summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorRémi Verschelde <rverschelde@gmail.com>2016-10-12 23:06:17 +0200
committerRémi Verschelde <rverschelde@gmail.com>2016-10-15 11:50:41 +0200
commit422196759f93df249db38619f136cabd5dcf42cd (patch)
tree1e5846507af0f8f1bc7ca294ccfb0d4ac3392d17 /modules
parentd9a291f6411f2e571c181da0ac89f550ba73f681 (diff)
openssl: Move to a module and split thirdparty lib
Same rationale as the previous commits.
Diffstat (limited to 'modules')
-rw-r--r--modules/openssl/SCsub685
-rw-r--r--modules/openssl/config.py6
-rw-r--r--modules/openssl/curl_hostcheck.c217
-rw-r--r--modules/openssl/curl_hostcheck.h39
-rw-r--r--modules/openssl/register_types.cpp42
-rw-r--r--modules/openssl/register_types.h30
-rw-r--r--modules/openssl/stream_peer_openssl.cpp646
-rw-r--r--modules/openssl/stream_peer_openssl.h109
8 files changed, 1774 insertions, 0 deletions
diff --git a/modules/openssl/SCsub b/modules/openssl/SCsub
new file mode 100644
index 0000000000..4608055036
--- /dev/null
+++ b/modules/openssl/SCsub
@@ -0,0 +1,685 @@
+Import('env')
+Import('env_modules')
+
+
+# Thirdparty source files
+if (env["openssl"] != "system"): # builtin
+ thirdparty_dir = "#thirdparty/openssl/"
+
+ thirdparty_openssl_sources = [
+ "ssl/t1_lib.c",
+ "ssl/t1_ext.c",
+ "ssl/s3_srvr.c",
+ "ssl/t1_enc.c",
+ "ssl/t1_meth.c",
+ "ssl/s23_clnt.c",
+ "ssl/ssl_asn1.c",
+ "ssl/tls_srp.c",
+ "ssl/kssl.c",
+ "ssl/d1_both.c",
+ "ssl/t1_clnt.c",
+ "ssl/bio_ssl.c",
+ "ssl/d1_srtp.c",
+ "ssl/t1_reneg.c",
+ "ssl/ssl_cert.c",
+ "ssl/s3_lib.c",
+ "ssl/d1_srvr.c",
+ "ssl/s23_meth.c",
+ "ssl/ssl_stat.c",
+ "ssl/ssl_err.c",
+ "ssl/ssl_algs.c",
+ "ssl/s3_cbc.c",
+ "ssl/d1_clnt.c",
+ "ssl/s3_pkt.c",
+ "ssl/d1_meth.c",
+ "ssl/s3_both.c",
+ "ssl/s2_enc.c",
+ "ssl/s3_meth.c",
+ "ssl/s3_enc.c",
+ "ssl/s23_pkt.c",
+ "ssl/s2_pkt.c",
+ "ssl/d1_pkt.c",
+ "ssl/ssl_rsa.c",
+ "ssl/s23_srvr.c",
+ "ssl/s2_meth.c",
+ "ssl/s3_clnt.c",
+ "ssl/s23_lib.c",
+ "ssl/t1_srvr.c",
+ "ssl/ssl_lib.c",
+ "ssl/ssl_txt.c",
+ "ssl/s2_srvr.c",
+ "ssl/ssl_sess.c",
+ "ssl/s2_clnt.c",
+ "ssl/d1_lib.c",
+ "ssl/s2_lib.c",
+ "ssl/ssl_err2.c",
+ "ssl/ssl_ciph.c",
+ "crypto/dsa/dsa_lib.c",
+ "crypto/dsa/dsa_pmeth.c",
+ "crypto/dsa/dsa_ossl.c",
+ "crypto/dsa/dsa_gen.c",
+ "crypto/dsa/dsa_asn1.c",
+ "crypto/dsa/dsa_prn.c",
+ "crypto/dsa/dsa_sign.c",
+ "crypto/dsa/dsa_key.c",
+ "crypto/dsa/dsa_vrf.c",
+ "crypto/dsa/dsa_err.c",
+ "crypto/dsa/dsa_ameth.c",
+ "crypto/dsa/dsa_depr.c",
+ "crypto/x509/x509_lu.c",
+ "crypto/x509/x509cset.c",
+ "crypto/x509/x509_set.c",
+ "crypto/x509/x509_d2.c",
+ "crypto/x509/x509_txt.c",
+ "crypto/x509/x509rset.c",
+ "crypto/x509/by_dir.c",
+ "crypto/x509/x509_vpm.c",
+ "crypto/x509/x509_vfy.c",
+ "crypto/x509/x509_trs.c",
+ "crypto/x509/by_file.c",
+ "crypto/x509/x509_obj.c",
+ "crypto/x509/x509spki.c",
+ "crypto/x509/x509_v3.c",
+ "crypto/x509/x509_req.c",
+ "crypto/x509/x509_att.c",
+ "crypto/x509/x_all.c",
+ "crypto/x509/x509_ext.c",
+ "crypto/x509/x509type.c",
+ "crypto/x509/x509_def.c",
+ "crypto/x509/x509_err.c",
+ "crypto/x509/x509name.c",
+ "crypto/x509/x509_r2x.c",
+ "crypto/x509/x509_cmp.c",
