%accept_ssl() function

The %accept_ssl() function first calls the %accept() function to extract the first connection on the queue of pending connections, and then it creates a new socket. Thereafter, the function will wait for a TLS/SSL client to initiate the TLS/SSL handshake, and then create a secure SSL connection.

Note: To use this function, the OpenSSL libraries must be installed.

Syntax

code = %accept_ssl(fd, &address, &port, certificate_file, privkey_file, &ssl_fd);

Parameter(s)

fd File descriptor of the local socket returned by a previous call to the FlashBASIC C function %socket().
address Originating address of the incoming call.
port Originating port number or the incoming call.
certificate_file Certificate file to be used by SSL_CTX_use_certificate_file (see your OpenSSL documentation for more information). For UNIX, you must specify the full path for the certificate file.
privkey_file Private key file to be used by SSL_CTX_use_PrivateKey_file (see your OpenSSL documentation for more information).
ssl_fd File descriptor of the secure connection.

Description

To compile successfully, the statement cfunction socket.builtin must be included in the source code.

Upon successful completion, a value of 0 is returned in code and the address, port and ssl_fd FlashBASIC variables are updated.

In the case of an error, the return code is a negative value. The table below lists all of the error return codes:

-1 Socket error and the FlashBASIC system(0) function is set to the value of errno.
-2 OpenSSL is not installed.
-3 Invalid certificate file.
-4 Invalid private key file.
-5 The private key in the privkey file does not match with the loaded certificate file.
-6 Unable to create a SSL connection.
-7 Unable to establish the TLS/SSL handshake with the client, the FlashBASIC system(0) function is set to the value of SSL_get_error.
-8 Unable to open the certificate file.

A legal integer value must be assigned to the port variable, and a legal integer value (IPv4) or char array (IPv6) must be assigned to the address variable before the call.

Example(s)

include dm,bp,includes sysid.inc
include dm,bp,unix.h socket.h
* Create a socket
fd=%socket(af$inet6, sock$stream, 0)
* Bind the socket to a local Ethernet port.
* Use default address.
if %bind(fd, af$inet6, inaddr$any, 1024)<0 then
   crt "bind failed"; stop
end
* Wait for incoming connection
%listen(fd, 1)
* Accept a connection
address=0; port=0; ssl_fd = 0
cert.file = "server.pem"
privkey.file = "server.pem"
fd2=%accept_ssl(fd, &address, &port, cert.file,
privkey.file, &ssl_fd)
if fd2 < 0 then stop
crt "Called by address ":address:", port #":port
* Read data from the established secure socket link
char buffer[24]
code = %read_ssl(ssl_fd, buffer, 24)
if code < 0 then stop
crt "READ: ":buffer
code = %write_ssl(ssl_fd,"I hear you",10)
if code < 0 then stop
* close the connection
code = %close_ssl(fd2, &ssl_fd)
code = %closesocket(fd)
end