* contrib/hbssl/evp.c
* clear key and iv buffers before passing them to EVP_BytesToKey()
otherwise some uninitialized bytes are accessed and valgrind reports
uninitialized memory access
* contrib/hbssl/evpciph.c
! fixed typo in index in my previous commit
* contrib/hbssl/tests/digest.prg
! use OPENSSL_VERSION_NUMBER() instead OPENSSL_VERSION() to retrieve
OpenSSL version number
* contrib/hbssl/tests/inetssl.prg
* updated to use 2048 RSA certificates instead of 1024 ones which are
no more supported by modern OpenSSL libraries
* contrib/hbssl/tests/pem.prg
* cleaned output
* contrib/hbssl/hbssl.h
* contrib/hbssl/evppkey.c
+ added new C function
void hb_EVP_PKEY_ret( EVP_PKEY * pkey );
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/pem.c
+ added new PRG functions:
PEM_READ_PRIVATEKEY()
PEM_READ_PUBKEY()
* contrib/hbssl/ssl_sock.c
! added missing HB_SOCKET_ERR_TIMEOUT setting in hb_ssl_socketRead()
! fixed cleared to early SSL error code in hb_ssl_socketWrite()
* contrib/hbssl/tests/inetssl.prg
! interrupt test program if server thread stops
* load server certificates before listen socket is created
* src/rdd/dbfnsx/dbfnsx1.c
! code cleanup to pacify warnings in new GCC versions
* src/rtl/filesys.c
! check if child's fork() was executed successfully
* src/rtl/hbproces.c
! use hb_fsCloseRaw() instead of close() in hb_fsProcessExec() to avoid
lost handles when close() operation is interrupted by signal.
! repeat waitpid() calls interrupted by signal
* *
% remove brandings and homepage [1] from copyright header. Pass 1 - using script.
[1] nobody has access to it anymore AFAIK - and it's also just
a redirect since long
! update url in copyright header
; this should make the diff between 3.4 and 3.2 easier to manage
* include/hbsocket.h
* src/rtl/hbsockhb.c
+ added socket filters to standard socket API.
At C level hb_sockex*() function with PHB_SOCKEX handler can be
used to operate on socket filters. At PRG level standard hb_socket*()
functions can be used.
The following things has been changed in PRG hb_socket*() functions:
hb_socketErorrString() can accept <pSocket> as 1-st or 2-nd parameter
and redirect call to socket filter errorStr() method.
hb_socketClose() executes automatically shutdown() for connected
sockets - it is important in windows only where without explicit
call to shutdown() before close transmitted data can be lost.
hb_socketSend() and hb_socketRecv() can be redirected to filter
streams if filter set such redirection. If filter does not redirect
them then they operate on raw sockets. If hb_socketSend() is
redirected then sent data is flushed automatically.
The following new PRG functions has been added:
Add/replace socket filter:
hb_socketSetFilter( <pSocket>, [<cFilterName>], [<hParams>] )
-> <pSocket> | NIL
<cFilterName> is filter name, It's possible to set many filters
in single hb_socketSetFilter() call separating filter names
with "|" character, i.e.:
pSock := hb_socketSetFilter( pSock, "ZSOCK|BFSOCK", hParams )
<hParams> is hash array with initialization parameters used by
given socket filter. The core implementation recognize the
following settings:
"readahead" - numeric value with size of read ahead buffer
"flush" - numeric value with auto flush parameter (for more
information look at hb_socketAutoFlush() below)
"redir" - logical value which can be use to enable/disable
hb_socketSend() and hb_socketRecv() redirection
to filter stream.
Return filter name used by socket:
hb_socketGetFilter( <pSocket> ) -> <cFilterName>
Read from socket stream:
hb_socketRead( <pSocket>, @<cData>, [<nLen> = Len( cData )],
[<nTimeout> = FOREVER] ) -> <nRead>
this function is similar to hb_socketRecv() but is always
redirected to socket stream filters.
Write to socket stream:
hb_socketWrite( <pSocket>, <cData>, [<nLen> = Len( cData )],
[<nTimeout> = FOREVER] ) -> <nWritten>
this function is similar to hb_socketSend() but it is always
redirected to socket stream filters. Written data is not flushed
by default and it should be flushed explicitly by hb_socketFlush().
Automatic flushing can be enabled by hb_socketAutoFlush() function.
Flush data written to socket:
hb_socketFlush( <pSocket>, [<nTimeout> = FOREVER], [<lSync>] )
-> <nNotFlushed>
<lSync> parameter is logical value which can be used to force
special synchronization method in some filters. Usually users
do not have to use it in normal code.