+ "crypto/asn1/x_pkey.c",
+ "crypto/asn1/a_gentm.c",
+ "crypto/asn1/x_sig.c",
+ "crypto/asn1/t_req.c",
+ "crypto/asn1/t_pkey.c",
+ "crypto/asn1/p8_pkey.c",
+ "crypto/asn1/a_i2d_fp.c",
+ "crypto/asn1/x_val.c",
+ "crypto/asn1/f_string.c",
+ "crypto/asn1/p5_pbe.c",
+ "crypto/asn1/bio_ndef.c",
+ "crypto/asn1/a_bool.c",
+ "crypto/asn1/asn1_gen.c",
+ "crypto/asn1/x_algor.c",
+ "crypto/asn1/bio_asn1.c",
+ "crypto/asn1/asn_mime.c",
+ "crypto/asn1/t_x509.c",
+ "crypto/asn1/a_strex.c",
+ "crypto/asn1/x_nx509.c",
+ "crypto/asn1/asn1_err.c",
+ "crypto/asn1/x_crl.c",
+ "crypto/asn1/a_print.c",
+ "crypto/asn1/a_type.c",
+ "crypto/asn1/tasn_new.c",
+ "crypto/asn1/n_pkey.c",
+ "crypto/asn1/x_bignum.c",
+ "crypto/asn1/asn_pack.c",
+ "crypto/asn1/evp_asn1.c",
+ "crypto/asn1/t_bitst.c",
+ "crypto/asn1/x_req.c",
+ "crypto/asn1/a_time.c",
+ "crypto/asn1/x_name.c",
+ "crypto/asn1/x_pubkey.c",
+ "crypto/asn1/tasn_typ.c",
+ "crypto/asn1/asn_moid.c",
+ "crypto/asn1/a_utctm.c",
+ "crypto/asn1/asn1_lib.c",
+ "crypto/asn1/x_x509a.c",
+ "crypto/asn1/a_set.c",
+ "crypto/asn1/t_crl.c",
+ "crypto/asn1/p5_pbev2.c",
+ "crypto/asn1/tasn_enc.c",
+ "crypto/asn1/a_mbstr.c",
+ "crypto/asn1/tasn_dec.c",
+ "crypto/asn1/x_x509.c",
+ "crypto/asn1/a_octet.c",
+ "crypto/asn1/x_long.c",
+ "crypto/asn1/a_bytes.c",
+ "crypto/asn1/t_x509a.c",
+ "crypto/asn1/a_enum.c",
+ "crypto/asn1/a_int.c",
+ "crypto/asn1/tasn_prn.c",
+ "crypto/asn1/i2d_pr.c",
+ "crypto/asn1/a_utf8.c",
+ "crypto/asn1/t_spki.c",
+ "crypto/asn1/a_digest.c",
+ "crypto/asn1/a_dup.c",
+ "crypto/asn1/i2d_pu.c",
+ "crypto/asn1/a_verify.c",
+ "crypto/asn1/f_enum.c",
+ "crypto/asn1/a_sign.c",
+ "crypto/asn1/d2i_pr.c",
+ "crypto/asn1/asn1_par.c",
+ "crypto/asn1/x_spki.c",
+ "crypto/asn1/a_d2i_fp.c",
+ "crypto/asn1/f_int.c",
+ "crypto/asn1/x_exten.c",
+ "crypto/asn1/tasn_utl.c",
+ "crypto/asn1/nsseq.c",
+ "crypto/asn1/a_bitstr.c",
+ "crypto/asn1/x_info.c",
+ "crypto/asn1/a_strnid.c",
+ "crypto/asn1/a_object.c",
+ "crypto/asn1/tasn_fre.c",
+ "crypto/asn1/d2i_pu.c",
+ "crypto/asn1/ameth_lib.c",
+ "crypto/asn1/x_attrib.c",
+ "crypto/evp/m_sha.c",
+ "crypto/evp/e_camellia.c",
+ "crypto/evp/e_aes.c",
+ "crypto/evp/bio_b64.c",
+ "crypto/evp/m_sigver.c",
+ "crypto/evp/m_wp.c",
+ "crypto/evp/m_sha1.c",
+ "crypto/evp/p_seal.c",
+ "crypto/evp/c_alld.c",
+ "crypto/evp/p5_crpt.c",
+ "crypto/evp/e_rc4.c",
+ "crypto/evp/m_ecdsa.c",
+ "crypto/evp/bio_enc.c",
+ "crypto/evp/e_des3.c",
+ "crypto/evp/m_null.c",
+ "crypto/evp/bio_ok.c",
+ "crypto/evp/pmeth_gn.c",
+ "crypto/evp/e_rc5.c",
+ "crypto/evp/e_rc2.c",
+ "crypto/evp/p_dec.c",
+ "crypto/evp/p_verify.c",
+ "crypto/evp/e_rc4_hmac_md5.c",
+ "crypto/evp/pmeth_lib.c",
+ "crypto/evp/m_ripemd.c",
+ "crypto/evp/m_md5.c",
+ "crypto/evp/e_bf.c",
+ "crypto/evp/p_enc.c",
+ "crypto/evp/m_dss.c",
+ "crypto/evp/bio_md.c",
+ "crypto/evp/evp_pbe.c",
+ "crypto/evp/e_seed.c",
+ "crypto/evp/e_cast.c",
+ "crypto/evp/p_open.c",
+ "crypto/evp/p5_crpt2.c",
+ "crypto/evp/m_dss1.c",
+ "crypto/evp/names.c",
+ "crypto/evp/evp_acnf.c",
+ "crypto/evp/e_des.c",
+ "crypto/evp/evp_cnf.c",
+ "crypto/evp/evp_lib.c",
+ "crypto/evp/digest.c",
