From c41ddb5647631f90a3b6acd0306dde38bf775d7f Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Mon, 20 Jul 2009 07:09:31 +0000 Subject: [PATCH] 2009-07-20 09:09 UTC+0200 Viktor Szakats (harbour.01 syenar.hu) * contrib/hbssl/ssl.c * contrib/hbssl/sslctx.c * contrib/hbssl/hbssl.ch + Added following functions: SSL_CTX_USE_CERTIFICATE() SSL_CTX_ADD_CLIENT_CA() SSL_CTX_ADD_EXTRA_CHAIN_CERT() SSL_CTX_USE_CERTIFICATE_FILE() SSL_CTX_USE_CERTIFICATE_CHAIN_FILE() SSL_CTX_USE_PRIVATEKEY_FILE() SSL_CTX_USE_RSAPRIVATEKEY_FILE() SSL_SET_CIPHER_LIST() SSL_GET_CERTIFICATE() SSL_USE_CERTIFICATE() SSL_ADD_CLIENT_CA() SSL_USE_CERTIFICATE_FILE() SSL_USE_PRIVATEKEY_FILE() SSL_USE_RSAPRIVATEKEY_FILE() --- harbour/ChangeLog | 92 ++++++++++++-------- harbour/contrib/hbssl/hbssl.ch | 103 ++++++++++++++-------- harbour/contrib/hbssl/ssl.c | 154 +++++++++++++++++++++++++-------- harbour/contrib/hbssl/sslctx.c | 107 ++++++++++++++++++++--- 4 files changed, 339 insertions(+), 117 deletions(-) diff --git a/harbour/ChangeLog b/harbour/ChangeLog index 70dab44d19..e04a76673f 100644 --- a/harbour/ChangeLog +++ b/harbour/ChangeLog @@ -17,47 +17,67 @@ past entries belonging to author(s): Viktor Szakats. */ +2009-07-20 09:09 UTC+0200 Viktor Szakats (harbour.01 syenar.hu) + * contrib/hbssl/ssl.c + * contrib/hbssl/sslctx.c + * contrib/hbssl/hbssl.ch + + Added following functions: + SSL_CTX_USE_CERTIFICATE() + SSL_CTX_ADD_CLIENT_CA() + SSL_CTX_ADD_EXTRA_CHAIN_CERT() + SSL_CTX_USE_CERTIFICATE_FILE() + SSL_CTX_USE_CERTIFICATE_CHAIN_FILE() + SSL_CTX_USE_PRIVATEKEY_FILE() + SSL_CTX_USE_RSAPRIVATEKEY_FILE() + SSL_SET_CIPHER_LIST() + SSL_GET_CERTIFICATE() + SSL_USE_CERTIFICATE() + SSL_ADD_CLIENT_CA() + SSL_USE_CERTIFICATE_FILE() + SSL_USE_PRIVATEKEY_FILE() + SSL_USE_RSAPRIVATEKEY_FILE() + 2009-07-20 00:48 UTC+0200 Viktor Szakats (harbour.01 syenar.hu) - * contrib/hbssl/ssl.c - + contrib/hbssl/hbssl.c - * contrib/hbssl/Makefile - + HB_SSL_READ_ALL() and HB_SSL_READ_LINE() rewritten. - (HB_SSL_READ_ALL() isn't fully optimal, and maybe there - are errors, please check.) - + Added SSL_GET_RFD(), SSL_GET_WFD(). + * contrib/hbssl/ssl.c + + contrib/hbssl/hbssl.c + * contrib/hbssl/Makefile + + HB_SSL_READ_ALL() and HB_SSL_READ_LINE() rewritten. + (HB_SSL_READ_ALL() isn't fully optimal, and maybe there + are errors, please check.) + + Added SSL_GET_RFD(), SSL_GET_WFD(). - * include/Makefile - + include/hbapinet.h - * source/rtl/hbinet.c - + Moved some basic declarations to new API header, - mainly to export hb_select[Read|Write]*() functions. - We will also need such header in the future when - we implement C level socket/networking API. Current - solution is quite messy since the header has to - pull Windows headers which may not be friendly with - all usages/include order. + * include/Makefile + + include/hbapinet.h + * source/rtl/hbinet.c + + Moved some basic declarations to new API header, + mainly