* include/hbznet.h
* src/rtl/hbinet.c
+ added new C function hb_znetInetTimeout()
* minor cleanup (local variables localization)
* contrib/hbssl/hbssl.hbm
* contrib/hbssl/hbssl.hbx
+ contrib/hbssl/ssl_inet.c
+ added support for SSL/TLS encryption in hb_inet*() sockets.
To enable SSL/TLS encryption on such socket it's enough to
call hb_inetSSL_connect() or hb_inetSSL_accept() passing as
1-st parameter hb_inet socket item with already established
connection and in in the 2-nd parameter SSL item. The peer
should call second function. In general hb_inetSSL_connect()
should be called by client and hb_inetSSL_accept() by server.
To use hb_inetSSL_accept() it's necessary to also set
certificated (at least self ;-)) encryption keys. See the
example I committed to test directory.
The exact syntax of new functions is:
hb_inetSSL_connect( <pSocket>, <pSSL> [, <nTimeout> ] )
hb_inetSSL_accept( <pSocket>, <pSSL> [, <nTimeout> ] )
To use hb_inet*() functions to connect with SSL/TLS server
Harbour users only have to call hb_inetSSL_connect() after
setting connection, i.e.:
IF !Empty( sock := hb_inetConnect( cServer, nPort ) )
ssl_ctx := SSL_CTX_new()
IF hb_inetSSL_connect( sock, SSL_new( ssl_ctx ) ) == 1
// SSL connection established
// now user can use all hb_inet*() functions is
// the same way as for raw TCP connections and
// all parameters like timeouts are fully supported
// but transmission is encrypted.
[...]
ENDIF
ENDIF
It's not longer necessary to use SSL_set_fd() + SSL_connect()
and then SSL_read() / SSL_write() / hb_SSL_read_line() /
hb_SSL_read_all().
BTW hb_SSL_read_line() and hb_SSL_read_all() in HBSSL library
are broken and have to be fixed.
TODO: Now HBTIP library can be nicely simplified and additional
code for SSL/TLS read/write operations removed. It's
enough to once call hb_inetSSL_connect() if SSL/TLS
encryption is needed.
+ contrib/hbssl/tests/inetssl.prg
+ added test code for hb_inet*() SSL/TLS connections.
It's client and server example which also generates self
certificated encryption keys running openssl command.
If this code is linked with non console GT then user
should generated certificates himself (see comment in
LoadCertificates() function for more information).
7886f9f0ea