+ "crypto/evp/evp_err.c",
+ "crypto/evp/evp_enc.c",
+ "crypto/evp/e_old.c",
+ "crypto/evp/c_all.c",
+ "crypto/evp/m_md2.c",
+ "crypto/evp/e_xcbc_d.c",
+ "crypto/evp/pmeth_fn.c",
+ "crypto/evp/p_lib.c",
+ "crypto/evp/evp_key.c",
+ "crypto/evp/encode.c",
+ "crypto/evp/e_aes_cbc_hmac_sha1.c",
+ "crypto/evp/e_aes_cbc_hmac_sha256.c",
+ "crypto/evp/m_mdc2.c",
+ "crypto/evp/e_null.c",
+ "crypto/evp/p_sign.c",
+ "crypto/evp/e_idea.c",
+ "crypto/evp/c_allc.c",
+ "crypto/evp/evp_pkey.c",
+ "crypto/evp/m_md4.c",
+ "crypto/ex_data.c",
+ "crypto/pkcs12/p12_p8e.c",
+ "crypto/pkcs12/p12_crt.c",
+ "crypto/pkcs12/p12_utl.c",
+ "crypto/pkcs12/p12_attr.c",
+ "crypto/pkcs12/p12_npas.c",
+ "crypto/pkcs12/p12_decr.c",
+ "crypto/pkcs12/p12_init.c",
+ "crypto/pkcs12/p12_kiss.c",
+ "crypto/pkcs12/p12_add.c",
+ "crypto/pkcs12/p12_p8d.c",
+ "crypto/pkcs12/p12_mutl.c",
+ "crypto/pkcs12/p12_crpt.c",
+ "crypto/pkcs12/pk12err.c",
+ "crypto/pkcs12/p12_asn.c",
+ "crypto/pkcs12/p12_key.c",
+ "crypto/ecdh/ech_key.c",
+ "crypto/ecdh/ech_ossl.c",
+ "crypto/ecdh/ech_lib.c",
+ "crypto/ecdh/ech_err.c",
+ "crypto/ecdh/ech_kdf.c",
+ "crypto/o_str.c",
+ "crypto/conf/conf_api.c",
+ "crypto/conf/conf_err.c",
+ "crypto/conf/conf_def.c",
+ "crypto/conf/conf_lib.c",
+ "crypto/conf/conf_mall.c",
+ "crypto/conf/conf_sap.c",
+ "crypto/conf/conf_mod.c",
+ "crypto/ebcdic.c",
+ "crypto/ecdsa/ecs_lib.c",
+ "crypto/ecdsa/ecs_asn1.c",
+ "crypto/ecdsa/ecs_ossl.c",
+ "crypto/ecdsa/ecs_vrf.c",
+ "crypto/ecdsa/ecs_sign.c",
+ "crypto/ecdsa/ecs_err.c",
+ "crypto/dso/dso_win32.c",
+ "crypto/dso/dso_lib.c",
+ "crypto/dso/dso_dlfcn.c",
+ "crypto/dso/dso_dl.c",
+ "crypto/dso/dso_beos.c",
+ "crypto/dso/dso_null.c",
+ "crypto/dso/dso_vms.c",
+ "crypto/dso/dso_err.c",
+ "crypto/dso/dso_openssl.c",
+ "crypto/cryptlib.c",
+ "crypto/md5/md5_one.c",
+ "crypto/md5/md5_dgst.c",
+ "crypto/pkcs7/pkcs7err.c",
+ "crypto/pkcs7/pk7_smime.c",
+ "crypto/pkcs7/bio_pk7.c",
+ "crypto/pkcs7/pk7_mime.c",
+ "crypto/pkcs7/pk7_lib.c",
+ "crypto/pkcs7/pk7_asn1.c",
+ "crypto/pkcs7/pk7_doit.c",
+ "crypto/pkcs7/pk7_attr.c",
+ "crypto/md4/md4_one.c",
+ "crypto/md4/md4_dgst.c",
+ "crypto/o_dir.c",
+ "crypto/buffer/buf_err.c",
+ "crypto/buffer/buf_str.c",
+ "crypto/buffer/buffer.c",
+ "crypto/cms/cms_lib.c",
+ "crypto/cms/cms_io.c",
+ "crypto/cms/cms_err.c",
+ "crypto/cms/cms_dd.c",
+ "crypto/cms/cms_smime.c",
+ "crypto/cms/cms_att.c",
+ "crypto/cms/cms_pwri.c",
+ "crypto/cms/cms_cd.c",
+ "crypto/cms/cms_sd.c",
+ "crypto/cms/cms_asn1.c",
+ "crypto/cms/cms_env.c",
+ "crypto/cms/cms_enc.c",
+ "crypto/cms/cms_ess.c",
+ "crypto/cms/cms_kari.c",
+ "crypto/mem_dbg.c",
+ "crypto/uid.c",
+ "crypto/stack/stack.c",
+ "crypto/ec/ec_ameth.c",
+ "crypto/ec/ec_err.c",
+ "crypto/ec/ec_lib.c",
+ "crypto/ec/ec_curve.c",
+ "crypto/ec/ec_oct.c",
+ "crypto/ec/ec_asn1.c",
+ "crypto/ec/ecp_oct.c",
+ "crypto/ec/ec_print.c",
+ "crypto/ec/ec2_smpl.c",
+ "crypto/ec/ecp_nistp224.c",
+ "crypto/ec/ec2_oct.c",
+ "crypto/ec/eck_prn.c",
+ "crypto/ec/ec_key.c",
+ "crypto/ec/ecp_nist.c",
+ "crypto/ec/ec_check.c",
+ "crypto/ec/ecp_smpl.c",
+ "crypto/ec/ec2_mult.c",
+ "crypto/ec/ecp_mont.c",
