suzanne.soy/racket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Handle SSLv2 absence gracefully and update docs.

Browse Source
This commit is contained in:
Asumu Takikawa 2011-04-25 17:13:06 -04:00
parent 6d1b584271
commit 4cc0af90aa
2 changed files with 60 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
collects/openssl/mzssl.rkt
View File

@ -14,9 +14,11 @@
;; read/write (the opposite direction) didn't finish, and so that ;; read/write (the opposite direction) didn't finish, and so that
;; opposite must be completed, first. ;; opposite must be completed, first.
(module mzssl scheme (module mzssl racket/base
(require mzlib/foreign (require ffi/unsafe
mzlib/port ffi/unsafe/define
racket/port
racket/tcp
"libcrypto.rkt" "libcrypto.rkt"
"libssl.rkt") "libssl.rkt")
@ -61,8 +63,6 @@
ssl-port?) ssl-port?)
(unsafe!)
(define ssl-load-fail-reason (define ssl-load-fail-reason
(or libssl-load-fail-reason (or libssl-load-fail-reason
libcrypto-load-fail-reason)) libcrypto-load-fail-reason))
@ -74,21 +74,11 @@
;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; SSL bindings and constants ;; SSL bindings and constants
(define-syntax define-define-X (define-ffi-definer define-crypto libcrypto
(syntax-rules () #:default-make-fail make-not-available)
[(_ id chk lib) (define-ffi-definer define-ssl libssl
(define-syntax (id stx) #:default-make-fail make-not-available)
(syntax-case stx () (define-ffi-definer define-mzscheme libmz)
[(_ id type)
(with-syntax ([str (symbol->string (syntax-e #'id))])
#'(define id
(if chk
(get-ffi-obj str lib (_fun . type))
(lambda args (raise-not-available)))))]))]))
(define-define-X define-crypto libcrypto libcrypto)
(define-define-X define-ssl libssl libssl)
(define-define-X define-mzscheme #t libmz)
(define-syntax typedef (define-syntax typedef
(syntax-rules () (syntax-rules ()
@ -103,62 +93,62 @@
(typedef _X509_NAME* _pointer) (typedef _X509_NAME* _pointer)
(typedef _X509* _pointer) (typedef _X509* _pointer)
(define-ssl SSLv2_client_method (-> _SSL_METHOD*)) (define-ssl SSLv2_client_method (_fun -> _SSL_METHOD*))
(define-ssl SSLv2_server_method (-> _SSL_METHOD*)) (define-ssl SSLv2_server_method (_fun -> _SSL_METHOD*))
(define-ssl SSLv3_client_method (-> _SSL_METHOD*)) (define-ssl SSLv3_client_method (_fun -> _SSL_METHOD*))
(define-ssl SSLv3_server_method (-> _SSL_METHOD*)) (define-ssl SSLv3_server_method (_fun -> _SSL_METHOD*))
(define-ssl SSLv23_client_method (-> _SSL_METHOD*)) (define-ssl SSLv23_client_method (_fun -> _SSL_METHOD*))
(define-ssl SSLv23_server_method (-> _SSL_METHOD*)) (define-ssl SSLv23_server_method (_fun -> _SSL_METHOD*))
(define-ssl TLSv1_client_method (-> _SSL_METHOD*)) (define-ssl TLSv1_client_method (_fun -> _SSL_METHOD*))
(define-ssl TLSv1_server_method (-> _SSL_METHOD*)) (define-ssl TLSv1_server_method (_fun -> _SSL_METHOD*))
(define-crypto BIO_s_mem (-> _BIO_METHOD*)) (define-crypto BIO_s_mem (_fun -> _BIO_METHOD*))
(define-crypto BIO_new (_BIO_METHOD* -> _BIO*)) (define-crypto BIO_new (_fun _BIO_METHOD* -> _BIO*))
