BASICFlashBASIC C functionsFlashBASIC C functions list%accept_starttls() function

%accept_starttls() function

The %accept_starttls function provides the ability to elevate an unsecured connection to a secured connection.

The %accept_starttls function is supported on D3 Windows and D3 Linux.

Syntax

code = %accept_starttls(fd, &address, certificate_file, privkey_file, &SSL);

Parameter(s)

fd File descriptor of the local socket returned by a previous call to the FlashBASIC C function %accept().
address Originating address of the incoming call. This should be the same address used for the %accept() function.
certificate_file Certificate file to be used by SSL_CTX_use_certificate_file. See your OpenSSL documentation for more information.

For UNIX, you must specify the full path for the certificate file.

privkey_file Private key file to be used by SSL_CTX_use_PrivateKey_file. See your OpenSSL documentation for more information.
SSL Return value for the SSL handle.

Description

The Server, accepting connections from a Client, uses the %accept function for accepting an unsecured connection from a Client. Then, the Server uses the %accept_starttls function for elevating the received connection to a secured connection.

The server code initially calls the %accept function to establish an unsecured connection. The Server then calls the %accept_starttls function to elevate the unsecured connection to a secured connection. This function negotiates with the Client by sending and receiving messages on the socket to specify if the Server supports STARTTLS. If the Server supports STARTTLS and the Client chooses to use STARTTLS, the Client negotiates with the Server to use STARTTLS. The Server then calls the %accept_starttls function to elevate the unsecured connection to a secured connection.

The %accept_starttls function provides similar functionality to the %accept_ssl function, except the embedded call to the %accept function has been removed. When calling the %accept_starttls function, the connection must have been previously established by using the %accept function.

When using the %accept_starttls function, the sock and addr parameters that are returned by the %accept function must be passed to the %accept_starttls function in the acceptfd and acceptaddr parameters.

Example(s)

Example 1

UNIX: Server code for elevating unsecured connection to secured connection using the %accept and %accept_starttls functions:

cfunction socket.builtin
include dm,bp,includes sysid.inc
include dm,bp,unix.h socket.h
include dm,bp,unix.h errno.h
*
SOCKFD = %socket(AF$INET, SOCK$STREAM, 0)
IF SOCKFD = -1 THEN
CRT "Getting soxket failed"
STOP
END
*
HOST = "irv-vm-rh64b01"
CERT.FILE = "/home/pick/10.2/server.pem"
KEY.FILE = "/home/pick/10.2/ server.pem"
PORT = 9050
SSL = 0
ACCEPTADDR = 0
*

    Bind the socket to the ethernet port
    ------------------------------------
    bp=0
    bp=%bind( sockfd, AF$INET, INADDR$ANY, port )
    if bp<0 then
    errno=system(0)
    errmsg="Bind err=":errno
    crt 'bind failed error: ':errmsg
    %close( sockfd)
    stop
    end
    *
    n=%listen( sockfd, 5 )
    if n<0 then
    errno=system(0)
    errmsg="Listen err=":errno
    crt 'listen failed error: ':errmsg
    %close( sockfd)
    stop
    end
    ACCEPTADDR = STR(CHAR(0), 127) ;* sizeof(struct sockaddr_storage)
    ACCEPTFD = %accept(SOCKFD, &ACCEPTADDR, &PORT)
    IF ACCEPTFD < 0 THEN
    CRT "Accept failed"
    %close(SOCKFD)
    STOP
    END
    *
    RESULT = %accept_starttls(ACCEPTFD,&ACCEPTADDR,CERT.FILE,KEY.FILE,&SSL)
    IF RESULT < 0 THEN
    CRT "SSL connection to ":HOST:" failed"
    CRT "SSL accept failed"
    %close(SOCKFD)
    STOP
    END
    *
    %close(SOCKFD)
    *
    CRT "SSL accept successful"
    STOP

Example 2

Windows: Server code for elevating unsecured connection to secured connection using the %accept and %accept_starttls functions:

cfunction socket.builtin
include dm,bp,includes sysid.inc
*
PLATFORM = SYSTEM(38)
WINDOWS.BASED = (PLATFORM<SYS$IMP> = SYS$NT)
AF$INET = 2 + 0; * internetwork: UDP, TCP, etc
SOCK$STREAM = 1 + 0; * stream socket
INADDR$ANY = 0 ;
*
SOCKFD = %socket(AF$INET, SOCK$STREAM, 0)
IF SOCKFD = -1 THEN
CRT "Getting soxket failed"
STOP
END
*
HOST = "irv-vm-w10dd01"
CERT.FILE = "server.pem"
KEY.FILE = "server.pem"
PORT = 9050
SSL = 0
ACCEPTADDR = 0
*

    Bind the socket to the ethernet port
    ------------------------------------
    bp=%bind( sockfd, AF$INET, INADDR$ANY, port )
    if bp<0 then
    crt "Bind failed"
    %CLOSESOCKET( SOCKFD )
    STOP
    END
    *
    n=%listen( sockfd, 5 )
    if n<0 then
    CRT "Listen failed"
    %CLOSESOCKET( SOCKFD )
    STOP
    END
    *
    ACCEPTADDR = STR(CHAR(0), 127) ;* sizeof(struct sockaddr_storage)
    ACCEPTFD = %accept(SOCKFD, &ACCEPTADDR, &PORT)
    IF ACCEPTFD < 0 THEN
    CRT "Accept failed"
    %CLOSESOCKET( SOCKFD )
    STOP
    END
    *
    RESULT = %accept_starttls(ACCEPTFD,&ACCEPTADDR,CERT.FILE,KEY.FILE,&SSL)
    IF RESULT < 0 THEN
    CRT "SSL accept failed"
    %CLOSESOCKET( SOCKFD )
    STOP
    END
    *
    %CLOSESOCKET( SOCKFD )
    *
    CRT "SSL accept successful"
    STOP

See also

%accept() function, %accept_ssl() function, %bind() function, %close() function, %gethostid() function, %listen() function, %socket() function

Parent topic: FlashBASIC C functions list