+ "crypto/ec/ecp_nistp521.c",
+ "crypto/ec/ec_mult.c",
+ "crypto/ec/ecp_nistputil.c",
+ "crypto/ec/ec_pmeth.c",
+ "crypto/ec/ec_cvt.c",
+ "crypto/ec/ecp_nistp256.c",
+ "crypto/krb5/krb5_asn.c",
+ "crypto/hmac/hmac.c",
+ "crypto/hmac/hm_ameth.c",
+ "crypto/hmac/hm_pmeth.c",
+ "crypto/comp/c_rle.c",
+ "crypto/comp/c_zlib.c",
+ "crypto/comp/comp_lib.c",
+ "crypto/comp/comp_err.c",
+ "crypto/des/fcrypt.c",
+ "crypto/des/str2key.c",
+ "crypto/des/cbc_cksm.c",
+ "crypto/des/des_enc.c",
+ "crypto/des/ofb_enc.c",
+ "crypto/des/read2pwd.c",
+ "crypto/des/ecb3_enc.c",
+ "crypto/des/rand_key.c",
+ "crypto/des/cfb64ede.c",
+ "crypto/des/rpc_enc.c",
+ "crypto/des/ofb64ede.c",
+ "crypto/des/qud_cksm.c",
+ "crypto/des/enc_writ.c",
+ "crypto/des/set_key.c",
+ "crypto/des/xcbc_enc.c",
+ "crypto/des/fcrypt_b.c",
+ "crypto/des/ede_cbcm_enc.c",
+ "crypto/des/des_old2.c",
+ "crypto/des/cfb_enc.c",
+ "crypto/des/ecb_enc.c",
+ "crypto/des/enc_read.c",
+ "crypto/des/des_old.c",
+ "crypto/des/ofb64enc.c",
+ "crypto/des/pcbc_enc.c",
+ "crypto/des/cbc_enc.c",
+ "crypto/des/cfb64enc.c",
+ "crypto/lhash/lh_stats.c",
+ "crypto/lhash/lhash.c",
+ "crypto/x509v3/v3_genn.c",
+ "crypto/x509v3/pcy_cache.c",
+ "crypto/x509v3/v3_sxnet.c",
+ "crypto/x509v3/v3_scts.c",
+ "crypto/x509v3/v3err.c",
+ "crypto/x509v3/v3_conf.c",
+ "crypto/x509v3/v3_utl.c",
+ "crypto/x509v3/v3_akeya.c",
+ "crypto/x509v3/v3_lib.c",
+ "crypto/x509v3/pcy_lib.c",
+ "crypto/x509v3/v3_cpols.c",
+ "crypto/x509v3/v3_ia5.c",
+ "crypto/x509v3/v3_bitst.c",
+ "crypto/x509v3/v3_skey.c",
+ "crypto/x509v3/v3_info.c",
+ "crypto/x509v3/v3_asid.c",
+ "crypto/x509v3/pcy_tree.c",
+ "crypto/x509v3/v3_pcons.c",
+ "crypto/x509v3/v3_bcons.c",
+ "crypto/x509v3/v3_pku.c",
+ "crypto/x509v3/v3_ocsp.c",
+ "crypto/x509v3/pcy_map.c",
+ "crypto/x509v3/v3_ncons.c",
+ "crypto/x509v3/v3_purp.c",
+ "crypto/x509v3/v3_enum.c",
+ "crypto/x509v3/v3_pmaps.c",
+ "crypto/x509v3/pcy_node.c",
+ "crypto/x509v3/v3_pcia.c",
+ "crypto/x509v3/v3_crld.c",
+ "crypto/x509v3/v3_pci.c",
+ "crypto/x509v3/v3_akey.c",
+ "crypto/x509v3/v3_addr.c",
+ "crypto/x509v3/v3_int.c",
+ "crypto/x509v3/v3_alt.c",
+ "crypto/x509v3/v3_extku.c",
+ "crypto/x509v3/v3_prn.c",
+ "crypto/x509v3/pcy_data.c",
+ "crypto/aes/aes_ofb.c",
+ "crypto/aes/aes_ctr.c",
+ "crypto/aes/aes_ecb.c",
+ "crypto/aes/aes_cfb.c",
+ "crypto/aes/aes_wrap.c",
+ "crypto/aes/aes_ige.c",
+ "crypto/aes/aes_misc.c",
+ "crypto/pqueue/pqueue.c",
+ "crypto/sha/sha_one.c",
+ "crypto/sha/sha_dgst.c",
+ "crypto/sha/sha512.c",
+ "crypto/sha/sha1_one.c",
+ "crypto/sha/sha1dgst.c",
+ "crypto/sha/sha256.c",
+ "crypto/whrlpool/wp_dgst.c",
+ "crypto/objects/obj_xref.c",
+ "crypto/objects/o_names.c",
+ "crypto/objects/obj_err.c",
+ "crypto/objects/obj_dat.c",
+ "crypto/objects/obj_lib.c",
+ "crypto/mem.c",
+ "crypto/fips_ers.c",
+ "crypto/o_fips.c",
+ "crypto/engine/eng_rdrand.c",
+ "crypto/engine/eng_err.c",
+ "crypto/engine/tb_ecdsa.c",
+ "crypto/engine/tb_rsa.c",
+ "crypto/engine/tb_cipher.c",
+ "crypto/engine/tb_dsa.c",
+ "crypto/engine/eng_lib.c",
+ "crypto/engine/tb_asnmth.c",
+ "crypto/engine/tb_ecdh.c",
+ "crypto/engine/tb_dh.c",
