#pike __REAL_VERSION__ |
|
#if constant(SSL.Cipher.CipherAlgorithm) |
|
import "."; |
|
MySSLPort port; |
int portno; |
string|int(0..0) interface; |
function(Request:void) callback; |
|
|
object|function|program request_program=Request; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void create(function(Request:void) _callback, |
void|int _portno, |
void|string _interface, void|string key, |
void|string|array(string) certificate) |
{ |
portno=_portno; |
if (!portno) portno=443; |
|
callback=_callback; |
interface=_interface; |
|
port=MySSLPort(); |
port->set_default_keycert(); |
if( key && certificate ) |
port->add_cert( key, certificate ); |
|
if (!port->bind(portno,new_connection,[string]interface)) |
error("HTTP.Server.SSLPort: failed to bind port %s%d: %s\n", |
interface?interface+":":"", |
portno,strerror(port->errno())); |
} |
|
|
void close() |
{ |
destruct(port); |
port=0; |
} |
|
void destroy() { close(); } |
|
|
protected void new_connection() |
{ |
SSL.sslfile fd=port->accept(); |
Request r=request_program(); |
r->attach_fd(fd,this,callback); |
} |
|
|
class MySSLPort |
{ |
|
inherit SSL.sslport; |
|
|
void set_default_keycert() |
{ |
foreach(({ Crypto.RSA(), Crypto.DSA(), |
#if constant(Crypto.ECC.Curve) |
Crypto.ECC.SECP_521R1.ECDSA(), |
#endif |
}), Crypto.Sign private_key) { |
private_key->set_random(Crypto.Random.random_string); |
switch(private_key->name()) { |
case "RSA": |
private_key->generate_key(4096); |
break; |
case "DSA": |
private_key->generate_key(4096, 160); |
break; |
default: |
|
private_key->generate_key(); |
break; |
} |
|
mapping a = ([ |
"organizationName" : "Pike TLS server", |
"commonName" : "*", |
]); |
|
add_cert( private_key, |
({ |
Standards.X509.make_selfsigned_certificate(private_key, |
3600*24*365, a) |
}) ); |
} |
} |
|
|
|
|
private Crypto.Sign tmp_key; |
private array(string) tmp_cert; |
|
|
__deprecated__ void set_key(string skey) |
{ |
tmp_key = Standards.PKCS.RSA.parse_private_key(skey) || |
Standards.PKCS.DSA.parse_private_key(skey) || |
#if constant(Crypto.ECC.Curve) |
Standards.PKCS.ECDSA.parse_private_key(skey) || |
#endif |
0; |
if( tmp_key && tmp_cert ) |
add_cert( tmp_key, tmp_cert ); |
} |
|
|
__deprecated__ void set_certificate(string|array(string) certificate) |
{ |
if(arrayp(certificate)) |
tmp_cert = [array(string)]certificate; |
else |
tmp_cert = ({ [string]certificate }); |
if( tmp_key && tmp_cert ) |
add_cert( tmp_key, tmp_cert ); |
} |
} |
|
string _sprintf(int t) { |
return t=='O' && sprintf("%O(%O:%d)", this_program, interface, portno); |
} |
|
#endif |
|
|