http://www.purebasic.com
https://www.purebasic.fr/english/
yes I agree both would be ideal, you tend to get the static lib along with the shared object anyway.plouf wrote: Wed Mar 02, 2022 8:38 pm if ever implemend i would also prefer to be external or as option external
the reason is that ssl changes so fast, and just replacing external libs, is easier for a number of ways, including user itself
Code: Select all
secureServer.l = CreateSecureNetworkServer(#PB_Any, networkPort.l, #PB_Network_TCP|#PB_Network_IPv4, boundIP.s, certificatePath.s)
ThankyouYou can already communicate with the HTTPS server with the HTTP lib, do you want to be able to open a raw connection on an https server ? Do you have any usecases in mind ? About creating your own HTTPS socket, I agree it can be useful and I will look into it.Keya wrote: Sun May 08, 2022 7:00 am It's 2022, we need the ability to easily talk to web servers that are secured by HTTPS ... which is pretty much all of them. In many ways this is probably the biggest NECESSITY for programmers of any language in this modern networked age - access to transparently use network protocols without having to worry too much about the underlying cryptography, as the crypto library should be doing that job. Even very simple apps still require HTTPS access. WE NEED EASY HTTPS ACCESS, we've needed it for years, and it's about time it just became a *normal* part of Purebasic, just as it's a seamless and normal part in other modern languages
Fred take a look at libressl it's easy to build and supports all platformsFred wrote: Mon May 09, 2022 2:34 pmYou can already communicate with the HTTPS server with the HTTP lib, do you want to be able to open a raw connection on an https server ? Do you have any usecases in mind ? About creating your own HTTPS socket, I agree it can be useful and I will look into it.Keya wrote: Sun May 08, 2022 7:00 am It's 2022, we need the ability to easily talk to web servers that are secured by HTTPS ... which is pretty much all of them. In many ways this is probably the biggest NECESSITY for programmers of any language in this modern networked age - access to transparently use network protocols without having to worry too much about the underlying cryptography, as the crypto library should be doing that job. Even very simple apps still require HTTPS access. WE NEED EASY HTTPS ACCESS, we've needed it for years, and it's about time it just became a *normal* part of Purebasic, just as it's a seamless and normal part in other modern languages
Code: Select all
;* $OpenBSD: tls.h,v 1.58 2020/01/22 06:44:02 beck Exp $ */
;*
;* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
;*
;* Permission To use, copy, modify, And distribute this software For any
;* purpose With Or without fee is hereby granted, provided that the above
;* copyright notice And this permission notice appear in all copies.
;*
;* THE SOFTWARE IS PROVIDED "AS IS" And THE AUTHOR DISCLAIMS ALL WARRANTIES
;* With REGARD To THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
;* MERCHANTABILITY And FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE For
;* ANY SPECIAL, DIRECT, INDIRECT, Or CONSEQUENTIAL DAMAGES Or ANY DAMAGES
;* WHATSOEVER RESULTING FROM LOSS OF USE, Data Or PROFITS, WHETHER IN AN
;* ACTION OF CONTRACT, NEGLIGENCE Or OTHER TORTIOUS ACTION, ARISING OUT OF
;* Or IN CONNECTION With THE USE Or PERFORMANCE OF THIS SOFTWARE.