+ "crypto/engine/tb_store.c",
+ "crypto/engine/eng_init.c",
+ "crypto/engine/eng_cnf.c",
+ "crypto/engine/eng_all.c",
+ "crypto/engine/tb_digest.c",
+ "crypto/engine/tb_pkmeth.c",
+ "crypto/engine/eng_table.c",
+ "crypto/engine/eng_ctrl.c",
+ "crypto/engine/eng_list.c",
+ "crypto/engine/eng_cryptodev.c",
+ "crypto/engine/eng_pkey.c",
+ "crypto/engine/tb_rand.c",
+ "crypto/engine/eng_openssl.c",
+ "crypto/engine/eng_fat.c",
+ "crypto/engine/eng_dyn.c",
+ "crypto/ts/ts_rsp_verify.c",
+ "crypto/ts/ts_req_print.c",
+ "crypto/ts/ts_verify_ctx.c",
+ "crypto/ts/ts_req_utils.c",
+ "crypto/ts/ts_err.c",
+ "crypto/ts/ts_rsp_print.c",
+ "crypto/ts/ts_rsp_utils.c",
+ "crypto/ts/ts_lib.c",
+ "crypto/ts/ts_conf.c",
+ "crypto/ts/ts_asn1.c",
+ "crypto/ts/ts_rsp_sign.c",
+ "crypto/ocsp/ocsp_ext.c",
+ "crypto/ocsp/ocsp_cl.c",
+ "crypto/ocsp/ocsp_ht.c",
+ "crypto/ocsp/ocsp_lib.c",
+ "crypto/ocsp/ocsp_srv.c",
+ "crypto/ocsp/ocsp_vfy.c",
+ "crypto/ocsp/ocsp_err.c",
+ "crypto/ocsp/ocsp_prn.c",
+ "crypto/ocsp/ocsp_asn.c",
+ "crypto/bf/bf_cfb64.c",
+ "crypto/bf/bf_ecb.c",
+ "crypto/bf/bf_enc.c",
+ "crypto/bf/bf_skey.c",
+ "crypto/bf/bf_ofb64.c",
+ "crypto/idea/i_skey.c",
+ "crypto/idea/i_ofb64.c",
+ "crypto/idea/i_cbc.c",
+ "crypto/idea/i_ecb.c",
+ "crypto/idea/i_cfb64.c",
+ "crypto/cmac/cm_ameth.c",
+ "crypto/cmac/cmac.c",
+ "crypto/cmac/cm_pmeth.c",
+ "crypto/dh/dh_lib.c",
+ "crypto/dh/dh_key.c",
+ "crypto/dh/dh_asn1.c",
+ "crypto/dh/dh_depr.c",
+ "crypto/dh/dh_pmeth.c",
+ "crypto/dh/dh_prn.c",
+ "crypto/dh/dh_gen.c",
+ "crypto/dh/dh_ameth.c",
+ "crypto/dh/dh_check.c",
+ "crypto/dh/dh_err.c",
+ "crypto/dh/dh_kdf.c",
+ "crypto/dh/dh_rfc5114.c",
+ "crypto/modes/ccm128.c",
+ "crypto/modes/ofb128.c",
+ "crypto/modes/cts128.c",
+ "crypto/modes/ctr128.c",
+ "crypto/modes/gcm128.c",
+ "crypto/modes/cbc128.c",
+ "crypto/modes/cfb128.c",
+ "crypto/modes/xts128.c",
+ "crypto/modes/wrap128.c",
+ "crypto/camellia/cmll_cfb.c",
+ "crypto/camellia/cmll_ecb.c",
+ "crypto/camellia/cmll_utl.c",
+ "crypto/camellia/cmll_misc.c",
+ "crypto/camellia/cmll_ofb.c",
+ "crypto/camellia/cmll_ctr.c",
+ "crypto/seed/seed_ecb.c",
+ "crypto/seed/seed_cbc.c",
+ "crypto/seed/seed.c",
+ "crypto/seed/seed_ofb.c",
+ "crypto/seed/seed_cfb.c",
+ "crypto/txt_db/txt_db.c",
+ "crypto/cpt_err.c",
+ "crypto/pem/pem_pk8.c",
+ "crypto/pem/pem_lib.c",
+ "crypto/pem/pem_sign.c",
+ "crypto/pem/pem_all.c",
+ "crypto/pem/pem_info.c",
+ "crypto/pem/pem_pkey.c",
+ "crypto/pem/pem_seal.c",
+ "crypto/pem/pem_err.c",
+ "crypto/pem/pem_xaux.c",
+ "crypto/pem/pvkfmt.c",
+ "crypto/pem/pem_x509.c",
+ "crypto/pem/pem_oth.c",
+ "crypto/rand/rand_lib.c",
+ "crypto/rand/randfile.c",
+ "crypto/rand/rand_os2.c",
+ "crypto/rand/rand_unix.c",
+ "crypto/rand/rand_nw.c",
+ "crypto/rand/md_rand.c",
+ "crypto/rand/rand_err.c",
+ "crypto/rand/rand_win.c",
+ "crypto/rand/rand_egd.c",
+ "crypto/cversion.c",
+ "crypto/cast/c_ecb.c",
+ "crypto/cast/c_skey.c",
+ "crypto/cast/c_ofb64.c",
+ "crypto/cast/c_enc.c",
+ "crypto/cast/c_cfb64.c",
+ "crypto/o_time.c",
+ "crypto/mdc2/mdc2dgst.c",
+ "crypto/mdc2/mdc2_one.c",
+ "crypto/rc4/rc4_utl.c",
+ "crypto/ui/ui_compat.c",
