The %accept_starttls function provides the ability to elevate an unsecured connection to a secured connection.
The %accept_starttls function is supported on D3 Windows and D3 Linux.
code = %accept_starttls(fd, &address, certificate_file, privkey_file, &SSL);
fd | File descriptor of the local socket returned by a previous call to the FlashBASIC C function %accept(). |
address | Originating address of the incoming call. This should be the same address used for the %accept() function. |
certificate_file | Certificate file to be used by
SSL_CTX_use_certificate_file. See your OpenSSL
documentation for more information. For UNIX, you must specify the full path for the certificate file. |
privkey_file | Private key file to be used by SSL_CTX_use_PrivateKey_file. See your OpenSSL documentation for more information. |
SSL | Return value for the SSL handle. |
The Server, accepting connections from a Client, uses the %accept function for accepting an unsecured connection from a Client. Then, the Server uses the %accept_starttls function for elevating the received connection to a secured connection.
The server code initially calls the %accept function to establish an unsecured connection. The Server then calls the %accept_starttls function to elevate the unsecured connection to a secured connection. This function negotiates with the Client by sending and receiving messages on the socket to specify if the Server supports STARTTLS. If the Server supports STARTTLS and the Client chooses to use STARTTLS, the Client negotiates with the Server to use STARTTLS. The Server then calls the %accept_starttls function to elevate the unsecured connection to a secured connection.
The %accept_starttls function provides similar functionality to the %accept_ssl function, except the embedded call to the %accept function has been removed. When calling the %accept_starttls function, the connection must have been previously established by using the %accept function.
When using the %accept_starttls function, the sock and addr parameters that are returned by the %accept function must be passed to the %accept_starttls function in the acceptfd and acceptaddr parameters.
Example 1
UNIX: Server code for elevating unsecured connection to secured connection using the %accept and %accept_starttls functions:
cfunction socket.builtin include dm,bp,includes sysid.inc include dm,bp,unix.h socket.h include dm,bp,unix.h errno.h * SOCKFD = %socket(AF$INET, SOCK$STREAM, 0) IF SOCKFD = -1 THEN CRT "Getting soxket failed" STOP END * HOST = "irv-vm-rh64b01" CERT.FILE = "/home/pick/10.2/server.pem" KEY.FILE = "/home/pick/10.2/ server.pem" PORT = 9050 SSL = 0 ACCEPTADDR = 0 * Bind the socket to the ethernet port ------------------------------------ bp=0 bp=%bind( sockfd, AF$INET, INADDR$ANY, port ) if bp<0 then errno=system(0) errmsg="Bind err=":errno crt 'bind failed error: ':errmsg %close( sockfd) stop end * n=%listen( sockfd, 5 ) if n<0 then errno=system(0) errmsg="Listen err=":errno crt 'listen failed error: ':errmsg %close( sockfd) stop end ACCEPTADDR = STR(CHAR(0), 127) ;* sizeof(struct sockaddr_storage) ACCEPTFD = %accept(SOCKFD, &ACCEPTADDR, &PORT) IF ACCEPTFD < 0 THEN CRT "Accept failed" %close(SOCKFD) STOP END * RESULT = %accept_starttls(ACCEPTFD,&ACCEPTADDR,CERT.FILE,KEY.FILE,&SSL) IF RESULT < 0 THEN CRT "SSL connection to ":HOST:" failed" CRT "SSL accept failed" %close(SOCKFD) STOP END * %close(SOCKFD) * CRT "SSL accept successful" STOP
Example 2
Windows: Server code for elevating unsecured connection to secured connection using the %accept and %accept_starttls functions:
cfunction socket.builtin include dm,bp,includes sysid.inc * PLATFORM = SYSTEM(38) WINDOWS.BASED = (PLATFORM<SYS$IMP> = SYS$NT) AF$INET = 2 + 0; * internetwork: UDP, TCP, etc SOCK$STREAM = 1 + 0; * stream socket INADDR$ANY = 0 ; * SOCKFD = %socket(AF$INET, SOCK$STREAM, 0) IF SOCKFD = -1 THEN CRT "Getting soxket failed" STOP END * HOST = "irv-vm-w10dd01" CERT.FILE = "server.pem" KEY.FILE = "server.pem" PORT = 9050 SSL = 0 ACCEPTADDR = 0 * Bind the socket to the ethernet port ------------------------------------ bp=%bind( sockfd, AF$INET, INADDR$ANY, port ) if bp<0 then crt "Bind failed" %CLOSESOCKET( SOCKFD ) STOP END * n=%listen( sockfd, 5 ) if n<0 then CRT "Listen failed" %CLOSESOCKET( SOCKFD ) STOP END * ACCEPTADDR = STR(CHAR(0), 127) ;* sizeof(struct sockaddr_storage) ACCEPTFD = %accept(SOCKFD, &ACCEPTADDR, &PORT) IF ACCEPTFD < 0 THEN CRT "Accept failed" %CLOSESOCKET( SOCKFD ) STOP END * RESULT = %accept_starttls(ACCEPTFD,&ACCEPTADDR,CERT.FILE,KEY.FILE,&SSL) IF RESULT < 0 THEN CRT "SSL accept failed" %CLOSESOCKET( SOCKFD ) STOP END * %CLOSESOCKET( SOCKFD ) * CRT "SSL accept successful" STOP