to export hb_select[Read|Write]*() functions. + We will also need such header in the future when + we implement C level socket/networking API. Current + solution is quite messy since the header has to + pull Windows headers which may not be friendly with + all usages/include order. - * source/rtl/hbinet.c - * HB_SOCKET_STRUCT renamed to HB_SOCKET. - + Added PHB_SOCKET type. - + Added hb_selectReadFD(), hb_selectWriteFD() which - are similar to hb_selectReadSocket() and - hb_selectWriteSocket() but expect raw FD plus explicit - timeout values. - These function names and solutions are tentative - to solve SSL integration with Harbour, and hopefully - in the future we will have a clean net API, the current - one is very messy. + * source/rtl/hbinet.c + * HB_SOCKET_STRUCT renamed to HB_SOCKET. + + Added PHB_SOCKET type. + + Added hb_selectReadFD(), hb_selectWriteFD() which + are similar to hb_selectReadSocket() and + hb_selectWriteSocket() but expect raw FD plus explicit + timeout values. + These function names and solutions are tentative + to solve SSL integration with Harbour, and hopefully + in the future we will have a clean net API, the current + one is very messy. - * source/vm/itemapi.c - ! hb_itemPutCPtr(), hb_itemPutCLPtr() fixed to put empty - string to item if szText is NULL and length is non-zero, - instead of trying to free NULL pointer causing internal - error. + * source/vm/itemapi.c + ! hb_itemPutCPtr(), hb_itemPutCLPtr() fixed to put empty + string to item if szText is NULL and length is non-zero, + instead of trying to free NULL pointer causing internal + error. - * include/hbextlng.ch - * Corrected header to be in sync with CDP and not - to repeat the filename. + * include/hbextlng.ch + * Corrected header to be in sync with CDP and not + to repeat the filename. 2009-07-19 13:56 UTC-0800 Pritpal Bedi (pritpal@vouchcac.com) * contrib/hbqt/generator/hbqtgen.prg diff --git a/harbour/contrib/hbssl/hbssl.ch b/harbour/contrib/hbssl/hbssl.ch index 86a6d7ee96..43f007fbce 100644 --- a/harbour/contrib/hbssl/hbssl.ch +++ b/harbour/contrib/hbssl/hbssl.ch @@ -55,46 +55,77 @@ /* NOTE: This file is also used by C code. */ -#define HB_SSL_CTX_NEW_METHOD_UNKNOWN ( -2 ) -#define HB_SSL_CTX_NEW_METHOD_DEFAULT ( -1 ) -#define HB_SSL_CTX_NEW_METHOD_SSLV2 0 -#define HB_SSL_CTX_NEW_METHOD_SSLV2_SERVER 1 -#define HB_SSL_CTX_NEW_METHOD_SSLV2_CLIENT 2 -#define HB_SSL_CTX_NEW_METHOD_SSLV3 3 -#define HB_SSL_CTX_NEW_METHOD_SSLV3_SERVER 4 -#define HB_SSL_CTX_NEW_METHOD_SSLV3_CLIENT 5 -#define HB_SSL_CTX_NEW_METHOD_TLSV1 6 -#define HB_SSL_CTX_NEW_METHOD_TLSV1_SERVER 7 -#define HB_SSL_CTX_NEW_METHOD_TLSV1_CLIENT 8 -#define HB_SSL_CTX_NEW_METHOD_SSLV23 9 -#define HB_SSL_CTX_NEW_METHOD_SSLV23_SERVER 10 -#define HB_SSL_CTX_NEW_METHOD_SSLV23_CLIENT 11 +#define HB_SSL_CTX_NEW_METHOD_UNKNOWN ( -2 ) +#define HB_SSL_CTX_NEW_METHOD_DEFAULT ( -1 ) +#define HB_SSL_CTX_NEW_METHOD_SSLV2 