From 6af09f96800927563cecfd269be7f3b30676d02d Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Mon, 26 Jan 2009 09:19:55 +0000 Subject: [PATCH] 2009-01-26 10:19 UTC+0100 Viktor Szakats (harbour.01 syenar hu) * contrib/hbssl/common.mak * contrib/hbssl/Makefile * contrib/hbssl/hbssl.h + contrib/hbssl/sslsess.c + contrib/hbssl/sslciph.c * contrib/hbssl/ssl.c * contrib/hbssl/sslctx.c * contrib/hbssl/tests/test.prg + More SSL API added. --- harbour/ChangeLog | 11 ++ harbour/contrib/hbssl/Makefile | 2 + harbour/contrib/hbssl/common.mak | 2 + harbour/contrib/hbssl/hbssl.h | 13 +- harbour/contrib/hbssl/ssl.c | 132 +++++++++++++++++++ harbour/contrib/hbssl/sslciph.c | 101 +++++++++++++++ harbour/contrib/hbssl/sslctx.c | 166 ++++++++++++++++++++++-- harbour/contrib/hbssl/sslsess.c | 185 +++++++++++++++++++++++++++ harbour/contrib/hbssl/tests/test.prg | 39 +++++- 9 files changed, 632 insertions(+), 19 deletions(-) create mode 100644 harbour/contrib/hbssl/sslciph.c create mode 100644 harbour/contrib/hbssl/sslsess.c diff --git a/harbour/ChangeLog b/harbour/ChangeLog index 880e332ad5..600d533918 100644 --- a/harbour/ChangeLog +++ b/harbour/ChangeLog @@ -8,6 +8,17 @@ 2008-12-31 13:59 UTC+0100 Foo Bar (foo.bar foobar.org) */ +2009-01-26 10:19 UTC+0100 Viktor Szakats (harbour.01 syenar hu) + * contrib/hbssl/common.mak + * contrib/hbssl/Makefile + * contrib/hbssl/hbssl.h + + contrib/hbssl/sslsess.c + + contrib/hbssl/sslciph.c + * contrib/hbssl/ssl.c + * contrib/hbssl/sslctx.c + * contrib/hbssl/tests/test.prg + + More SSL API added. + 2009-01-26 01:07 UTC+0100 Francesco Saverio Giudice (info/at/fsgiudice.com) * harbour/contrib/examples/uhttpd/uhttpd.prg + Added CGIExec() function diff --git a/harbour/contrib/hbssl/Makefile b/harbour/contrib/hbssl/Makefile index 13e130374c..c9372c4476 100644 --- a/harbour/contrib/hbssl/Makefile +++ b/harbour/contrib/hbssl/Makefile @@ -26,8 +26,10 @@ C_USR += $(foreach d, $(HB_INC_OPENSSL_OK), -I$(d)) C_SOURCES=\ ssl.c \ + sslciph.c \ sslctx.c \ sslrand.c \ + sslsess.c \ PRG_HEADERS=\ hbssl.ch \ diff --git a/harbour/contrib/hbssl/common.mak b/harbour/contrib/hbssl/common.mak index 4a3dfc9037..0f6075c2f6 100644 --- a/harbour/contrib/hbssl/common.mak +++ b/harbour/contrib/hbssl/common.mak @@ -11,8 +11,10 @@ PRG_HEADERS = \ LIB_OBJS = \ $(OBJ_DIR)ssl$(OBJEXT) \ + $(OBJ_DIR)sslciph$(OBJEXT) \ $(OBJ_DIR)sslctx$(OBJEXT) \ $(OBJ_DIR)sslrand$(OBJEXT) \ + $(OBJ_DIR)sslsess$(OBJEXT) \ all: \ $(LIB_PATH) \ diff --git a/harbour/contrib/hbssl/hbssl.h b/harbour/contrib/hbssl/hbssl.h index 2d8746cb6a..23a981128b 100644 --- a/harbour/contrib/hbssl/hbssl.h +++ b/harbour/contrib/hbssl/hbssl.h @@ -57,10 +57,15 @@ #include "hbssl.ch" -extern void * hb_SSL_CTX_is( int iParam ); -extern SSL_CTX * hb_SSL_CTX_par( int iParam ); +extern SSL_METHOD * hb_ssl_method_id_to_ptr( int n ); -extern void * hb_SSL_is( int iParam ); -extern SSL * hb_SSL_par( int iParam ); +extern void * hb_SSL_CTX_is( int iParam ); +extern SSL_CTX * hb_SSL_CTX_par( int iParam ); + +extern void * hb_SSL_is( int iParam ); +extern SSL * hb_SSL_par( int iParam ); + +extern void * hb_SSL_SESSION_is( int iParam ); +extern SSL_SESSION * hb_SSL_SESSION_par( int iParam ); #endif /* HBSSL_H_ */ diff --git a/harbour/contrib/hbssl/ssl.c b/harbour/contrib/hbssl/ssl.c index 7168c1a839..5cd5aa8422 100644 --- a/harbour/contrib/hbssl/ssl.c +++ b/harbour/contrib/hbssl/ssl.c @@ -268,6 +268,19 @@ HB_FUNC( SSL_RENEGOTIATE ) hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); } +HB_FUNC( SSL_TOTAL_RENEGOTIATIONS ) +{ + if( hb_SSL_is( 1 ) ) + { + SSL * ssl = hb_SSL_par( 1 ); + + if( ssl ) + hb_retnl( SSL_total_renegotiations( ssl ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + HB_FUNC( SSL_SET_FD ) { if( hb_SSL_is( 1 ) ) @@ -438,3 +451,122 @@ HB_FUNC( SSL_WRITE ) else hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); } + +HB_FUNC( SSL_SET_SSL_METHOD ) +{ + if( hb_SSL_is( 1 ) ) + { + SSL * ssl = hb_SSL_par( 1 ); + + if( ssl ) + hb_retni( SSL_set_ssl_method( ssl, hb_ssl_method_id_to_ptr( hb_parni( 2 ) ) ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_GET_CURRENT_CIPHER ) +{ + if( hb_SSL_is( 1 ) ) + { + SSL * ssl = hb_SSL_par( 1 ); + + if( ssl ) + hb_retptr( ( void * ) SSL_get_current_cipher( ssl ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +/* +int SSL_add_dir_cert_subjects_to_stack(STACK *stack, const char *dir); +int SSL_add_file_cert_subjects_to_stack(STACK *stack, const char *file); +int SSL_add_client_CA(SSL *ssl, X509 *x); +char *SSL_alert_desc_string(int value); +char *SSL_alert_desc_string_long(int value); +char *SSL_alert_type_string(int value); +char *SSL_alert_type_string_long(int value); +int SSL_check_private_key(const SSL *ssl); +long SSL_clear_num_renegotiations(SSL *ssl); +void SSL_copy_session_id(SSL *t, const SSL *f); +long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg); +STACK *SSL_dup_CA_list(STACK *sk); +SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); +char *SSL_get_app_data(SSL *ssl); +X509 *SSL_get_certificate(const SSL *ssl); +int SSL_get_cipher_bits(const SSL *ssl, int *alg_bits); +char *SSL_get_cipher_list(const SSL *ssl, int n); +char *SSL_get_cipher_name(const SSL *ssl); +char *SSL_get_cipher_version(const SSL *ssl); +STACK *SSL_get_ciphers(const SSL *ssl); +STACK *SSL_get_client_CA_list(const SSL *ssl); +long SSL_get_default_timeout(const SSL *ssl); +int SSL_get_error(const SSL *ssl, int i); +char *SSL_get_ex_data(const SSL *ssl, int idx); +int SSL_get_ex_data_X509_STORE_CTX_idx(void); +int SSL_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) +int SSL_get_fd(const SSL *ssl); +void (*SSL_get_info_callback(const SSL *ssl);)() +STACK * SSL_get_peer_cert_chain(const SSL *ssl); +X509 * SSL_get_peer_certificate(const SSL *ssl); +EVP_PKEY * SSL_get_privatekey(SSL *ssl); +int SSL_get_quiet_shutdown(const SSL *ssl); +BIO * SSL_get_rbio(const SSL *ssl); +int SSL_get_read_ahead(const SSL *ssl); +SSL_SESSION *SSL_get_session(const SSL *ssl); +char * SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len); +int SSL_get_shutdown(const SSL *ssl); +const SSL_METHOD *SSL_get_ssl_method(SSL *ssl); +int SSL_get_state(const SSL *ssl); +int (*SSL_get_verify_callback(const SSL *ssl))(int,X509_STORE_CTX *) +int SSL_get_verify_mode(const SSL *ssl); +long SSL_get_verify_result(const SSL *ssl); +BIO * SSL_get_wbio(const SSL *ssl); +int SSL_in_accept_init(SSL *ssl); +int SSL_in_before(SSL *ssl); +int SSL_in_connect_init(SSL *ssl); +int SSL_in_init(SSL *ssl); +int SSL_is_init_finished(SSL *ssl); +STACK * SSL_load_client_CA_file(char *file); +void SSL_load_error_strings(void); +long SSL_num_renegotiations(SSL *ssl); +char * SSL_rstate_string(SSL *ssl); +char * SSL_rstate_string_long(SSL *ssl); +long SSL_session_reused(SSL *ssl); +void SSL_set_accept_state(SSL *ssl); +void SSL_set_app_data(SSL *ssl, char *arg); +void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); +int SSL_set_cipher_list(SSL *ssl, char *str); +void SSL_set_client_CA_list(SSL *ssl, STACK *list); +void SSL_set_connect_state(SSL *ssl); +int SSL_set_ex_data(SSL *ssl, int idx, char *arg); +int SSL_set_fd(SSL *ssl, int fd); +void SSL_set_info_callback(SSL *ssl, void (*cb);(void)) +void SSL_set_msg_callback(SSL *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); +void SSL_set_msg_callback_arg(SSL *ctx, void *arg); +void SSL_set_options(SSL *ssl, unsigned long op); +void SSL_set_quiet_shutdown(SSL *ssl, int mode); +void SSL_set_read_ahead(SSL *ssl, int yes); +int SSL_set_rfd(SSL *ssl, int fd); +int SSL_set_session(SSL *ssl, SSL_SESSION *session); +void SSL_set_shutdown(SSL *ssl, int mode); +void SSL_set_verify(SSL *ssl, int mode, int (*callback);(void)) +void SSL_set_verify_result(SSL *ssl, long arg); +int SSL_set_wfd(SSL *ssl, int fd); +char * SSL_state_string(const SSL *ssl); +char * SSL_state_string_long(const SSL *ssl); +int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len); +int SSL_use_PrivateKey_file(SSL *ssl, char *file, int type); +int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); +int SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type); +int SSL_use_certificate(SSL *ssl, X509 *x); +int SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d); +int SSL_use_certificate_file(SSL *ssl, char *file, int type); +void SSL_set_psk_client_callback(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)); +int SSL_use_psk_identity_hint(SSL *ssl, const char *hint); +void SSL_set_psk_server_callback(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len)); +const char *SSL_get_psk_identity_hint(SSL *ssl); +const char *SSL_get_psk_identity(SSL *ssl); +*/ diff --git a/harbour/contrib/hbssl/sslciph.c b/harbour/contrib/hbssl/sslciph.c new file mode 100644 index 0000000000..52a3525daa --- /dev/null +++ b/harbour/contrib/hbssl/sslciph.c @@ -0,0 +1,101 @@ +/* + * $Id$ + */ + +/* + * Harbour Project source code: + * OpenSSL API (SSL_CIPHER) - Harbour interface. + * + * Copyright 2009 Viktor Szakats + * www - http://www.harbour-project.org + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; see the file COPYING. If not, write to + * the Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307 USA (or visit the web site http://www.gnu.org/). + * + * As a special exception, the Harbour Project gives permission for + * additional uses of the text contained in its release of Harbour. + * + * The exception is that, if you link the Harbour libraries with other + * files to produce an executable, this does not by itself cause the + * resulting executable to be covered by the GNU General Public License. + * Your use of that executable is in no way restricted on account of + * linking the Harbour library code into it. + * + * This exception does not however invalidate any other reasons why + * the executable file might be covered by the GNU General Public License. + * + * This exception applies only to the code released by the Harbour + * Project under the name Harbour. If you copy code from other + * Harbour Project or Free Software Foundation releases into a copy of + * Harbour, as the General Public License permits, the exception does + * not apply to the code that you add in this way. To avoid misleading + * anyone as to the status of such modified files, you must delete + * this exception notice from them. + * + * If you write modifications of your own for Harbour, it is your choice + * whether to permit this exception to apply to your modifications. + * If you do not wish that, delete this exception notice. + * + */ + +#include "hbapi.h" +#include "hbapierr.h" + +#include "hbssl.h" + +HB_FUNC( SSL_CIPHER_DESCRIPTION ) +{ + if( ISPOINTER( 1 ) ) + { + char buffer[ 128 ]; + + hb_retc( hb_parptr( 1 ) ? SSL_CIPHER_description( ( SSL_CIPHER * ) hb_parptr( 1 ), buffer, sizeof( buffer ) ) : NULL ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_CIPHER_GET_BITS ) +{ + if( ISPOINTER( 1 ) ) + { + int alg_bits = 0; + + if( hb_parptr( 1 ) ) + hb_retni( SSL_CIPHER_get_bits( ( SSL_CIPHER * ) hb_parptr( 1 ), &alg_bits ) ); + else + hb_retni( 0 ); + + hb_storni( alg_bits, 2 ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_CIPHER_GET_NAME ) +{ + if( ISPOINTER( 1 ) ) + hb_retc( hb_parptr( 1 ) ? SSL_CIPHER_get_name( ( SSL_CIPHER * ) hb_parptr( 1 ) ) : NULL ); + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_CIPHER_GET_VERSION ) +{ + if( ISPOINTER( 1 ) ) + hb_retc( hb_parptr( 1 ) ? SSL_CIPHER_get_version( ( SSL_CIPHER * ) hb_parptr( 1 ) ) : NULL ); + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} diff --git a/harbour/contrib/hbssl/sslctx.c b/harbour/contrib/hbssl/sslctx.c index a727de0838..420a343e10 100644 --- a/harbour/contrib/hbssl/sslctx.c +++ b/harbour/contrib/hbssl/sslctx.c @@ -104,14 +104,11 @@ SSL_CTX * hb_SSL_CTX_par( int iParam ) return ph ? ( SSL_CTX * ) * ph : NULL; } -HB_FUNC( SSL_CTX_NEW ) +SSL_METHOD * hb_ssl_method_id_to_ptr( int n ) { - void ** ph = ( void ** ) hb_gcAlloc( sizeof( SSL_CTX * ), SSL_CTX_release ); - - SSL_CTX * ctx; SSL_METHOD * method; - switch( hb_parni( 1 ) ) + switch( n ) { case HB_SSL_CTX_NEW_METHOD_SSLV2 : method = SSLv2_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV2_SERVER : method = SSLv2_server_method(); break; @@ -128,21 +125,28 @@ HB_FUNC( SSL_CTX_NEW ) default : method = SSLv23_method(); } - ctx = SSL_CTX_new( method ); + return method; +} + +HB_FUNC( SSL_CTX_NEW ) +{ + void ** ph = ( void ** ) hb_gcAlloc( sizeof( SSL_CTX * ), SSL_CTX_release ); + + SSL_CTX * ctx = SSL_CTX_new( hb_ssl_method_id_to_ptr( hb_parni( 1 ) ) ); * ph = ( void * ) ctx; hb_retptrGC( ph ); } -HB_FUNC( SSL_CTX_FLUSH_SESSIONS ) +HB_FUNC( SSL_CTX_SET_SSL_VERSION ) { if( hb_SSL_CTX_is( 1 ) ) { SSL_CTX * ctx = hb_SSL_CTX_par( 1 ); if( ctx ) - SSL_CTX_flush_sessions( ctx, hb_parnl( 2 ) ); + hb_retni( SSL_CTX_set_ssl_version( ctx, hb_ssl_method_id_to_ptr( hb_parni( 2 ) ) ) ); } else hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); @@ -187,7 +191,153 @@ HB_FUNC( SSL_CTX_SET_CIPHER_LIST ) hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); } +HB_FUNC( SSL_CTX_ADD_SESSION ) +{ + if( hb_SSL_CTX_is( 1 ) && hb_SSL_SESSION_is( 2 ) ) + { + SSL_CTX * ctx = hb_SSL_CTX_par( 1 ); + SSL_SESSION * session = hb_SSL_SESSION_par( 2 ); + + if( ctx && session ) + hb_retni( SSL_CTX_add_session( ctx, session ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_CTX_REMOVE_SESSION ) +{ + if( hb_SSL_CTX_is( 1 ) && hb_SSL_SESSION_is( 2 ) ) + { + SSL_CTX * ctx = hb_SSL_CTX_par( 1 ); + SSL_SESSION * session = hb_SSL_SESSION_par( 2 ); + + if( ctx && session ) + hb_retni( SSL_CTX_remove_session( ctx, session ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_CTX_FLUSH_SESSIONS ) +{ + if( hb_SSL_CTX_is( 1 ) ) + { + SSL_CTX * ctx = hb_SSL_CTX_par( 1 ); + + if( ctx ) + SSL_CTX_flush_sessions( ctx, hb_parnl( 2 ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_CTX_GET_SESSION_CACHE_MODE ) +{ + if( hb_SSL_CTX_is( 1 ) ) + { + SSL_CTX * ctx = hb_SSL_CTX_par( 1 ); + + if( ctx ) + hb_retni( SSL_CTX_get_session_cache_mode( ctx ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_CTX_SET_SESSION_CACHE_MODE ) +{ + if( hb_SSL_CTX_is( 1 ) ) + { + SSL_CTX * ctx = hb_SSL_CTX_par( 1 ); + + if( ctx ) + SSL_CTX_set_session_cache_mode( ctx, hb_parni( 2 ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + /* X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *); + +int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); +long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); +int