%accept_ssl() Function

NOTE

To use this function, the OpenSSL libraries must be installed.

The %accept_ssl() function first calls the %accept() function to extract the first connection on the queue of pending connections, and then it creates a new socket. Thereafter, the function will wait for a TLS/SSL client to initiate the TLS/SSL handshake, and then create a secure SSL connection.

Syntax

code = %accept_ssl( fd, &address, &port, certificate_file, privkey_file, &ssl_fd );

Parameter(s)

fd

File descriptor of the local socket returned by a previous call to the FlashBASIC C function %socket().

address

Originating address of the incoming call.

Port

Originating port number or the incoming call.

certificate_file

Certificate file to be used by SSL_CTX_use_certificate_file (see your OpenSSL documentation for more information).

privkey_file

Private key file to be used by SSL_CTX_use_PrivateKey_file (see your OpenSSL documentation for more information).

ssl_fd

File descriptor of the secure connection.

Description

To compile successfully, the statement cfunction socket.builtin must be included in the source code.

Upon successful completion, a value of 0 is returned in code and the address, port and ssl_fd FlashBASIC variables are updated.

In the case of an error, the return code is a negative value. The table below lists all of the error return codes:

-1

Socket error and the FlashBASIC system(0) function is set to the value of errno.

-2

OpenSSL is not installed.

-3

Invalid certificate file.

-4

Invalid private key file.

-5

The private key in the privkey file does not match with the loaded certificate file.

-6

Unable to create a SSL connection.

-7

Unable to establish the TLS/SSL handshake with the client, the FlashBASIC system(0) function is set to the value of SSL_get_error.

A legal integer value must be assigned to the port variable, and a legal integer value (IPv4) or char array (IPv6) must be assigned to the address variable before the call.

Example(s)

include dm,bp,includes sysid.inc

include dm,bp,unix.h socket.h

* Create a socket

fd=%socket(af$inet6, sock$stream, 0)

* Bind the socket to a local Ethernet port.

* Use default address.

if %bind(fd, af$inet6, inaddr$any, 1024)<0 then

   crt "bind failed"; stop

end

* Wait for incoming connection

%listen(fd, 1)

* Accept a connection

address=0; port=0; ssl_fd = 0

cert.file = "server.pem"

privkey.file = "server.pem"

fd2=%accept_ssl(fd, &address, &port, cert.file,

privkey.file, &ssl_fd)

if fd2 < 0 then stop

crt "Called by address ":address:", port #":port

* Read data from the established secure socket link

char buffer[24]

code = %read_ssl(ssl_fd, buffer, 24)

if code < 0 then stop

crt "READ: ":buffer

code = %write_ssl(ssl_fd,"I hear you",10)

if code < 0 then stop

* close the connection

code = %close_ssl(fd2, &ssl_fd)

code = %closesocket(fd)

end

See Also

%accept() Function

%close_ssl() Function

%connect_ssl() Function

%read_ssl() Function

%write_ssl() Function