0 +#define HB_SSL_CTX_NEW_METHOD_SSLV2_SERVER 1 +#define HB_SSL_CTX_NEW_METHOD_SSLV2_CLIENT 2 +#define HB_SSL_CTX_NEW_METHOD_SSLV3 3 +#define HB_SSL_CTX_NEW_METHOD_SSLV3_SERVER 4 +#define HB_SSL_CTX_NEW_METHOD_SSLV3_CLIENT 5 +#define HB_SSL_CTX_NEW_METHOD_TLSV1 6 +#define HB_SSL_CTX_NEW_METHOD_TLSV1_SERVER 7 +#define HB_SSL_CTX_NEW_METHOD_TLSV1_CLIENT 8 +#define HB_SSL_CTX_NEW_METHOD_SSLV23 9 +#define HB_SSL_CTX_NEW_METHOD_SSLV23_SERVER 10 +#define HB_SSL_CTX_NEW_METHOD_SSLV23_CLIENT 11 -#define HB_SSLEAY_VERSION 0 -#define HB_SSLEAY_CFLAGS 1 -#define HB_SSLEAY_BUILT_ON 2 -#define HB_SSLEAY_PLATFORM 3 -#define HB_SSLEAY_DIR 4 +#define HB_SSLEAY_VERSION 0 +#define HB_SSLEAY_CFLAGS 1 +#define HB_SSLEAY_BUILT_ON 2 +#define HB_SSLEAY_PLATFORM 3 +#define HB_SSLEAY_DIR 4 -#define HB_SSL_ERROR_NONE 0 -#define HB_SSL_ERROR_SSL 1 -#define HB_SSL_ERROR_WANT_READ 2 -#define HB_SSL_ERROR_WANT_WRITE 3 -#define HB_SSL_ERROR_WANT_X509_LOOKUP 4 -#define HB_SSL_ERROR_SYSCALL 5 -#define HB_SSL_ERROR_ZERO_RETURN 6 -#define HB_SSL_ERROR_WANT_CONNECT 7 -#define HB_SSL_ERROR_WANT_ACCEPT 8 +#define HB_SSL_ERROR_NONE 0 +#define HB_SSL_ERROR_SSL 1 +#define HB_SSL_ERROR_WANT_READ 2 +#define HB_SSL_ERROR_WANT_WRITE 3 +#define HB_SSL_ERROR_WANT_X509_LOOKUP 4 +#define HB_SSL_ERROR_SYSCALL 5 +#define HB_SSL_ERROR_ZERO_RETURN 6 +#define HB_SSL_ERROR_WANT_CONNECT 7 +#define HB_SSL_ERROR_WANT_ACCEPT 8 -#define HB_SSL_MODE_ENABLE_PARTIAL_WRITE 1 -#define HB_SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 2 -#define HB_SSL_MODE_AUTO_RETRY 4 -#define HB_SSL_MODE_NO_AUTO_CHAIN 8 +#define HB_SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001 +#define HB_SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002 +#define HB_SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008 +#define HB_SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010 +#define HB_SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020 +#define HB_SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040 +#define HB_SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080 +#define HB_SSL_OP_TLS_D5_BUG 0x00000100 +#define HB_SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200 +#define HB_SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800 +#define HB_SSL_OP_ALL 0x00000FFF +#define HB_SSL_OP_NO_QUERY_MTU 0x00001000 +#define HB_SSL_OP_COOKIE_EXCHANGE 0x00002000 +#define HB_SSL_OP_NO_TICKET 0x00004000 +#define HB_SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000 +#define HB_SSL_OP_SINGLE_ECDH_USE 0x00080000 +#define HB_SSL_OP_SINGLE_DH_USE 0x00100000 +#define HB_SSL_OP_EPHEMERAL_RSA 0x00200000 +#define HB_SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000 +#define HB_SSL_OP_TLS_ROLLBACK_BUG 0x00800000 +#define HB_SSL_OP_NO_SSLv2 0x01000000 +#define HB_SSL_OP_NO_SSLv3 0x02000000 +#define HB_SSL_OP_NO_TLSv1 0x04000000 +#define HB_SSL_OP_PKCS1_CHECK_1 0x08000000 +#define