efde19ca13be8a67cfe0d641205b95321fa3fdfd
8 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Przemysław Czerpak
|
611a7ac281 |
2018-11-16 16:33 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
* contrib/hbssl/bio.c
* contrib/hbssl/err.c
* contrib/hbssl/evp.c
* contrib/hbssl/evpciph.c
* contrib/hbssl/evpenc.c
* contrib/hbssl/evpmd.c
* contrib/hbssl/evppkey.c
* contrib/hbssl/hbssl.ch
* contrib/hbssl/hbssl.h
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/pem.c
* contrib/hbssl/rand.c
* contrib/hbssl/ssl.c
* contrib/hbssl/ssl_hb.c
* contrib/hbssl/ssl_inet.c
* contrib/hbssl/ssl_sock.c
* contrib/hbssl/sslciph.c
* contrib/hbssl/sslctx.c
* contrib/hbssl/sslsess.c
* contrib/hbssl/x509.c
* synced with Viktor's 3.4 branch and updated to OpenSSL 1.1
* include/hbsocket.h
* src/rtl/hbsocket.c
+ added new C function:
HB_U16 hb_socketNToHS( HB_U16 netshort )
* include/hbapiitm.h
* src/vm/itemapi.c
+ added new C functions:
const char * hb_itemGetCRef( PHB_ITEM pItem, void ** phRef,
HB_SIZE * pnLen );
void hb_itemFreeCRef( void * hRef );
hb_itemGetCRef() locks string inside character item so it cannot be
released when item is cleared an hb_itemFreeCRef() unlocks it and
free if item holding it was cleared.
|
||
|
Viktor Szakats
|
9f16c2bf8e |
2017-08-13 18:27 UTC Viktor Szakats (vszakats users.noreply.github.com)
* *
* update copyright headers with new FSF postal address
* COPYING.txt -> LICENSE.txt (rest of repo to be synced)
|
||
|
Przemysław Czerpak
|
35fe3becc7 |
2016-09-28 19:55 UTC+0200 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
* contrib/hbssl/hbssl.h
* contrib/hbssl/ssl_sock.c
* contrib/hbssl/ssl_inet.c
+ added new 'PHB_ITEM pSSL' parameter to hb_sockexNewSSL() and
hb_ssl_socketNew() C functions - it allows to bind harbour item
with SSL pointer which should not be released before connection
is closed. In new OpenSSL version such tricks can be replaced
by SSL_up_ref()
This modification also fixes possible GPF trap when SSL filter
socket was create dynamically from C code without SSL pointer
item on HVM stack in 2-nd parameter and removes old hack which
saved internally 2-nd HVM stack parameter.
+ allow to pass SSL_CTX instead of SSL in "ssl", "ctx" or "key" items
of hash array used to initialize SSL socket filter. Using SSL_CTX
allows to use the same hash array to set SSL socket filter for
different connections
+ allow to use codeblocks or function pointers as "ssl", "ctx" or
"key" items of hash array used to initialize SSL socket filter
* contrib/hbssl/hbssl.h
* contrib/hbssl/sslctx.c
+ added new C function:
SSL_CTX * hb_SSL_CTX_itemGet( PHB_ITEM pItem )
* contrib/hbssl/ssl_sock.c
* src/rtl/hbcom.c
* src/rtl/hbsocket.c
! fixed timeout checking in select()/poll()
* src/rtl/hbsockhb.c
! fixed possible GPF trap when socket filter refuse to create new
socket wrapper
* include/hbinit.h
* in GCC C++ builds for startup code use GCC constructor function
attribute instead of static variable initialization to avoid
warnings in new GCC versions
* src/rtl/hbntos.c
! fixed missing '-' in result of negative integer numbers - thanks
to Luigi Ferraris
* src/common/hbstr.c
+ added code to round integer part when the size of number is greater
then double precision (~16 digits).
|
||
|
Viktor Szakats
|
58faf91453 |
2016-01-14 19:17 UTC+0100 Viktor Szakats (vszakats users.noreply.github.com)
* *
% remove brandings and homepage [1] from copyright header. Pass 1 - using script.
