35fe3becc7
* contrib/hbssl/hbssl.h
* contrib/hbssl/ssl_sock.c
* contrib/hbssl/ssl_inet.c
+ added new 'PHB_ITEM pSSL' parameter to hb_sockexNewSSL() and
hb_ssl_socketNew() C functions - it allows to bind harbour item
with SSL pointer which should not be released before connection
is closed. In new OpenSSL version such tricks can be replaced
by SSL_up_ref()
This modification also fixes possible GPF trap when SSL filter
socket was create dynamically from C code without SSL pointer
item on HVM stack in 2-nd parameter and removes old hack which
saved internally 2-nd HVM stack parameter.
+ allow to pass SSL_CTX instead of SSL in "ssl", "ctx" or "key" items
of hash array used to initialize SSL socket filter. Using SSL_CTX
allows to use the same hash array to set SSL socket filter for
different connections
+ allow to use codeblocks or function pointers as "ssl", "ctx" or
"key" items of hash array used to initialize SSL socket filter
* contrib/hbssl/hbssl.h
* contrib/hbssl/sslctx.c
+ added new C function:
SSL_CTX * hb_SSL_CTX_itemGet( PHB_ITEM pItem )
* contrib/hbssl/ssl_sock.c
* src/rtl/hbcom.c
* src/rtl/hbsocket.c
! fixed timeout checking in select()/poll()
* src/rtl/hbsockhb.c
! fixed possible GPF trap when socket filter refuse to create new
socket wrapper
* include/hbinit.h
* in GCC C++ builds for startup code use GCC constructor function
attribute instead of static variable initialization to avoid
warnings in new GCC versions
* src/rtl/hbntos.c
! fixed missing '-' in result of negative integer numbers - thanks
to Luigi Ferraris
* src/common/hbstr.c
+ added code to round integer part when the size of number is greater
then double precision (~16 digits).
149 lines
5.0 KiB
C
149 lines
5.0 KiB
C
/*
|
|
* SSL encryption for Harbour hb_inet*() connections
|
|
*
|
|
* Copyright 2014 Przemyslaw Czerpak <druzus / at / priv.onet.pl>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2, or (at your option)
|
|
* any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this software; see the file COPYING.txt. If not, write to
|
|
* the Free Software Foundation, Inc., 59 Temple Place, Suite 330,
|
|
* Boston, MA 02111-1307 USA (or visit the web site https://www.gnu.org/).
|
|
*
|
|
* As a special exception, the Harbour Project gives permission for
|
|
* additional uses of the text contained in its release of Harbour.
|
|
*
|
|
* The exception is that, if you link the Harbour libraries with other
|
|
* files to produce an executable, this does not by itself cause the
|
|
* resulting executable to be covered by the GNU General Public License.
|
|
* Your use of that executable is in no way restricted on account of
|
|
* linking the Harbour library code into it.
|
|
*
|
|
* This exception does not however invalidate any other reasons why
|
|
* the executable file might be covered by the GNU General Public License.
|
|
*
|
|
* This exception applies only to the code released by the Harbour
|
|
* Project under the name Harbour. If you copy code from other
|
|
* Harbour Project or Free Software Foundation releases into a copy of
|
|
* Harbour, as the General Public License permits, the exception does
|
|
* not apply to the code that you add in this way. To avoid misleading
|
|
* anyone as to the status of such modified files, you must delete
|
|
* this exception notice from them.
|
|
*
|
|
* If you write modifications of your own for Harbour, it is your choice
|
|
* whether to permit this exception to apply to your modifications.
|
|
* If you do not wish that, delete this exception notice.