SSL_CTX_check_private_key(const SSL_CTX *ctx); +long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg); +char *SSL_CTX_get_app_data(SSL_CTX *ctx); +X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx); +STACK *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); +int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); +char *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx); +int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) +void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(SSL *ssl, int cb, int ret); +int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); +long SSL_CTX_get_timeout(const SSL_CTX *ctx); +int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx); +int SSL_CTX_get_verify_mode(SSL_CTX *ctx); +int SSL_CTX_load_verify_locations(SSL_CTX *ctx, char *CAfile, char *CApath); +long SSL_CTX_need_tmp_RSA(SSL_CTX *ctx); +int SSL_CTX_sess_accept(SSL_CTX *ctx); +int SSL_CTX_sess_accept_good(SSL_CTX *ctx); +int SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx); +int SSL_CTX_sess_cache_full(SSL_CTX *ctx); +int SSL_CTX_sess_cb_hits(SSL_CTX *ctx); +int SSL_CTX_sess_connect(SSL_CTX *ctx); +int SSL_CTX_sess_connect_good(SSL_CTX *ctx); +int SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx); +int SSL_CTX_sess_get_cache_size(SSL_CTX *ctx); +SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy); +int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess); +void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess); +int SSL_CTX_sess_hits(SSL_CTX *ctx); +int SSL_CTX_sess_misses(SSL_CTX *ctx); +int SSL_CTX_sess_number(SSL_CTX *ctx); +void SSL_CTX_sess_set_cache_size(SSL_CTX *ctx,t); +void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy)); +void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess)); +void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)); +int SSL_CTX_sess_timeouts(SSL_CTX *ctx); +LHASH *SSL_CTX_sessions(SSL_CTX *ctx); +void SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg); +void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *cs); +void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(), char *arg) +int SSL_CTX_set_cipher_list(SSL_CTX *ctx, char *str); +void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list); +void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); +void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, int (*cb);(void)) +void SSL_CTX_set_default_read_ahead(SSL_CTX *ctx, int m); +int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); +int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg); +void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret)); +void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); +void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg); +void SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); +void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); +void SSL_CTX_set_timeout(SSL_CTX *ctx, long t); +long SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH *dh); +long SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*cb)(void)); +long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa); +SSL_CTX_set_tmp_rsa_callback +long SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int export, int keylength)); + +Sets the callback which will be called when a temporary private key is required. The export flag will be set if the reason for needing a temp key is that an export ciphersuite is in use, in which case, keylength will contain the required keylength in bits. Generate a key of appropriate size (using ???) and return it. +SSL_set_tmp_rsa_callback +long SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength)); + +The same as SSL_CTX_set_tmp_rsa_callback, except it operates on an SSL session instead of a context. +void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb);(void)) +int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d, long len); +int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, char *file, int type); +int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); +int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, char *file, int type); +int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); +int SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type); +void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)); +int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); +void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len)); */ diff --git a/harbour/contrib/hbssl/sslsess.c b/harbour/contrib/hbssl/sslsess.c new file mode 100644 index 0000000000..be3a701311 --- /dev/null +++ b/harbour/contrib/hbssl/sslsess.c @@ -0,0 +1,185 @@ +/* + * $Id$ + */ + +/* + * Harbour Project source code: + * OpenSSL API (SSL_SESSION) - Harbour interface. + * + * Copyright 2009 Viktor Szakats + * www - http://www.harbour-project.org + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; see the file COPYING. If not, write to + * the Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307 USA (or visit the web site http://www.gnu.org/). + * + * As a special exception, the Harbour Project gives permission for + * additional uses of the text contained in its release of Harbour. + * + * The exception is that, if you link the Harbour libraries with other + * files to produce an executable, this does not by itself cause the + * resulting executable to be covered by the GNU General Public License. + * Your use of that executable is in no way restricted on account of + * linking the Harbour library code into it. + * + * This exception does not however invalidate any other reasons why + * the executable file might be covered by the GNU General Public License. + * + * This exception applies only to the code released by the Harbour + * Project under the name Harbour. If you copy code from other + * Harbour Project or Free Software Foundation releases into a copy of + * Harbour, as the General Public License permits, the exception does + * not apply to the code that you add in this way. To avoid misleading + * anyone as to the status of such modified files, you must delete + * this exception notice from them. + * + * If you write modifications of your own for Harbour, it is your choice + * whether to permit this exception to apply to your modifications. + * If you do not wish that, delete this exception notice. + * + */ + +#define HB_OS_WIN_32_USED + +#include "hbapi.h" +#include "hbapierr.h" + +#include "hbssl.h" + +static HB_GARBAGE_FUNC( SSL_SESSION_release ) +{ + void ** ph = ( void ** ) Cargo; + + /* Check if pointer is not NULL to avoid multiple freeing */ + if( ph && * ph ) + { + /* Destroy the object */ + SSL_SESSION_free( ( SSL_SESSION * ) * ph ); + + /* set pointer to NULL just in case */ + * ph = NULL; + } +} + +void * hb_SSL_SESSION_is( int iParam ) +{ + return hb_parptrGC( SSL_SESSION_release, iParam ); +} + +SSL_SESSION * hb_SSL_SESSION_par( int iParam ) +{ + void ** ph = ( void ** ) hb_parptrGC( SSL_SESSION_release, iParam ); + + return ph ? ( SSL_SESSION * ) * ph : NULL; +} + +HB_FUNC( SSL_SESSION_NEW ) +{ + void ** ph = ( void ** ) hb_gcAlloc( sizeof( SSL_SESSION * ), SSL_SESSION_release ); + + SSL_SESSION * session = SSL_SESSION_new(); + + * ph = ( void * ) session; + + hb_retptrGC( ph ); +} + +HB_FUNC( SSL_SESSION_CMP ) +{ + if( hb_SSL_SESSION_is( 1 ) && hb_SSL_SESSION_is( 2 ) ) + { + SSL_SESSION * session1 = hb_SSL_SESSION_par( 1 ); + SSL_SESSION * session2 = hb_SSL_SESSION_par( 2 ); + + if( session1 && session2 ) + hb_retni( SSL_SESSION_cmp( session1, session2 ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_SESSION_SET_TIME ) +{ + if( hb_SSL_SESSION_is( 1 ) ) + { + SSL_SESSION * session = hb_SSL_SESSION_par( 1 ); + + if( session ) + hb_retnl( SSL_SESSION_set_time( session, hb_parnl( 2 ) ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_SESSION_SET_TIMEOUT ) +{ + if( hb_SSL_SESSION_is( 1 ) ) + { + SSL_SESSION * session = hb_SSL_SESSION_par( 1 ); + + if( session ) + hb_retnl( SSL_SESSION_set_timeout( session, hb_parnl( 2 ) ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_SESSION_GET_TIME ) +{ + if( hb_SSL_SESSION_is( 1 ) ) + { + SSL_SESSION * session = hb_SSL_SESSION_par( 1 ); + + if( session ) + hb_retnl( SSL_SESSION_get_time( session ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_SESSION_GET_TIMEOUT ) +{ + if( hb_SSL_SESSION_is( 1 ) ) + { + SSL_SESSION * session = hb_SSL_SESSION_par( 1 ); + + if( session ) + hb_retnl( SSL_SESSION_get_timeout( session ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_SESSION_HASH ) +{ + if( hb_SSL_SESSION_is( 1 ) ) + { + SSL_SESSION * session = hb_SSL_SESSION_par( 1 ); + + if( session ) + hb_retnl( SSL_SESSION_hash( session ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +/* +void SSL_SESSION_set_app_data(SSL_SESSION *s, char *a); +char *SSL_SESSION_get_app_data(SSL_SESSION *s); +int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, char *arg); +char *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx); +int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(void), int (*dup_func)(void), void (*free_func)(void)) +int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x); +int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x); +*/ diff --git a/harbour/contrib/hbssl/tests/test.prg b/harbour/contrib/hbssl/tests/test.prg index 84cad7d592..9dee14d72f 100644 --- a/harbour/contrib/hbssl/tests/test.prg +++ b/harbour/contrib/hbssl/tests/test.prg @@ -12,6 +12,19 @@ PROCEDURE Main() LOCAL ssl_ctx LOCAL ssl + LOCAL cipher + + LOCAL socket + LOCAL buffer := Space( 1000 ) + + // + + hb_inetInit() + socket := hb_inetCreate() + ? hb_inetTimeout( socket, 500 ) + ? hb_inetConnect( "www.harbour-project.org", 443, socket ) + + // SSL_INIT() @@ -22,16 +35,28 @@ PROCEDURE Main() ? SSLEAY_VERSION( HB_SSLEAY_PLATFORM ) ? SSLEAY_VERSION( HB_SSLEAY_DIR ) - SSL_RAND_seed( "some entropy" ) + ? "SSL_RAND_SEED", SSL_RAND_seed( "some entropy" ) - ssl_ctx := SSL_CTX_NEW() + ? "SSL_CTX_NEW", ssl_ctx := SSL_CTX_NEW() - ? ssl_ctx + ? "SSL_NEW", ssl := SSL_NEW( ssl_ctx ) + ? "SSL_GET_CURRENT_CIPHER", cipher := SSL_GET_CURRENT_CIPHER( ssl ) + ? "SSL_VERSION", SSL_VERSION( ssl ) + ? "SSL_GET_VERSION", SSL_GET_VERSION( ssl ) - ssl := SSL_NEW( ssl_ctx ) + ? "SSL_CIPHER_GET_NAME" , SSL_CIPHER_GET_NAME( cipher ) + ? "SSL_CIPHER_GET_VERSION", SSL_CIPHER_GET_VERSION( cipher ) + ? "SSL_CIPHER_GET_BITS" , SSL_CIPHER_GET_BITS( cipher ) + ? "SSL_CIPHER_DESCRIPTION", SSL_CIPHER_DESCRIPTION( cipher ) - ? ssl - ? SSL_VERSION( ssl ) - ? SSL_GET_VERSION( ssl ) + ? "SSL_SET_FD", SSL_SET_FD( ssl, hb_inetFD( socket ) ) + ? "SSL_CONNECT", SSL_CONNECT( ssl ) + + ? "SSL_WRITE", SSL_WRITE( ssl, "GET / http/1.1" ) + ? "SSL_READ", SSL_READ( ssl, @buffer ) + + ? buffer + + ? hb_inetClose( socket ) RETURN