diff --git a/basis/io/sockets/secure/secure-tests.factor b/basis/io/sockets/secure/secure-tests.factor index b5af130168..79d2ceaf46 100644 --- a/basis/io/sockets/secure/secure-tests.factor +++ b/basis/io/sockets/secure/secure-tests.factor @@ -1,5 +1,5 @@ IN: io.sockets.secure.tests -USING: accessors kernel io.sockets io.sockets.secure tools.test ; +USING: accessors kernel io.sockets io.sockets.secure system tools.test ; [ "hello" 24 ] [ "hello" 24 [ host>> ] [ port>> ] bi ] unit-test @@ -10,3 +10,5 @@ USING: accessors kernel io.sockets io.sockets.secure tools.test ; "password" >>password [ ] with-secure-context ] unit-test + +[ t ] [ os windows? ssl-certificate-verification-supported? or ] unit-test diff --git a/basis/io/sockets/secure/secure.factor b/basis/io/sockets/secure/secure.factor index 987e58d3fb..550541ce1b 100644 --- a/basis/io/sockets/secure/secure.factor +++ b/basis/io/sockets/secure/secure.factor @@ -12,8 +12,10 @@ SYMBOL: secure-socket-timeout SYMBOL: secure-socket-backend HOOK: ssl-supported? secure-socket-backend ( -- ? ) +HOOK: ssl-certificate-verification-supported? secure-socket-backend ( -- ? ) M: object ssl-supported? f ; +M: object ssl-certificate-verification-supported? f ; SINGLETONS: SSLv2 SSLv23 SSLv3 TLSv1 ; @@ -30,7 +32,7 @@ ephemeral-key-bits ; secure-config new SSLv23 >>method 1024 >>ephemeral-key-bits - t >>verify ; + ssl-certificate-verification-supported? >>verify ; TUPLE: secure-context < disposable config handle ; @@ -106,5 +108,5 @@ HOOK: accept-secure-handshake secure-socket-backend ( -- ) { { [ os unix? ] [ "io.sockets.secure.unix" require ] } - { [ os windows? ] [ "openssl" require ] } + { [ os windows? ] [ "io.sockets.secure.windows" require ] } } cond diff --git a/basis/io/sockets/secure/unix/unix.factor b/basis/io/sockets/secure/unix/unix.factor index 0fb4a44dc5..7905dfd6e3 100644 --- a/basis/io/sockets/secure/unix/unix.factor +++ b/basis/io/sockets/secure/unix/unix.factor @@ -12,6 +12,7 @@ FROM: io.ports => shutdown ; IN: io.sockets.secure.unix M: openssl ssl-supported? t ; +M: openssl ssl-certificate-verification-supported? t ; M: ssl-handle handle-fd file>> handle-fd ; diff --git a/basis/io/sockets/secure/windows/windows.factor b/basis/io/sockets/secure/windows/windows.factor index d2538c12ba..7d98fd114f 100644 --- a/basis/io/sockets/secure/windows/windows.factor +++ b/basis/io/sockets/secure/windows/windows.factor @@ -1,17 +1,19 @@ USING: accessors - alien + alien alien.c-types alien.data combinators fry io io.sockets.private io.sockets.secure io.sockets.secure.openssl io.sockets.windows io.timeouts kernel - openssl openssl.libcrypto openssl.libssl ; + openssl openssl.libcrypto openssl.libssl + windows.winsock ; IN: io.sockets.secure.windows ! Most of this vocab is duplicated code from io.sockets.secure.unix so ! you could probably unify them. M: openssl ssl-supported? t ; +M: openssl ssl-certificate-verification-supported? f ; : ( winsock -- ssl ) [ handle>> alien-address BIO_NOCLOSE BIO_new_socket ] keep @@ -20,6 +22,10 @@ M: openssl ssl-supported? t ; M: secure ((client)) ( addrspec -- handle ) addrspec>> ((client)) ; +M: secure (get-local-address) ( handle remote -- sockaddr ) + [ file>> handle>> ] [ addrspec>> empty-sockaddr/size int ] bi* + [ getsockname socket-error ] 2keep drop ; + : establish-ssl-connection ( client-out remote -- ) make-sockaddr/size swap >>port