+ "crypto/ui/ui_util.c",
+ "crypto/ui/ui_lib.c",
+ "crypto/ui/ui_err.c",
+ "crypto/ui/ui_openssl.c",
+ "crypto/bio/bf_buff.c",
+ "crypto/bio/bss_null.c",
+ "crypto/bio/bss_acpt.c",
+ "crypto/bio/bss_conn.c",
+ "crypto/bio/bss_fd.c",
+ "crypto/bio/bf_null.c",
+ "crypto/bio/bio_err.c",
+ "crypto/bio/bss_sock.c",
+ "crypto/bio/bss_mem.c",
+ "crypto/bio/b_dump.c",
+ "crypto/bio/b_print.c",
+ "crypto/bio/b_sock.c",
+ "crypto/bio/bss_dgram.c",
+ "crypto/bio/bf_nbio.c",
+ "crypto/bio/bio_lib.c",
+ "crypto/bio/bss_file.c",
+ "crypto/bio/bss_bio.c",
+ "crypto/bio/bss_log.c",
+ "crypto/bio/bio_cb.c",
+ "crypto/o_init.c",
+ "crypto/rc2/rc2_skey.c",
+ "crypto/rc2/rc2_cbc.c",
+ "crypto/rc2/rc2cfb64.c",
+ "crypto/rc2/rc2_ecb.c",
+ "crypto/rc2/rc2ofb64.c",
+ "crypto/bn/bn_x931p.c",
+ "crypto/bn/bn_blind.c",
+ "crypto/bn/bn_gf2m.c",
+ "crypto/bn/bn_const.c",
+ "crypto/bn/bn_sqr.c",
+ "crypto/bn/bn_nist.c",
+ "crypto/bn/bn_rand.c",
+ "crypto/bn/bn_err.c",
+ "crypto/bn/bn_div.c",
+ "crypto/bn/bn_kron.c",
+ "crypto/bn/bn_ctx.c",
+ "crypto/bn/bn_shift.c",
+ "crypto/bn/bn_mod.c",
+ "crypto/bn/bn_exp2.c",
+ "crypto/bn/bn_word.c",
+ "crypto/bn/bn_add.c",
+ "crypto/bn/bn_exp.c",
+ "crypto/bn/bn_mont.c",
+ "crypto/bn/bn_print.c",
+ "crypto/bn/bn_mul.c",
+ "crypto/bn/bn_prime.c",
+ "crypto/bn/bn_depr.c",
+ "crypto/bn/bn_gcd.c",
+ "crypto/bn/bn_mpi.c",
+ "crypto/bn/bn_sqrt.c",
+ "crypto/bn/bn_recp.c",
+ "crypto/bn/bn_lib.c",
+ "crypto/ripemd/rmd_dgst.c",
+ "crypto/ripemd/rmd_one.c",
+ "crypto/rsa/rsa_x931.c",
+ "crypto/rsa/rsa_depr.c",
+ "crypto/rsa/rsa_saos.c",
+ "crypto/rsa/rsa_crpt.c",
+ "crypto/rsa/rsa_pss.c",
+ "crypto/rsa/rsa_oaep.c",
+ "crypto/rsa/rsa_null.c",
+ "crypto/rsa/rsa_gen.c",
+ "crypto/rsa/rsa_prn.c",
+ "crypto/rsa/rsa_pmeth.c",
+ "crypto/rsa/rsa_asn1.c",
+ "crypto/rsa/rsa_ssl.c",
+ "crypto/rsa/rsa_ameth.c",
+ "crypto/rsa/rsa_pk1.c",
+ "crypto/rsa/rsa_err.c",
+ "crypto/rsa/rsa_lib.c",
+ "crypto/rsa/rsa_none.c",
+ "crypto/rsa/rsa_chk.c",
+ "crypto/rsa/rsa_eay.c",
+ "crypto/rsa/rsa_sign.c",
+ "crypto/srp/srp_lib.c",
+ "crypto/srp/srp_vfy.c",
+ "crypto/err/err.c",
+ "crypto/err/err_prn.c",
+ "crypto/err/err_all.c",
+ "crypto/mem_clr.c",
+ "crypto/rc4/rc4_skey.c",
+ "crypto/rc4/rc4_enc.c",
+ "crypto/camellia/camellia.c",
+ "crypto/camellia/cmll_cbc.c",
+ #"crypto/aes/aes_x86core.c",
+ "crypto/aes/aes_core.c",
+ "crypto/aes/aes_cbc.c",
+ "crypto/whrlpool/wp_block.c",
+ "crypto/bn/bn_asm.c",
+ ]
+
+ if "platform" in env and env["platform"] == "winrt":
+ thirdparty_openssl_sources += ['winrt.cpp']
+
+ thirdparty_openssl_sources = [thirdparty_dir + file for file in thirdparty_openssl_sources]
+
+ env_modules.add_source_files(env.modules_sources, thirdparty_openssl_sources)
+
+ # FIXME: Clone the environment to make a env_openssl and not pollute the modules env
+ thirdparty_include_paths = [
+ "",
+ "crypto",
+ "crypto/asn1",
+ "crypto/evp",
+ "crypto/modes",
+ "openssl",
+ ]
+ env_modules.Append(CPPPATH = [thirdparty_dir + "/" + dir for dir in thirdparty_include_paths])
+
+ env_modules.Append(CPPFLAGS = ["-DOPENSSL_NO_ASM", "-DOPENSSL_THREADS", "-DL_ENDIAN"])
+