(define-crypto BIO_free (_BIO* -> _void)) (define-crypto BIO_free (_fun _BIO* -> _void))
(define-crypto BIO_read (_BIO* _bytes _int -> _int)) (define-crypto BIO_read (_fun _BIO* _bytes _int -> _int))
(define-crypto BIO_write (_BIO* _bytes _int -> _int)) (define-crypto BIO_write (_fun _BIO* _bytes _int -> _int))
(define-crypto BIO_ctrl (_BIO* _int _long _long -> _long)) (define-crypto BIO_ctrl (_fun _BIO* _int _long _long -> _long))
(define (BIO_set_mem_eof_return b v) (define (BIO_set_mem_eof_return b v)
(BIO_ctrl b BIO_C_SET_BUF_MEM_EOF_RETURN v 0)) (BIO_ctrl b BIO_C_SET_BUF_MEM_EOF_RETURN v 0))
(define-ssl SSL_CTX_new (_SSL_METHOD* -> _SSL_CTX*)) (define-ssl SSL_CTX_new (_fun _SSL_METHOD* -> _SSL_CTX*))
(define-ssl SSL_CTX_free (_SSL_CTX* -> _void)) (define-ssl SSL_CTX_free (_fun _SSL_CTX* -> _void))
(define-ssl SSL_CTX_ctrl (_SSL_CTX* _int _long _pointer -> _long)) (define-ssl SSL_CTX_ctrl (_fun _SSL_CTX* _int _long _pointer -> _long))
(define (SSL_CTX_set_mode ctx m) (define (SSL_CTX_set_mode ctx m)
(SSL_CTX_ctrl ctx SSL_CTRL_MODE m #f)) (SSL_CTX_ctrl ctx SSL_CTRL_MODE m #f))
(define-ssl SSL_CTX_set_verify (_SSL_CTX* _int _pointer -> _void)) (define-ssl SSL_CTX_set_verify (_fun _SSL_CTX* _int _pointer -> _void))
(define-ssl SSL_CTX_use_certificate_chain_file (_SSL_CTX* _bytes -> _int)) (define-ssl SSL_CTX_use_certificate_chain_file (_fun _SSL_CTX* _bytes -> _int))
(define-ssl SSL_CTX_load_verify_locations (_SSL_CTX* _bytes _pointer -> _int)) (define-ssl SSL_CTX_load_verify_locations (_fun _SSL_CTX* _bytes _pointer -> _int))
(define-ssl SSL_CTX_set_client_CA_list (_SSL_CTX* _X509_NAME* -> _int)) (define-ssl SSL_CTX_set_client_CA_list (_fun _SSL_CTX* _X509_NAME* -> _int))
(define-ssl SSL_CTX_set_session_id_context (_SSL_CTX* _bytes _int -> _int)) (define-ssl SSL_CTX_set_session_id_context (_fun _SSL_CTX* _bytes _int -> _int))
(define-ssl SSL_CTX_use_RSAPrivateKey_file (_SSL_CTX* _bytes _int -> _int)) (define-ssl SSL_CTX_use_RSAPrivateKey_file (_fun _SSL_CTX* _bytes _int -> _int))
(define-ssl SSL_CTX_use_PrivateKey_file (_SSL_CTX* _bytes _int -> _int)) (define-ssl SSL_CTX_use_PrivateKey_file (_fun _SSL_CTX* _bytes _int -> _int))
(define-ssl SSL_load_client_CA_file (_bytes -> _X509_NAME*)) (define-ssl SSL_load_client_CA_file (_fun _bytes -> _X509_NAME*))
(define-ssl SSL_new (_SSL_CTX* -> _SSL*)) (define-ssl SSL_new (_fun _SSL_CTX* -> _SSL*))
(define-ssl SSL_set_bio (_SSL* _BIO* _BIO* -> _void)) (define-ssl SSL_set_bio (_fun _SSL* _BIO* _BIO* -> _void))
(define-ssl SSL_connect (_SSL* -> _int)) (define-ssl SSL_connect (_fun _SSL* -> _int))
(define-ssl SSL_accept (_SSL* -> _int)) (define-ssl SSL_accept (_fun _SSL* -> _int))
(define-ssl SSL_free (_SSL* -> _void)) (define-ssl SSL_free (_fun _SSL* -> _void))
(define-ssl SSL_read (_SSL* _bytes _int -> _int)) (define-ssl SSL_read (_fun _SSL* _bytes _int -> _int))
(define-ssl SSL_write (_SSL* _bytes _int -> _int)) (define-ssl SSL_write (_fun _SSL* _bytes _int -> _int))
(define-ssl SSL_shutdown (_SSL* -> _int)) (define-ssl SSL_shutdown (_fun _SSL* -> _int))
