessors kernel io.sockets io.sockets.secure tools.test ;
+USING: accessors kernel io.sockets io.sockets.secure system tools.test ;
 
 [ "hello" 24 ] [ "hello" 24 <inet> <secure> [ host>> ] [ port>> ] bi ] unit-test
 
@@ -10,3 +10,5 @@ USING: accessors kernel io.sockets io.sockets.secure tools.test ;
         "password" >>password
     [ ] with-secure-context
 ] unit-test
+
+[ t ] [ os windows? ssl-certificate-verification-supported? or ] unit-test
diff --git a/basis/io/sockets/secure/secure.factor b/basis/io/sockets/secure/secure.factor
index 987e58d3fb53732eaf5b2249d1faca8e49b844d9..550541ce1bcb6672898bc85098a80b16c6ecbb5a 100644 (file)
--- a/basis/io/sockets/secure/secure.factor
+++ b/basis/io/sockets/secure/secure.factor
@@ -12,8 +12,10 @@ SYMBOL: secure-socket-timeout
 SYMBOL: secure-socket-backend
 
 HOOK: ssl-supported? secure-socket-backend ( -- ? )
+HOOK: ssl-certificate-verification-supported? secure-socket-backend ( -- ? )
 
 M: object ssl-supported? f ;
+M: object ssl-certificate-verification-supported? f ;
 
 SINGLETONS: SSLv2 SSLv23 SSLv3 TLSv1 ;
 
@@ -30,7 +32,7 @@ ephemeral-key-bits ;
     secure-config new
         SSLv23 >>method
         1024 >>ephemeral-key-bits
-        t >>verify ;
+        ssl-certificate-verification-supported? >>verify ;
 
 TUPLE: secure-context < disposable config handle ;
 
@@ -106,5 +108,5 @@ HOOK: accept-secure-handshake secure-socket-backend ( -- )
 
 {
     { [ os unix? ] [ "io.sockets.secure.unix" require ] }
-    { [ os windows? ] [ "openssl" require ] }
+    { [ os windows? ] [ "io.sockets.secure.windows" require ] }
 } cond
diff --git a/basis/io/sockets/secure/unix/unix.factor b/basis/io/sockets/secure/unix/unix.factor
index 0fb4a44dc5e4313751ed05ce10671d2407f0d666..7905dfd6e3d57dac9523d1c6949e32d217d376da 100644 (file)
--- a/basis/io/sockets/secure/unix/unix.factor
+++ b/basis/io/sockets/secure/unix/unix.factor
@@ -12,6 +12,7 @@ FROM: io.ports => shutdown ;
 IN: io.sockets.secure.unix
 
 M: openssl ssl-supported? t ;
+M: openssl ssl-certificate-verification-supported? t ;
 
 M: ssl-handle handle-fd file>> handle-fd ;
 
diff --git a/basis/io/sockets/secure/windows/windows.factor b/basis/io/sockets/secure/windows/windows.factor
index d2538c12ba219084c780ea6cbf787ebfddc7d5e6..7d98fd114fe5dd2d551f64b0a723ac27c612fe32 100644 (file)
--- a/basis/io/sockets/secure/windows/windows.factor
+++ b/basis/io/sockets/secure/windows/windows.factor
@@ -1,17 +1,19 @@
 USING:
     accessors
-    alien
+    alien alien.c-types alien.data
     combinators
     fry
     io io.sockets.private io.sockets.secure io.sockets.secure.openssl io.sockets.windows
     io.timeouts
     kernel
-    openssl openssl.libcrypto openssl.libssl ;
+    openssl openssl.libcrypto openssl.libssl
+    windows.winsock ;
 IN: io.sockets.secure.windows
 
 ! Most of this vocab is duplicated code from io.sockets.secure.unix so
 ! you could probably unify them.
 M: openssl ssl-supported? t ;
+M: openssl ssl-certificate-verification-supported? f ;
 
 : <ssl-socket> ( winsock -- ssl )
     [ handle>> alien-address BIO_NOCLOSE BIO_new_socket ] keep <ssl-handle>
@@ -20,6 +22,10 @@ M: openssl ssl-supported? t ;
 M: secure ((client)) ( addrspec -- handle )
     addrspec>> ((client)) <ssl-socket> ;
 
+M: secure (get-local-address) ( handle remote -- sockaddr )
+    [ file>> handle>> ] [ addrspec>> empty-sockaddr/size int <ref> ] bi*
+    [ getsockname socket-error ] 2keep drop ;
+
 : establish-ssl-connection ( client-out remote -- )
     make-sockaddr/size <ConnectEx-args>
     swap >>port
Factor programming language