HB_SSL_OP_PKCS1_CHECK_2 0x10000000 +#define HB_SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000 +#define HB_SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000 -#define HB_SSL_SENT_SHUTDOWN 1 -#define HB_SSL_RECEIVED_SHUTDOWN 2 +#define HB_SSL_MODE_ENABLE_PARTIAL_WRITE 1 +#define HB_SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 2 +#define HB_SSL_MODE_AUTO_RETRY 4 +#define HB_SSL_MODE_NO_AUTO_CHAIN 8 -#define HB_BIO_NOCLOSE 0x00 -#define HB_BIO_CLOSE 0x01 +#define HB_SSL_SENT_SHUTDOWN 1 +#define HB_SSL_RECEIVED_SHUTDOWN 2 + +#define HB_SSL_FILETYPE_PEM 1 +#define HB_SSL_FILETYPE_ASN1 2 + +#define HB_BIO_NOCLOSE 0x00 +#define HB_BIO_CLOSE 0x01 #endif /* HBSSL_CH_ */ diff --git a/harbour/contrib/hbssl/ssl.c b/harbour/contrib/hbssl/ssl.c index 00b30cca5f..a650a82203 100644 --- a/harbour/contrib/hbssl/ssl.c +++ b/harbour/contrib/hbssl/ssl.c @@ -336,6 +336,32 @@ HB_FUNC( SSL_SET_FD ) hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); } +HB_FUNC( SSL_SET_RFD ) +{ + if( hb_SSL_is( 1 ) ) + { + SSL * ssl = hb_SSL_par( 1 ); + + if( ssl ) + hb_retni( SSL_set_rfd( ssl, hb_parni( 2 ) ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_SET_WFD ) +{ + if( hb_SSL_is( 1 ) ) + { + SSL * ssl = hb_SSL_par( 1 ); + + if( ssl ) + hb_retni( SSL_set_wfd( ssl, hb_parni( 2 ) ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + HB_FUNC( SSL_WANT ) { if( hb_SSL_is( 1 ) ) @@ -584,6 +610,19 @@ HB_FUNC( SSL_GET_CIPHER_LIST ) hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); } +HB_FUNC( SSL_SET_CIPHER_LIST ) +{ + if( hb_SSL_is( 1 ) ) + { + SSL * ssl = hb_SSL_par( 1 ); + + if( ssl && hb_parclen( 2 ) <= 255 ) + hb_retni( SSL_set_cipher_list( ssl, hb_parcx( 2 ) ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + HB_FUNC( SSL_GET_CIPHER_NAME ) { if( hb_SSL_is( 1 ) ) @@ -942,32 +981,6 @@ HB_FUNC( SSL_IS_INIT_FINISHED ) hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); } -HB_FUNC( SSL_SET_RFD ) -{ - if( hb_SSL_is( 1 ) ) - { - SSL * ssl = hb_SSL_par( 1 ); - - if( ssl ) - hb_retni( SSL_set_rfd( ssl, hb_parni( 2 ) ) ); - } - else - hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); -} - -HB_FUNC( SSL_SET_WFD ) -{ - if( hb_SSL_is( 1 ) ) - { - SSL * ssl = hb_SSL_par( 1 ); - - if( ssl ) - hb_retni( SSL_set_wfd( ssl, hb_parni( 2 ) ) ); - } - else - hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); -} - HB_FUNC( SSL_NUM_RENEGOTIATIONS ) { if( hb_SSL_is( 1 ) ) @@ -1163,6 +1176,19 @@ HB_FUNC( SSL_SET_MTU ) hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); } +HB_FUNC( SSL_GET_CERTIFICATE ) +{ + if( hb_SSL_is( 1 ) ) + { + SSL * ssl = hb_SSL_par( 1 ); + + if( ssl ) + hb_retptr( SSL_get_certificate( ssl ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + HB_FUNC( SSL_GET_PEER_CERTIFICATE ) { if( hb_SSL_is( 1 ) ) @@ -1176,18 +1202,79 @@ HB_FUNC( SSL_GET_PEER_CERTIFICATE ) hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); } +HB_FUNC( SSL_USE_CERTIFICATE ) +{ + if( hb_SSL_is( 1 ) ) + { + SSL * ssl = hb_SSL_par( 1 ); + X509 * x509 = hb_parptr( 2 ); + + if( ssl && x509 ) + hb_retni( SSL_use_certificate( ssl, x509 ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_ADD_CLIENT_CA ) +{ + if( hb_SSL_is( 1 ) ) + { + SSL * ssl = hb_SSL_par( 1 ); + X509 * x509 = hb_parptr( 2 ); + + if( ssl && x509 ) + hb_retni( SSL_add_client_CA( ssl, x509 ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_USE_CERTIFICATE_FILE ) +{ + if( hb_SSL_is( 1 ) ) + { + SSL * ssl = hb_SSL_par( 1 ); + + if( ssl ) + hb_retni( SSL_use_certificate_file( ssl, hb_parc( 2 ), hb_parni( 3 ) ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_USE_PRIVATEKEY_FILE ) +{ + if( hb_SSL_is( 1 ) ) + { + SSL * ssl = hb_SSL_par( 1 ); + + if( ssl ) + hb_retni( SSL_use_PrivateKey_file( ssl, hb_parc( 2 ), hb_parni( 3 ) ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_USE_RSAPRIVATEKEY_FILE ) +{ + if( hb_SSL_is( 1 ) ) + { + SSL * ssl = hb_SSL_par( 1 ); + + if( ssl ) + hb_retni( SSL_use_RSAPrivateKey_file( ssl, hb_parc( 2 ), hb_parni( 3 ) ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + /* -int SSL_set_cipher_list(SSL *ssl, char *str); int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len); -int SSL_use_PrivateKey_file(SSL *ssl, char *file, int type); int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); -int SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type); -int SSL_use_certificate(SSL *ssl, X509 *x); int SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d); -int SSL_use_certificate_file(SSL *ssl, char *file, int type); -int SSL_use_psk_identity_hint(SSL *ssl, const char *hint); void SSL_set_app_data(SSL *ssl, char *arg); int SSL_set_ex_data(SSL *ssl, int idx, char *arg); @@ -1196,17 +1283,14 @@ char * SSL_get_ex_data( ssl, int ); int SSL_add_dir_cert_subjects_to_stack(STACK *stack, const char *dir); int SSL_add_file_cert_subjects_to_stack(STACK *stack, const char *file); -int SSL_add_client_CA(SSL *ssl, X509 *x); STACK * SSL_dup_CA_list(STACK *sk); SSL_CTX * SSL_get_SSL_CTX(const SSL *ssl); -X509 * SSL_get_certificate(const SSL *ssl); STACK * SSL_get_ciphers(const SSL *ssl); STACK * SSL_get_client_CA_list(const SSL *ssl); int SSL_get_ex_data_X509_STORE_CTX_idx(void); int SSL_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) void (*SSL_get_info_callback(const SSL *ssl);)() STACK * SSL_get_peer_cert_chain(const SSL *ssl); -X509 * SSL_get_peer_certificate(const SSL *ssl); EVP_PKEY * SSL_get_privatekey(SSL *ssl); SSL_SESSION *SSL_get_session(const SSL *ssl); int (*SSL_get_verify_callback(const SSL *ssl))(int,X509_STORE_CTX *) diff --git a/harbour/contrib/hbssl/sslctx.c b/harbour/contrib/hbssl/sslctx.c index 6b9542865d..7b1fae6fce 100644 --- a/harbour/contrib/hbssl/sslctx.c +++ b/harbour/contrib/hbssl/sslctx.c @@ -184,7 +184,7 @@ HB_FUNC( SSL_CTX_SET_CIPHER_LIST ) { SSL_CTX * ctx = hb_SSL_CTX_par( 