(define-ssl SSL_get_verify_result (_SSL* -> _long)) (define-ssl SSL_get_verify_result (_fun _SSL* -> _long))
(define-ssl SSL_get_peer_certificate (_SSL* -> _X509*)) (define-ssl SSL_get_peer_certificate (_fun _SSL* -> _X509*))
(define-crypto X509_get_subject_name ( _X509* -> _X509_NAME*)) (define-crypto X509_get_subject_name (_fun _X509* -> _X509_NAME*))
(define-crypto X509_get_issuer_name ( _X509* -> _X509_NAME*)) (define-crypto X509_get_issuer_name (_fun _X509* -> _X509_NAME*))
(define-crypto X509_NAME_oneline (_X509_NAME* _bytes _int -> _bytes)) (define-crypto X509_NAME_oneline (_fun _X509_NAME* _bytes _int -> _bytes))
(define-ssl SSL_get_error (_SSL* _int -> _int)) (define-ssl SSL_get_error (_fun _SSL* _int -> _int))
(define-crypto ERR_get_error (-> _long)) (define-crypto ERR_get_error (_fun -> _long))
(define-crypto ERR_error_string_n (_long _bytes _long -> _void)) (define-crypto ERR_error_string_n (_fun _long _bytes _long -> _void))
(define-ssl SSL_library_init (-> _void)) (define-ssl SSL_library_init (_fun -> _void))
(define-ssl SSL_load_error_strings (-> _void)) (define-ssl SSL_load_error_strings (_fun -> _void))
(define X509_V_OK 0) (define X509_V_OK 0)
@ -180,9 +170,9 @@
(define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER #x02) (define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER #x02)
(define SSL_CTRL_MODE 33) (define SSL_CTRL_MODE 33)
(define-mzscheme scheme_start_atomic (-> _void)) (define-mzscheme scheme_start_atomic (_fun -> _void))
(define-mzscheme scheme_end_atomic (-> _void)) (define-mzscheme scheme_end_atomic (_fun -> _void))
(define-mzscheme scheme_make_custodian (_pointer -> _scheme)) (define-mzscheme scheme_make_custodian (_fun _pointer -> _scheme))
;; Make this bigger than 4096 to accommodate at least ;; Make this bigger than 4096 to accommodate at least
;; 4096 of unencrypted data ;; 4096 of unencrypted data
@ -200,9 +190,6 @@
;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Error handling ;; Error handling
(define (raise-not-available)
(error 'openssl "OpenSSL shared library not found"))
(define-syntax with-failure (define-syntax with-failure
(syntax-rules () (syntax-rules ()
[(_ thunk body ...) [(_ thunk body ...)

4
collects/openssl/openssl.scrbl
View File

@ -115,6 +115,10 @@ The @scheme[protocol] must be one of the following:
@item{@scheme['tls] : the TLS protocol version 1} @item{@scheme['tls] : the TLS protocol version 1}
] ]
Note that SSL protocol version 2 is deprecated on some platforms and may not be
present in your system libraries. The use of SSLv2 may also compromise security;
thus, using SSLv3 is recommended.
By default, the context returned by @scheme[ssl-make-client-context] does not By default, the context returned by @scheme[ssl-make-client-context] does not
request verification of a server's certificate. Use @scheme[ssl-set-verify!] request verification of a server's certificate. Use @scheme[ssl-set-verify!]
to enable such verification.} to enable such verification.}