[1] nobody has access to it anymore AFAIK - and it's also just
a redirect since long
! update url in copyright header
; this should make the diff between 3.4 and 3.2 easier to manage
|
||
|
Przemysław Czerpak
|
41b8ecb6c7 |
2015-08-26 15:51 UTC+0200 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
* include/hbsocket.h
* src/rtl/hbsockhb.c
+ added socket filters to standard socket API.
At C level hb_sockex*() function with PHB_SOCKEX handler can be
used to operate on socket filters. At PRG level standard hb_socket*()
functions can be used.
The following things has been changed in PRG hb_socket*() functions:
hb_socketErorrString() can accept <pSocket> as 1-st or 2-nd parameter
and redirect call to socket filter errorStr() method.
hb_socketClose() executes automatically shutdown() for connected
sockets - it is important in windows only where without explicit
call to shutdown() before close transmitted data can be lost.
hb_socketSend() and hb_socketRecv() can be redirected to filter
streams if filter set such redirection. If filter does not redirect
them then they operate on raw sockets. If hb_socketSend() is
redirected then sent data is flushed automatically.
The following new PRG functions has been added:
Add/replace socket filter:
hb_socketSetFilter( <pSocket>, [<cFilterName>], [<hParams>] )
-> <pSocket> | NIL
<cFilterName> is filter name, It's possible to set many filters
in single hb_socketSetFilter() call separating filter names
with "|" character, i.e.:
pSock := hb_socketSetFilter( pSock, "ZSOCK|BFSOCK", hParams )
<hParams> is hash array with initialization parameters used by
given socket filter. The core implementation recognize the
following settings:
"readahead" - numeric value with size of read ahead buffer
"flush" - numeric value with auto flush parameter (for more
information look at hb_socketAutoFlush() below)
"redir" - logical value which can be use to enable/disable
hb_socketSend() and hb_socketRecv() redirection
to filter stream.
Return filter name used by socket:
hb_socketGetFilter( <pSocket> ) -> <cFilterName>
Read from socket stream:
hb_socketRead( <pSocket>, @<cData>, [<nLen> = Len( cData )],
[<nTimeout> = FOREVER] ) -> <nRead>
this function is similar to hb_socketRecv() but is always
redirected to socket stream filters.
Write to socket stream:
hb_socketWrite( <pSocket>, <cData>, [<nLen> = Len( cData )],
[<nTimeout> = FOREVER] ) -> <nWritten>
this function is similar to hb_socketSend() but it is always
redirected to socket stream filters. Written data is not flushed
by default and it should be flushed explicitly by hb_socketFlush().
Automatic flushing can be enabled by hb_socketAutoFlush() function.
Flush data written to socket:
hb_socketFlush( <pSocket>, [<nTimeout> = FOREVER], [<lSync>] )
-> <nNotFlushed>
<lSync> parameter is logical value which can be used to force
special synchronization method in some filters. Usually users
do not have to use it in normal code.
Enable/disable automatic flushing of written data.
hb_socketAutoFlush( <pSocket>, [ <nTimeout> ] ) -> <nTimeout>
<nTimeout> is timeout for automatic flush operation on written
data in milliseconds. <nTimeout> = -1 means wait forever and
<nTimeout> = 0 disables auto flush.
automatic flushing can help in adopting existing code anyhow it
may strongly reduce the performance in some filters, i.e.
compression filters like ZSOCK have to add special data to the
stream after each flush operation so it's suggested to call
flush explicitly when we want to force delivering written data
to the peer.
* include/hbznet.h
* src/rtl/hbznet.c
+ added ZNET socket filter - compressed and encrypted streams are
compatible with hb_znet*() streams. The old hb_znet*() interface
is obsolete for pure socket communication and if not used as
hb_inet*() filter then should be replaced by hb_sockex*() in
user programs.