|
|
*
|
|
*/
|
|
|
|
#define _HB_ZNET_INTERNAL_
|
|
|
|
#include "hbapi.h"
|
|
#include "hbapiitm.h"
|
|
#include "hbapierr.h"
|
|
#include "hbsocket.h"
|
|
#include "hbdate.h"
|
|
#include "hbznet.h"
|
|
#include "hbssl.h"
|
|
|
|
static long hb_inetReadSSL( PHB_ZNETSTREAM pStream, HB_SOCKET sd,
|
|
void * buffer, long len, HB_MAXINT timeout )
|
|
{
|
|
return hb_ssl_socketRead( ( PHB_SSLSTREAM ) pStream, sd, buffer, len, timeout );
|
|
}
|
|
|
|
static long hb_inetWriteSSL( PHB_ZNETSTREAM pStream, HB_SOCKET sd,
|
|
const void * buffer, long len, HB_MAXINT timeout,
|
|
long * plast )
|
|
{
|
|
return hb_ssl_socketWrite( ( PHB_SSLSTREAM ) pStream, sd, buffer, len, timeout, plast );
|
|
}
|
|
|
|
static void hb_inetCloseSSL( PHB_ZNETSTREAM pStream )
|
|
{
|
|
hb_ssl_socketClose( ( PHB_SSLSTREAM ) pStream );
|
|
}
|
|
|
|
static long hb_inetFlushSSL( PHB_ZNETSTREAM pStream, HB_SOCKET sd,
|
|
HB_MAXINT timeout, HB_BOOL fSync )
|
|
{
|
|
HB_SYMBOL_UNUSED( pStream );
|
|
HB_SYMBOL_UNUSED( sd );
|
|
HB_SYMBOL_UNUSED( timeout );
|
|
HB_SYMBOL_UNUSED( fSync );
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int hb_inetErrorSSL( PHB_ZNETSTREAM pStream )
|
|
{
|
|
HB_SYMBOL_UNUSED( pStream );
|
|
|
|
return hb_socketGetError();
|
|
}
|
|
|
|
static const char * hb_inetErrStrSSL( PHB_ZNETSTREAM pStream, int iError )
|
|
{
|
|
HB_SYMBOL_UNUSED( pStream );
|
|
|
|
return hb_ssl_socketErrorStr( iError );
|
|
}
|
|
|
|
static void hb_inetStartSSL( HB_BOOL fServer )
|
|
{
|
|
PHB_ITEM pItem = hb_param( 1, HB_IT_POINTER );
|
|
HB_SOCKET sd = hb_znetInetFD( pItem, HB_TRUE );
|
|
|
|
if( sd != HB_NO_SOCKET )
|
|
{
|
|
if( hb_SSL_is( 2 ) )
|
|
{
|
|
int iResult = -2;
|
|
SSL * ssl = hb_SSL_par( 2 );
|
|
|
|
if( ssl )
|
|
{
|
|
HB_MAXINT timeout = HB_ISNUM( 3 ) ? hb_parnint( 3 ) :
|
|
hb_znetInetTimeout( pItem, HB_FALSE );
|
|
PHB_SSLSTREAM pStream = hb_ssl_socketNew( sd, ssl, fServer, timeout,
|
|
hb_param( 2, HB_IT_POINTER ),
|
|
&iResult );
|
|
if( pStream )
|
|
{
|
|
if( ! hb_znetInetInitialize( pItem, ( PHB_ZNETSTREAM ) pStream,
|
|
hb_inetReadSSL, hb_inetWriteSSL,
|
|
hb_inetFlushSSL, hb_inetCloseSSL,
|
|
hb_inetErrorSSL, hb_inetErrStrSSL ) )
|
|
{
|
|
hb_ssl_socketClose( pStream );
|
|
iResult = -3;
|
|
}
|
|
}
|
|
}
|
|
hb_retni( iResult );
|
|
}
|
|
else
|
|
hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
|
|
}
|
|
}
|
|
|
|
/* hb_inetSSL_connect( <pSocket>, <pSSL> [, <nTimeout> ] ) */
|
|
HB_FUNC( HB_INETSSL_CONNECT )
|
|
{
|
|
hb_inetStartSSL( HB_FALSE );
|
|
}
|
|
|
|
/* hb_inetSSL_accept( <pSocket>, <pSSL> [, <nTimeout> ] ) */
|
|
HB_FUNC( HB_INETSSL_ACCEPT )
|
|
{
|
|
hb_inetStartSSL( HB_TRUE );
|
|
}
|