;*
#TLS_API= 20200120
#TLS_PROTOCOL_TLSv1_0= (1 << 1)
#TLS_PROTOCOL_TLSv1_1= (1 << 2)
#TLS_PROTOCOL_TLSv1_2= (1 << 3)
#TLS_PROTOCOL_TLSv1_3= (1 << 4)
#TLS_PROTOCOL_TLSv1= #TLS_PROTOCOL_TLSv1_0 | #TLS_PROTOCOL_TLSv1_1 | #TLS_PROTOCOL_TLSv1_2 | #TLS_PROTOCOL_TLSv1_3
#TLS_PROTOCOLS_ALL= #TLS_PROTOCOL_TLSv1
#TLS_PROTOCOLS_DEFAULT= (#TLS_PROTOCOL_TLSv1_2|#TLS_PROTOCOL_TLSv1_3)
#TLS_WANT_POLLIN= -2
#TLS_WANT_POLLOUT= -3
;/* RFC 6960 Section 2.3 */
#TLS_OCSP_RESPONSE_SUCCESSFUL= 0
#TLS_OCSP_RESPONSE_MALFORMED= 1
#TLS_OCSP_RESPONSE_INTERNALERROR= 2
#TLS_OCSP_RESPONSE_TRYLATER= 3
#TLS_OCSP_RESPONSE_SIGREQUIRED= 4
#TLS_OCSP_RESPONSE_UNAUTHORIZED= 5
;/* RFC 6960 Section 2.2 */
#TLS_OCSP_CERT_GOOD= 0
#TLS_OCSP_CERT_REVOKED= 1
#TLS_OCSP_CERT_UNKNOWN= 2
;/* RFC 5280 Section 5.3.1 */
#TLS_CRL_REASON_UNSPECIFIED= 0
#TLS_CRL_REASON_KEY_COMPROMISE= 1
#TLS_CRL_REASON_CA_COMPROMISE= 2
#TLS_CRL_REASON_AFFILIATION_CHANGED= 3
#TLS_CRL_REASON_SUPERSEDED= 4
#TLS_CRL_REASON_CESSATION_OF_OPERATION= 5
#TLS_CRL_REASON_CERTIFICATE_HOLD= 6
#TLS_CRL_REASON_REMOVE_FROM_CRL= 8
#TLS_CRL_REASON_PRIVILEGE_WITHDRAWN= 9
#TLS_CRL_REASON_AA_COMPROMISE= 10
#TLS_MAX_SESSION_ID_LENGTH= 32
#TLS_TICKET_KEY_SIZE= 48
;download build from bsd
;https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.0.tar.gz
;Build tools required for windows builds cmake and mingw64
;cmake
;https://cmake.org/download/
;mingw64
;Info https://www.mingw-w64.org/downloads/#llvm-mingw
;Available versions info https://github.com/mstorsjo/llvm-mingw/releases
;Direct download link https://github.com/mstorsjo/llvm-mingw/releases/download/20211002/llvm-mingw-20211002-msvcrt-x86_64.zip
;building on windows linux osx
;copy the tar file to a folder of your choice, make a subfolder and then extract the tar and cd into the folder
;> mkdir libressl-3.5.0
;> tar -xf libressl-3.5.0.tar.gz
;> cd libressl-3.5.0
;Edit the file libressl-3.5.0\cmakelists and insert option(BUILD_SHARED_LIBS "Build shared" ON) at line 38
;option(BUILD_SHARED_LIBS "Build shared" ON)
;now make a build folder cd to it and call cmake
;libressl-3.5.0> mkdir build
;libressl-3.5.0> cd build
;If OS = Windows
; libressl-3.5.0\build> cmake -G="MinGW Makefiles"
; libressl-3.5.0\build> mingw32-make all
;Else
; libressl-3.5.0\build> cmake all
; libressl-3.5.0\build> make all
;EndIf
PrototypeC tls_read_cb(ctx,*buf,_buflen,*cb_arg);
PrototypeC tls_write_cb(ctx,*buf,_buflen,*cb_arg);
CompilerIf #PB_Compiler_OS = #PB_OS_Windows
#LIBRESSLPATH = "libtls-24.lib"
CompilerElse
#LIBRESSLPATH = "libtls.a"
CompilerEndIf
ImportC #LIBRESSLPATH
tls_init()
tls_config_error(config)
tls_error(ctx)
tls_config_new()
tls_config_free(config)
tls_default_ca_cert_file()
tls_config_add_keypair_file(config,cert_file.p-utf8,key_file.p-utf8)
tls_config_add_keypair_mem(config,cert.p-utf8,certlen.i,key.p-utf8,key_len.i)
tls_config_add_keypair_ocsp_file(config,cert_file.p-utf8,key_file.p-utf8,ocsp_staple_file.p-utf8)
tls_config_add_keypair_ocsp_mem(config,cert.p-utf8,cert_len.i,key.p-utf8,key_len.i,staple.p-utf8,staple_len.i)
tls_config_set_alpn(config,alpn.p-utf8)
tls_config_set_ca_file(config,ca_file.p-utf8)
tls_config_set_ca_path(config,ca_path.p-utf8)
tls_config_set_ca_mem(config,*ca,len.i)
tls_config_set_cert_file(config,cert_file.p-utf8)
tls_config_set_cert_mem(config,*cert,len.i)