ZNET socket filter can be created by new PRG functions:
hb_socketNewZNet( <pSocket>, [<cPass>], [<nCompressionLevel>], ;
[<nStrategy>] ) -> <pSocket> | NIL
or by standard socket API with "ZNET" as filter name.
ZNET filter recognize the following settings in initialization
hash array:
"key" or "pass" - string with encryption password
"zlib" - numeric compression level (HB_ZLIB_COMPRESSION_*)
"zs" - numeric ZLIB compression strategy (HB_ZLIB_STRATEGY_*)
ZNET filter always disables any other filters and operates on raw
socket.
Please remember that it's optional module. If programmer does not
use hb_socketNewZNet() explicitly and prefers using hb_socketNew()
then he should force linking this module by REQUEST hb_socketNewZNet
+ added fSync parameter to hb_znetFlush()
[INCOMPATIBLE]
* src/rtl/hbinet.c
* call flush filter function before socket is closed
* src/rtl/Makefile
+ src/rtl/hbzsock.c
+ added ZSOCK socket filter - ZLIB and GZIP compression for socket
streams.
ZSOCK socket filter can be created by new PRG functions:
hb_socketNewZSock( <pSocket>, [<hParams>] ) -> <pSocket> | NIL
or by standard socket API with "ZSOCK" as filter name.
Programmers using hb_socketNew() can force linking this module by
REQUEST hb_socketNewZSock
ZSOCK filter can be used with other filters.
ZSOCK filter recognize the following settings in initialization
hash array:
"zlib" - numeric compression level (HB_ZLIB_COMPRESSION_*)
"zs" - numeric ZLIB compression strategy (HB_ZLIB_STRATEGY_*)
"zin" - logical value which allow to enable/disable ZLIB
decompression on input stream (default)
"gzin" - logical value which allow to enable/disable GZIP
decompression on input stream - it's possible to
enable both ZLIB and GZIP decompression together
so both streams can be decompress
"zout" - logical value which allow to enable/disable ZLIB
compression on output stream (default)
"gzout" - logical value which allow to enable/disable GZIP
compression on output stream - if both "zout" and
"gzout" are enabled GZIP compression is used.
* src/rtl/Makefile
+ src/rtl/hbbfsock.c
+ added BFSOCK socket filter - BlowFish input and output stream
encryption in CTR mode.
BFSOCK socket filter can be created by new PRG functions:
hb_socketNewBFSock( <pSocket>, [<hParams>] ) -> <pSocket> | NIL
or by standard socket API with "BFSOCK" as filter name.
Programmers using hb_socketNew() can force linking this module by
REQUEST hb_socketNewBFSock
BFSOCK filter can be used with other filters, i.e. with ZSOCK.
Please only remember that good encryption algorithms have to
generate data which cannot be compressed so using "BFSOCK|ZSOCK"
only wastes resources and correct filter order is "ZSOCK|BFSOCK".
BFSOCK filter recognize the following settings in initialization
hash array:
"key" or "pass" - string with encryption password
"iv" - string with initialization vector for CTR mode
* contrib/hbssl/hbssl.ch
* contrib/hbssl/hbssl.h
* contrib/hbssl/hbssl.hbm
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/ssl.c
* contrib/hbssl/ssl_inet.c
+ contrib/hbssl/ssl_sock.c
+ added SSL socket filter
SSL socket filter can be created by new PRG functions:
hb_socketNewSSL_connect( <pSocket>, <pSSL> [, <nTimeout> ] )
-> <pSocketSSL> | NIL
hb_socketNewSSL_accept( <pSocket>, <pSSL> [, <nTimeout> ] )
-> <pSocketSSL> | NIL
or by standard socket API with "SSL" as filter name.