+ # Workaround for compilation error with GCC/Clang when -Werror is too greedy (GH-4517)
+ import os
+ import methods
+ if not (os.name=="nt" and methods.msvc_is_detected()): # not Windows and not MSVC
+ env_modules.Append(CFLAGS = ["-Wno-error=implicit-function-declaration"])
+
+
+# Module sources
+env_modules.add_source_files(env.modules_sources, "*.cpp")
+env_modules.add_source_files(env.modules_sources, "*.c")
+
+# platform/winrt need to know openssl is available, pass to main env
+if "platform" in env and env["platform"] == "winrt":
+ env.Append(CPPPATH = [thirdparty_dir])
+ env.Append(CPPFLAGS = ['-DOPENSSL_ENABLED']);
+
+Export('env_modules')
+Export('env')
diff --git a/modules/openssl/config.py b/modules/openssl/config.py
new file mode 100644
index 0000000000..368e97e152
--- /dev/null
+++ b/modules/openssl/config.py
@@ -0,0 +1,6 @@
+
+def can_build(platform):
+ return True
+
+def configure(env):
+ pass
diff --git a/modules/openssl/curl_hostcheck.c b/modules/openssl/curl_hostcheck.c
new file mode 100644
index 0000000000..feef232619
--- /dev/null
+++ b/modules/openssl/curl_hostcheck.c
@@ -0,0 +1,217 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/* This file is an amalgamation of hostcheck.c and most of rawstr.c
+ from cURL. The contents of the COPYING file mentioned above are:
+
+COPYRIGHT AND PERMISSION NOTICE
+
+Copyright (c) 1996 - 2013, Daniel Stenberg, <daniel@haxx.se>.
+
+All rights reserved.
+
+Permission to use, copy, modify, and distribute this software for any purpose
+with or without fee is hereby granted, provided that the above copyright
+notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN
+NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE
+OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of a copyright holder shall not
+be used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization of the copyright holder.
+*/
+
+#include "curl_hostcheck.h"
+#include <string.h>
+
+/* Portable, consistent toupper (remember EBCDIC). Do not use toupper() because
+ its behavior is altered by the current locale. */
+static char Curl_raw_toupper(char in)
+{
+ switch (in) {
+ case 'a':
+ return 'A';
+ case 'b':
+ return 'B';
+ case 'c':
+ return 'C';
+ case 'd':
+ return 'D';
+ case 'e':
+ return 'E';
+ case 'f':
+ return 'F';
+ case 'g':
+ return 'G';
+ case 'h':
+ return 'H';
+ case 'i':
+ return 'I';
+ case 'j':
+ return 'J';
+ case 'k':
+ return 'K';
+ case 'l':
+ return 'L';
+ case 'm':
+ return 'M';
+ case 'n':
+ return 'N';
+ case 'o':
+ return 'O';
+ case 'p':
+ return 'P';
+ case 'q':
+ return 'Q';
+ case 'r':
+ return 'R';
+ case 's':
+ return 'S';
+ case 't':
+ return 'T';
+ case 'u':
+ return 'U';
+ case 'v':
+ return 'V';
+ case 'w':
+ return 'W';
+ case 'x':
+ return 'X';
+ case 'y':
+ return 'Y';
+ case 'z':
+ return 'Z';
+ }
+ return in;
+}
+
+/*
+ * Curl_raw_equal() is for doing "raw" case insensitive strings. This is meant
+ * to be locale independent and only compare strings we know are safe for
+ * this. See http://daniel.haxx.se/blog/2008/10/15/strcasecmp-in-turkish/ for
+ * some further explanation to why this function is necessary.