Enable/disable automatic flushing of written data.
hb_socketAutoFlush( <pSocket>, [ <nTimeout> ] ) -> <nTimeout>
<nTimeout> is timeout for automatic flush operation on written
data in milliseconds. <nTimeout> = -1 means wait forever and
<nTimeout> = 0 disables auto flush.
automatic flushing can help in adopting existing code anyhow it
may strongly reduce the performance in some filters, i.e.
compression filters like ZSOCK have to add special data to the
stream after each flush operation so it's suggested to call
flush explicitly when we want to force delivering written data
to the peer.
* include/hbznet.h
* src/rtl/hbznet.c
+ added ZNET socket filter - compressed and encrypted streams are
compatible with hb_znet*() streams. The old hb_znet*() interface
is obsolete for pure socket communication and if not used as
hb_inet*() filter then should be replaced by hb_sockex*() in
user programs.
ZNET socket filter can be created by new PRG functions:
hb_socketNewZNet( <pSocket>, [<cPass>], [<nCompressionLevel>], ;
[<nStrategy>] ) -> <pSocket> | NIL
or by standard socket API with "ZNET" as filter name.
ZNET filter recognize the following settings in initialization
hash array:
"key" or "pass" - string with encryption password
"zlib" - numeric compression level (HB_ZLIB_COMPRESSION_*)
"zs" - numeric ZLIB compression strategy (HB_ZLIB_STRATEGY_*)
ZNET filter always disables any other filters and operates on raw
socket.
Please remember that it's optional module. If programmer does not
use hb_socketNewZNet() explicitly and prefers using hb_socketNew()
then he should force linking this module by REQUEST hb_socketNewZNet
+ added fSync parameter to hb_znetFlush()
[INCOMPATIBLE]
* src/rtl/hbinet.c
* call flush filter function before socket is closed
* src/rtl/Makefile
+ src/rtl/hbzsock.c
+ added ZSOCK socket filter - ZLIB and GZIP compression for socket
streams.
ZSOCK socket filter can be created by new PRG functions:
hb_socketNewZSock( <pSocket>, [<hParams>] ) -> <pSocket> | NIL
or by standard socket API with "ZSOCK" as filter name.
Programmers using hb_socketNew() can force linking this module by
REQUEST hb_socketNewZSock
ZSOCK filter can be used with other filters.
ZSOCK filter recognize the following settings in initialization
hash array:
"zlib" - numeric compression level (HB_ZLIB_COMPRESSION_*)
"zs" - numeric ZLIB compression strategy (HB_ZLIB_STRATEGY_*)
"zin" - logical value which allow to enable/disable ZLIB
decompression on input stream (default)
"gzin" - logical value which allow to enable/disable GZIP
decompression on input stream - it's possible to
enable both ZLIB and GZIP decompression together
so both streams can be decompress
"zout" - logical value which allow to enable/disable ZLIB
compression on output stream (default)
"gzout" - logical value which allow to enable/disable GZIP
compression on output stream - if both "zout" and
"gzout" are enabled GZIP compression is used.
* src/rtl/Makefile
+ src/rtl/hbbfsock.c
+ added BFSOCK socket filter - BlowFish input and output stream
encryption in CTR mode.
BFSOCK socket filter can be created by new PRG functions:
hb_socketNewBFSock( <pSocket>, [<hParams>] ) -> <pSocket> | NIL
or by standard socket API with "BFSOCK" as filter name.
Programmers using hb_socketNew() can force linking this module by
REQUEST hb_socketNewBFSock
BFSOCK filter can be used with other filters, i.e. with ZSOCK.
Please only remember that good encryption algorithms have to
generate data which cannot be compressed so using "BFSOCK|ZSOCK"
only wastes resources and correct filter order is "ZSOCK|BFSOCK".
BFSOCK filter recognize the following settings in initialization
hash array:
"key" or "pass" - string with encryption password
"iv" - string with initialization vector for CTR mode
* contrib/hbssl/hbssl.ch
* contrib/hbssl/hbssl.h
* contrib/hbssl/hbssl.hbm
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/ssl.c
* contrib/hbssl/ssl_inet.c
+ contrib/hbssl/ssl_sock.c
+ added SSL socket filter
SSL socket filter can be created by new PRG functions:
hb_socketNewSSL_connect( <pSocket>, <pSSL> [, <nTimeout> ] )
-> <pSocketSSL> | NIL
hb_socketNewSSL_accept( <pSocket>, <pSSL> [, <nTimeout> ] )
-> <pSocketSSL> | NIL
or by standard socket API with "SSL" as filter name.
Programmers using hb_socketNew() can force linking this module by
REQUEST hb_socketNewSSL_connect
or
REQUEST hb_socketNewSSL_accept
SSL filter always disables any other filters and operates on raw
socket.