Programmers using hb_socketNew() can force linking this module by
REQUEST hb_socketNewSSL_connect
or
REQUEST hb_socketNewSSL_accept
SSL filter always disables any other filters and operates on raw
socket.
SSL filter recognize the following settings in initialization hash
array:
"ctx" or "key" - pointer SSL item <pSSL>
"timeout" - timeout (numeric)
"client" - logical value indicating client mode (SSL_connect())
"server" - logical value indicating server mode (SSL_accept())
* contrib/hbssl/tests/inetssl.prg
! cleaned typo in local function name
* contrib/hbnetio/netiocli.c
* contrib/hbnetio/netiosrv.c
* use new Harbour extended socket API (hb_sockex*()) instead of
raw sockets and hb_znet*()
* contrib/hbtcpio/tcpio.c
* use new Harbour extended socket API (hb_sockex*()) instead of
raw sockets
+ implemented hb_fileFlush()
|
||
|
Przemysław Czerpak
|
24ebd4b617 |
2015-03-02 18:01 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
* contrib/hbssl/ssl_inet.c
! restored comment begin token removed by mistake in my last commit
|
||
|
Przemysław Czerpak
|
a6c8ffc884 |
2015-03-02 16:08 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
* src/rtl/hbinet.c
* contrib/hbssl/ssl_inet.c
! fixed unfinished code with error code translation - thanks to Abe
|
||
|
Przemysław Czerpak
|
7886f9f0ea |
2015-02-10 17:23 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
* include/hbznet.h
* src/rtl/hbinet.c
+ added new C function hb_znetInetTimeout()
* minor cleanup (local variables localization)
* contrib/hbssl/hbssl.hbm
* contrib/hbssl/hbssl.hbx
+ contrib/hbssl/ssl_inet.c
+ added support for SSL/TLS encryption in hb_inet*() sockets.
To enable SSL/TLS encryption on such socket it's enough to
call hb_inetSSL_connect() or hb_inetSSL_accept() passing as
1-st parameter hb_inet socket item with already established
connection and in in the 2-nd parameter SSL item. The peer
should call second function. In general hb_inetSSL_connect()
should be called by client and hb_inetSSL_accept() by server.
To use hb_inetSSL_accept() it's necessary to also set
certificated (at least self ;-)) encryption keys. See the
example I committed to test directory.
The exact syntax of new functions is:
hb_inetSSL_connect( <pSocket>, <pSSL> [, <nTimeout> ] )
hb_inetSSL_accept( <pSocket>, <pSSL> [, <nTimeout> ] )
To use hb_inet*() functions to connect with SSL/TLS server
Harbour users only have to call hb_inetSSL_connect() after
setting connection, i.e.:
IF !Empty( sock := hb_inetConnect( cServer, nPort ) )
ssl_ctx := SSL_CTX_new()
IF hb_inetSSL_connect( sock, SSL_new( ssl_ctx ) ) == 1
// SSL connection established
// now user can use all hb_inet*() functions is
// the same way as for raw TCP connections and
// all parameters like timeouts are fully supported
// but transmission is encrypted.
[...]
ENDIF
ENDIF
It's not longer necessary to use SSL_set_fd() + SSL_connect()
and then SSL_read() / SSL_write() / hb_SSL_read_line() /
hb_SSL_read_all().
BTW hb_SSL_read_line() and hb_SSL_read_all() in HBSSL library
are broken and have to be fixed.
TODO: Now HBTIP library can be nicely simplified and additional
code for SSL/TLS read/write operations removed. It's
enough to once call hb_inetSSL_connect() if SSL/TLS
encryption is needed.
+ contrib/hbssl/tests/inetssl.prg
+ added test code for hb_inet*() SSL/TLS connections.
It's client and server example which also generates self
certificated encryption keys running openssl command.
If this code is linked with non console GT then user
should generated certificates himself (see comment in
LoadCertificates() function for more information).
|