steve
/
factor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

io.sockets.secure.windows: Add some code for loading the certificates on 

windows. Still disabled, and the CA certificates are duplicated.
db4
Doug Coleman 2016-03-13 16:10:43 -07:00
parent d9a39ce5e4
commit bb7161a46f
1 changed files with 53 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
basis/io/sockets/secure/windows/windows.factor
View File

@ -1,11 +1,60 @@
USING: accessors alien io.ports io.sockets.private io.sockets.secure USING: accessors alien alien.c-types alien.data alien.strings
io.sockets.secure.openssl io.sockets.windows kernel locals openssl calendar combinators combinators.short-circuit destructors io
openssl.libcrypto openssl.libssl windows.winsock system ; io.encodings.utf8 io.ports io.sockets.private io.sockets.secure
io.sockets.secure.openssl io.sockets.windows kernel libc locals
math math.order openssl openssl.libcrypto openssl.libssl system
windows.crypt32 windows.errors windows.time windows.winsock ;
IN: io.sockets.secure.windows IN: io.sockets.secure.windows
M: openssl ssl-supported? t ; M: openssl ssl-supported? t ;
M: openssl ssl-certificate-verification-supported? f ; M: openssl ssl-certificate-verification-supported? f ;
: close-windows-cert-store ( HCERTSTORE -- )
0 CertCloseStore win32-error=0/f ;
: load-windows-cert-store ( string -- HCERTSTORE )
[ f ] dip CertOpenSystemStore
[ win32-error-string throw ] when-zero ;
: X509-NAME. ( X509_NAME -- )
f 0 X509_NAME_oneline
[ utf8 alien>string print ] [ (free) ] bi ;
: X509. ( X509 -- )
{
[ X509_get_subject_name "subject: " write X509-NAME. ]
[ X509_get_issuer_name "issuer: " write X509-NAME. ]
} cleave ;
: add-cert-to-store ( cert-store cert -- )
X509_STORE_add_cert ssl-error ;
:: set-windows-certs-for ( name -- )
[
name load-windows-cert-store :> cs
X509_STORE_new :> x509-store
f :> ctx!
[ ctx ]
[
cs ctx CertEnumCertificatesInStore ctx!
ctx [
f ctx [ pbCertEncoded>> void* <ref> ]
[ cbCertEncoded>> ] bi d2i_X509
{
[ ssl-error ]
! [ X509. ]
[ x509-store swap X509_STORE_add_cert ssl-error ]
} cleave
] when
] do while
] with-destructors ;
! XXX: the MSFT cert is in "CA" twice, and throws an error
! when loading the second time.
: set-windows-certs ( -- )
! "CA" set-windows-certs-for
"ROOT" set-windows-certs-for ;
M: windows socket-handle handle>> alien-address ; M: windows socket-handle handle>> alien-address ;
M: secure ((client)) ( addrspec -- handle ) M: secure ((client)) ( addrspec -- handle )