SSL filter recognize the following settings in initialization hash
array:
"ctx" or "key" - pointer SSL item <pSSL>
"timeout" - timeout (numeric)
"client" - logical value indicating client mode (SSL_connect())
"server" - logical value indicating server mode (SSL_accept())
* contrib/hbssl/tests/inetssl.prg
! cleaned typo in local function name
* contrib/hbnetio/netiocli.c
* contrib/hbnetio/netiosrv.c
* use new Harbour extended socket API (hb_sockex*()) instead of
raw sockets and hb_znet*()
* contrib/hbtcpio/tcpio.c
* use new Harbour extended socket API (hb_sockex*()) instead of
raw sockets
+ implemented hb_fileFlush()
* contrib/hbssl/tests/inetssl.prg
* contrib/rddads/ads1.c
* src/rtl/teditor.prg
* formatting of my recent modifications taken from Viktor's branch
* src/common/hbfsapi.c
* src/compiler/complex.c
* formatting
* include/hbset.h
* src/vm/set.c
* src/nortl/nortl.c
+ add new C functions to change HVM set values:
hb_setSetFileCase(), hb_setSetDirCase(), hb_setSetDirSeparator(),
hb_setSetTrimFileName()
* include/hbcomp.h
* include/hbcompdf.h
* src/compiler/cmdcheck.c
* src/compiler/hbmain.c
* src/compiler/ppcomp.c
* src/compiler/genc.c
* src/compiler/hbusage.c
* src/nortl/nortl.c
* rewritten code used to parse command line and environment parameters.
New code is covered by GPL + Harbour exception license.
All parameters are decoded by only one function and whole code is
smaller so it's much easier to modify this code.
! fixed some small bugs and incompatibilities with Cl*pper in parameter
parsing
! fixed -y undocumented (YYDEBUG) switch
- removed -x[<prefix>] set symbol init function name prefix (for .c only)
compiler command line switch
* moved -fn[:[l|u]|-] -fd[:[l|u]|-] -fp[:<char>] and -fs[-] switches
parsing to core compiler library. Now these switches are also works
with compiler library linked with HBMK2.
; TOFIX: HBMK2 ignores -fn/-fd switches and allocates temporary names
which are not compatible with names used later by harbour
compiler when above switches are activated. HBMK2 should
parse parameters and update SET FILECASE / SET DIRCASE before
it creates temporary files.
* include/hbznet.h
* src/rtl/hbinet.c
+ added new C function hb_znetInetTimeout()
* minor cleanup (local variables localization)
* contrib/hbssl/hbssl.hbm
* contrib/hbssl/hbssl.hbx
+ contrib/hbssl/ssl_inet.c
+ added support for SSL/TLS encryption in hb_inet*() sockets.
To enable SSL/TLS encryption on such socket it's enough to
call hb_inetSSL_connect() or hb_inetSSL_accept() passing as
1-st parameter hb_inet socket item with already established
connection and in in the 2-nd parameter SSL item. The peer
should call second function. In general hb_inetSSL_connect()
should be called by client and hb_inetSSL_accept() by server.
To use hb_inetSSL_accept() it's necessary to also set
certificated (at least self ;-)) encryption keys. See the
example I committed to test directory.
The exact syntax of new functions is:
hb_inetSSL_connect( <pSocket>, <pSSL> [, <nTimeout> ] )
hb_inetSSL_accept( <pSocket>, <pSSL> [, <nTimeout> ] )
To use hb_inet*() functions to connect with SSL/TLS server
Harbour users only have to call hb_inetSSL_connect() after
setting connection, i.e.:
IF !Empty( sock := hb_inetConnect( cServer, nPort ) )
ssl_ctx := SSL_CTX_new()
IF hb_inetSSL_connect( sock, SSL_new( ssl_ctx ) ) == 1
// SSL connection established
// now user can use all hb_inet*() functions is
// the same way as for raw TCP connections and
// all parameters like timeouts are fully supported
// but transmission is encrypted.
[...]
ENDIF
ENDIF
It's not longer necessary to use SSL_set_fd() + SSL_connect()
and then SSL_read() / SSL_write() / hb_SSL_read_line() /
hb_SSL_read_all().
BTW hb_SSL_read_line() and hb_SSL_read_all() in HBSSL library
are broken and have to be fixed.
TODO: Now HBTIP library can be nicely simplified and additional
code for SSL/TLS read/write operations removed. It's
enough to once call hb_inetSSL_connect() if SSL/TLS
encryption is needed.
+ contrib/hbssl/tests/inetssl.prg
+ added test code for hb_inet*() SSL/TLS connections.
It's client and server example which also generates self
certificated encryption keys running openssl command.
If this code is linked with non console GT then user
should generated certificates himself (see comment in
LoadCertificates() function for more information).
* (all files)
* stripped svn header
* minor cleanups
; use following command to find out the history of files:
git log
git log --follow
git blame
git annotate
