<br><div class="gmail_quote">2012/4/3 Michael Van Canneyt <span dir="ltr"><<a href="mailto:michael@freepascal.org">michael@freepascal.org</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="HOEnZb"><div class="h5"><br>
I had a cursory look. The unit is the interface to SSL. We have this interface already (openssl unit).<br></div></div>
<br>
I searched for aurawin socket, but could not find anything.<br>
<br></blockquote><div>Hi Michael. Looking at the difference is what's needed to implement a security "layer". The missing decs/methods are essential ones.<br><br>A sockets engine would need a system like this...<br>
<br> PSecureInfo=^TSecureInfo;<br> TSecureMode=(sslServer,sslClient);<br> TSecureInfo=record<br> Mode : TSecureMode;<br> keyData : String;<br> keyLen : Integer;<br> certData : String;<br>
certLen : Integer;<br> end; <br> TSSLInfo=record<br> Method : PSSL_METHOD;<br> Context : PSSL_CTX;<br> Handle : PSSL;<br> ctxSessionID : string;<br> ctxSessionIDLen : integer;<br>
end; <br>A server thread would do this on Thread.Execute (before all your other stuff)<br>var // place these anywhere even private to thread<br> FSSLMethod : PSSL_METHOD;<br> FSSLContext : PSSL_CTX;<br>
FSSLContextID : String;<br> FSSLContextIDLen : Integer;<br> FSSLInfo :TSSLInfo // this belongs to your remote socket class<br>begin<br> FSSLMethod:=SSLv3_server_method();<br>
FSSLContext:=SSL_ctx_new(FSSLMethod);<br> SslCtxSetCipherList(FSSLContext,'DEFAULT');<br> SslCtxSetVerify(FSSLContext,SSL_VERIFY_NONE, nil);<br> SSLCTXSetMode(FSSLContext,SSL_MODE_ENABLE_PARTIAL_WRITE);<br>
if Assigned(SSL_CTX_set_session_cache_mode) then<br> SSL_CTX_set_session_cache_mode(FSSLContext,SSL_SESS_CACHE_OFF);<br><br> FSSLContextID:=hRSR.Generate_SSL_SessionID;<br> FSSLContextIDLen:=System.Length(FSSLContextID);<br>
EntryPoint:='TRSRManager.Execute.SSL_CTX_set_session_id_context';<br> try<br> SSL_CTX_set_session_id_context(FSSLContext,@FSSLContextID[1],FSSLContextIDLen);<br> except<br> On E:Exception do OnRSRException(EntryPoint,'Exception',E.Message);<br>
end;<br><br> if SslCtxUseRSAPrivateKeyASN1(FSSLContext,@FSSLInfoP^.keyData[1],FSSLInfoP^.keyLen)<>1 then begin<br> OnRSRException('TRSRServer.Execute.SslCtxUseRSAPrivateKeyASN1','Exception',Concat('Open SSL Error ',IntToStr(uSSL.ERR_get_error())));<br>
end;<br> if SslCtxUseCertificateASN1(FSSLContext, FSSLInfoP^.certLen,@FSSLInfoP^.certData[1]) <>1 then begin<br> OnRSRException('TRSRServer.Execute.SslCtxUseCertificateASN1','Exception',Concat('Open SSL Error ',IntToStr(uSSL.ERR_get_error())));<br>
end;<br>// There are 2 strings needed that you need can be generated using the toolkit that comes with openssl et al.<br><br>... Somwhere else...<br><br>socket=fpAccept()<br> <br>FSSLInfo.Handle:=SSL_new(FSSLContext);<br>
TaskError:=SSL_get_error(FSSLInfo.Handle, LastCall); // always inspect ssl lib calls to empty out error "stack";<br><br>SSL_set_fd(.SSL.Handle,socket);<br>TaskError:=SSL_get_error(SSL.Handle, LastCall); <br>
<br>If you are a server socket do this...<br><br> <br> SSL_accept(SSL.Handle);<br> TaskError:=SSL_get_error(SSL.Handle, LastCall);<br> // This will do all the socket negotiation for you!!!! <br> <br>if you are a client socket do this...<br>
<br> SSL_connect(SSL.Handle);<br> TaskError:=SSL_get_error(SSL.Handle, LastCall); <br> // This will do all the client socket negotiaon for you!!!<br><br>If you wan to send data over SSL enabled socket just bypass fpSend and do this <br>
<br> LastCall:=SSL_write(SSL.Handle,@FSendBuffer[0],iSend);<br> <br> TaskError:=SSL_get_error(SSL.Handle, LastCall);<br><br>If you want to recv Data over SSL enabled socket just bypass fpRecv and do this<br>
<br> LastCall:=SSL_read(SSL.Handle,@FRecvBuffer[0],iRead);<br> <br> TaskError:=SSL_get_error(SSL.Handle, LastCall);<br><br>When your socket cleanup is about to happend (Socket was closed)<br> SSL_clear(SSL.Handle);<br>
<br><br></div></div>