tls_config_set_ciphers(config,ciphers.p-utf8)
tls_config_set_crl_file(config,crl_file.p-utf8)
tls_config_set_crl_mem(config,crl.p-utf8,len.i)
tls_config_set_dheparams(config,params.p-utf8)
tls_config_set_ecdhecurve(config,curve.p-utf8)
tls_config_set_ecdhecurves(config,curves.p-utf8)
tls_config_set_key_file(config,key_file.p-utf8)
tls_config_set_key_mem(config,*key,len.i)
tls_config_set_keypair_file(config,cert_file.p-utf8,key_file.p-utf8)
tls_config_set_keypair_mem(config,cert.p-utf8,cert_len.i,key.p-utf8,key_len.i)
tls_config_set_keypair_ocsp_file(config,cert_file.p-utf8,key_file.p-utf8,staple_file.p-utf8)
tls_config_set_keypair_ocsp_mem(config,cert.p-utf8,cert_len.i,key.p-utf8,key_len.i,staple.p-utf8,staple_len.i)
tls_config_set_ocsp_staple_mem(config,staple.p-utf8,len.i)
tls_config_set_ocsp_staple_file(config,staple_file.p-utf8)
tls_config_set_protocols(config,protocols.l)
tls_config_set_session_fd(config,session_fd.l)
tls_config_set_verify_depth(config,verify_depth.l)
tls_config_prefer_ciphers_client(config)
tls_config_prefer_ciphers_server(config)
tls_config_insecure_noverifycert(config)
tls_config_insecure_noverifyname(config)
tls_config_insecure_noverifytime(config)
tls_config_verify(config)
tls_config_ocsp_require_stapling(config)
tls_config_verify_client(config)
tls_config_verify_client_optional(config)
tls_config_clear_keys(config)
tls_config_parse_protocols(*protocols,protostr.p-utf8)
tls_config_set_session_id(config,session_id.p-utf8,len.i)
tls_config_set_session_lifetime(config,lifetime.l)
tls_config_add_ticket_key(config,keyrev.i,*key,keylen.i)
tls_client()
tls_server()
tls_configure(ctx,config)
tls_reset(ctx)
tls_free(ctx)
tls_accept_fds(ctx,*cctx,fd_read.l,fd_write.l)
tls_accept_socket(ctx,*cctx,socket.l)
tls_accept_cbs(ctx,*cctx,*read_cb.tls_read_cb,*write_cb.tls_write_cb,*cb_arg)
tls_connect(ctx,host.p-utf8,port.p-utf8)
tls_connect_fds(ctx,fd_read.l,fd_write.l,servername.p-utf8)
tls_connect_servername(ctx,host.p-utf8,port.p-utf8,servername.p-utf8)
tls_connect_socket(ctx,s.l,servername.p-utf8)
tls_connect_cbs(ctx,*read_cb.tls_read_cb,*write_cb.tls_write_cb,*cb_arg,servername.p-utf8)
tls_handshake(ctx)
tls_read(ctx,*buf,buflen.i)
tls_write(ctx,*buf,buflen.i)
tls_close(ctx)
tls_peer_cert_provided(ctx)
tls_peer_cert_contains_name(ctx,name.p-utf8)
tls_peer_cert_hash(ctx)
tls_peer_cert_issuer(ctx)
tls_peer_cert_subject(ctx)
tls_peer_cert_notbefore(ctx)
tls_peer_cert_notafter(ctx)
tls_peer_cert_chain_pem(ctx,*len)
tls_conn_alpn_selected(ctx)
tls_conn_cipher(ctx)
tls_conn_cipher_strength(ctx)
tls_conn_servername(ctx)
tls_conn_session_resumed(ctx)
tls_conn_version(ctx)
tls_load_file(file.p-utf8,*len,*password)
tls_unload_file(*buf,len.i)
tls_ocsp_process_response(ctx,response.p-utf8,size.i)
tls_peer_ocsp_cert_status(ctx)
tls_peer_ocsp_crl_reason(ctx)
tls_peer_ocsp_next_update(ctx)
tls_peer_ocsp_response_status(ctx)
tls_peer_ocsp_result(ctx)
tls_peer_ocsp_revocation_time(ctx)
tls_peer_ocsp_this_update(ctx)
tls_peer_ocsp_url(ctx)
EndImport
Yes I ported it to work on windows. I will share link later.infratec wrote: Tue May 10, 2022 7:30 am I found an old topic where I replied
https://www.purebasic.fr/english/viewto ... 70#p561670
Ground0 implemented a webserver with tls and libressl.
But unfortunately it is not eays to build a static libressl lib which is working with PB.