1 ); - if( ctx ) + if( ctx && hb_parclen( 2 ) <= 255 ) SSL_CTX_set_cipher_list( ctx, hb_parcx( 2 ) ); } else @@ -570,23 +570,110 @@ HB_FUNC( SSL_CTX_GET_MODE ) hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); } +HB_FUNC( SSL_CTX_USE_CERTIFICATE ) +{ + if( hb_SSL_CTX_is( 1 ) ) + { + SSL_CTX * ctx = hb_SSL_CTX_par( 1 ); + X509 * x509 = hb_parptr( 2 ); + + if( ctx && x509 ) + hb_retni( SSL_CTX_use_certificate( ctx, x509 ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_CTX_ADD_CLIENT_CA ) +{ + if( hb_SSL_CTX_is( 1 ) ) + { + SSL_CTX * ctx = hb_SSL_CTX_par( 1 ); + X509 * x509 = hb_parptr( 2 ); + + if( ctx && x509 ) + hb_retni( SSL_CTX_add_client_CA( ctx, x509 ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_CTX_ADD_EXTRA_CHAIN_CERT ) +{ + if( hb_SSL_CTX_is( 1 ) ) + { + SSL_CTX * ctx = hb_SSL_CTX_par( 1 ); + X509 * x509 = hb_parptr( 2 ); + + if( ctx && x509 ) + hb_retnl( SSL_CTX_add_extra_chain_cert( ctx, x509 ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_CTX_USE_CERTIFICATE_FILE ) +{ + if( hb_SSL_CTX_is( 1 ) ) + { + SSL_CTX * ctx = hb_SSL_CTX_par( 1 ); + + if( ctx ) + hb_retni( SSL_CTX_use_certificate_file( ctx, hb_parc( 2 ), hb_parni( 3 ) ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_CTX_USE_CERTIFICATE_CHAIN_FILE ) +{ + if( hb_SSL_CTX_is( 1 ) ) + { + SSL_CTX * ctx = hb_SSL_CTX_par( 1 ); + + if( ctx ) + hb_retni( SSL_CTX_use_certificate_chain_file( ctx, hb_parc( 2 ) ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_CTX_USE_PRIVATEKEY_FILE ) +{ + if( hb_SSL_CTX_is( 1 ) ) + { + SSL_CTX * ctx = hb_SSL_CTX_par( 1 ); + + if( ctx ) + hb_retni( SSL_CTX_use_PrivateKey_file( ctx, hb_parc( 2 ), hb_parni( 3 ) ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +HB_FUNC( SSL_CTX_USE_RSAPRIVATEKEY_FILE ) +{ + if( hb_SSL_CTX_is( 1 ) ) + { + SSL_CTX * ctx = hb_SSL_CTX_par( 1 ); + + if( ctx ) + hb_retni( SSL_CTX_use_RSAPrivateKey_file( ctx, hb_parc( 2 ), hb_parni( 3 ) ) ); + } + else + hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + /* +int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); + X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *); -int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); -long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *cs); -int SSL_CTX_set_cipher_list(SSL_CTX *ctx, char *str); int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d, long len); -int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, char *file, int type); int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); -int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, char *file, int type); -int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); -int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); -int SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type); -int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg); STACK *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);