IN: io.sockets.secure.tests
-USING: accessors kernel io.sockets io.sockets.secure tools.test ;
+USING: accessors kernel io.sockets io.sockets.secure system tools.test ;
[ "hello" 24 ] [ "hello" 24 <inet> <secure> [ host>> ] [ port>> ] bi ] unit-test
"password" >>password
[ ] with-secure-context
] unit-test
+
+[ t ] [ os windows? ssl-certificate-verification-supported? or ] unit-test
SYMBOL: secure-socket-backend
HOOK: ssl-supported? secure-socket-backend ( -- ? )
+HOOK: ssl-certificate-verification-supported? secure-socket-backend ( -- ? )
M: object ssl-supported? f ;
+M: object ssl-certificate-verification-supported? f ;
SINGLETONS: SSLv2 SSLv23 SSLv3 TLSv1 ;
secure-config new
SSLv23 >>method
1024 >>ephemeral-key-bits
- t >>verify ;
+ ssl-certificate-verification-supported? >>verify ;
TUPLE: secure-context < disposable config handle ;
{
{ [ os unix? ] [ "io.sockets.secure.unix" require ] }
- { [ os windows? ] [ "openssl" require ] }
+ { [ os windows? ] [ "io.sockets.secure.windows" require ] }
} cond
IN: io.sockets.secure.unix
M: openssl ssl-supported? t ;
+M: openssl ssl-certificate-verification-supported? t ;
M: ssl-handle handle-fd file>> handle-fd ;
USING:
accessors
- alien
+ alien alien.c-types alien.data
combinators
fry
io io.sockets.private io.sockets.secure io.sockets.secure.openssl io.sockets.windows
io.timeouts
kernel
- openssl openssl.libcrypto openssl.libssl ;
+ openssl openssl.libcrypto openssl.libssl
+ windows.winsock ;
IN: io.sockets.secure.windows
! Most of this vocab is duplicated code from io.sockets.secure.unix so
! you could probably unify them.
M: openssl ssl-supported? t ;
+M: openssl ssl-certificate-verification-supported? f ;
: <ssl-socket> ( winsock -- ssl )
[ handle>> alien-address BIO_NOCLOSE BIO_new_socket ] keep <ssl-handle>
M: secure ((client)) ( addrspec -- handle )
addrspec>> ((client)) <ssl-socket> ;
+M: secure (get-local-address) ( handle remote -- sockaddr )
+ [ file>> handle>> ] [ addrspec>> empty-sockaddr/size int <ref> ] bi*
+ [ getsockname socket-error ] 2keep drop ;
+
: establish-ssl-connection ( client-out remote -- )
make-sockaddr/size <ConnectEx-args>
swap >>port