+ *
+ * The function is capable of comparing a-z case insensitively even for
+ * non-ascii.
+ */
+
+static int Curl_raw_equal(const char *first, const char *second)
+{
+ while(*first && *second) {
+ if(Curl_raw_toupper(*first) != Curl_raw_toupper(*second))
+ /* get out of the loop as soon as they don't match */
+ break;
+ first++;
+ second++;
+ }
+ /* we do the comparison here (possibly again), just to make sure that if the
+ loop above is skipped because one of the strings reached zero, we must not
+ return this as a successful match */
+ return (Curl_raw_toupper(*first) == Curl_raw_toupper(*second));
+}
+
+static int Curl_raw_nequal(const char *first, const char *second, size_t max)
+{
+ while(*first && *second && max) {
+ if(Curl_raw_toupper(*first) != Curl_raw_toupper(*second)) {
+ break;
+ }
+ max--;
+ first++;
+ second++;
+ }
+ if(0 == max)
+ return 1; /* they are equal this far */
+
+ return Curl_raw_toupper(*first) == Curl_raw_toupper(*second);
+}
+
+/*
+ * Match a hostname against a wildcard pattern.
+ * E.g.
+ * "foo.host.com" matches "*.host.com".
+ *
+ * We use the matching rule described in RFC6125, section 6.4.3.
+ * http://tools.ietf.org/html/rfc6125#section-6.4.3
+ */
+
+static int hostmatch(const char *hostname, const char *pattern)
+{
+ const char *pattern_label_end, *pattern_wildcard, *hostname_label_end;
+ int wildcard_enabled;
+ size_t prefixlen, suffixlen;
+ pattern_wildcard = strchr(pattern, '*');
+ if(pattern_wildcard == NULL)
+ return Curl_raw_equal(pattern, hostname) ?
+ CURL_HOST_MATCH : CURL_HOST_NOMATCH;
+
+ /* We require at least 2 dots in pattern to avoid too wide wildcard
+ match. */
+ wildcard_enabled = 1;
+ pattern_label_end = strchr(pattern, '.');
+ if(pattern_label_end == NULL || strchr(pattern_label_end+1, '.') == NULL ||
+ pattern_wildcard > pattern_label_end ||
+ Curl_raw_nequal(pattern, "xn--", 4)) {
+ wildcard_enabled = 0;
+ }
+ if(!wildcard_enabled)
+ return Curl_raw_equal(pattern, hostname) ?
+ CURL_HOST_MATCH : CURL_HOST_NOMATCH;
+
+ hostname_label_end = strchr(hostname, '.');
+ if(hostname_label_end == NULL ||
+ !Curl_raw_equal(pattern_label_end, hostname_label_end))
+ return CURL_HOST_NOMATCH;
+
+ /* The wildcard must match at least one character, so the left-most
+ label of the hostname is at least as large as the left-most label
+ of the pattern. */
+ if(hostname_label_end - hostname < pattern_label_end - pattern)
+ return CURL_HOST_NOMATCH;
+
+ prefixlen = pattern_wildcard - pattern;
+ suffixlen = pattern_label_end - (pattern_wildcard+1);
+ return Curl_raw_nequal(pattern, hostname, prefixlen) &&
+ Curl_raw_nequal(pattern_wildcard+1, hostname_label_end - suffixlen,
+ suffixlen) ?
+ CURL_HOST_MATCH : CURL_HOST_NOMATCH;
+}
+
+int Tool_Curl_cert_hostcheck(const char *match_pattern, const char *hostname)
+{
+ if(!match_pattern || !*match_pattern ||
+ !hostname || !*hostname) /* sanity check */
+ return 0;
+
+ if(Curl_raw_equal(hostname, match_pattern)) /* trivial case */
+ return 1;
+
+ if(hostmatch(hostname,match_pattern) == CURL_HOST_MATCH)
+ return 1;
+ return 0;
+}
diff --git a/modules/openssl/curl_hostcheck.h b/modules/openssl/curl_hostcheck.h
new file mode 100644
index 0000000000..1b7fbe81e3
--- /dev/null
+++ b/modules/openssl/curl_hostcheck.h
@@ -0,0 +1,39 @@
+#ifndef HEADER_TOOL_CURL_HOSTCHECK_H
+#define HEADER_TOOL_CURL_HOSTCHECK_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#define CURL_HOST_NOMATCH 0
+#define CURL_HOST_MATCH 1
+int Tool_Curl_cert_hostcheck(const char *match_pattern, const char *hostname);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HEADER_CURL_HOSTCHECK_H */
+
diff --git a/modules/openssl/register_types.cpp b/modules/openssl/register_types.cpp
new file mode 100644
index 0000000000..4aba9f530e
--- /dev/null
+++ b/modules/openssl/register_types.cpp
@@ -0,0 +1,42 @@
+/*************************************************************************/
+/* register_types.cpp */
+/*************************************************************************/
+/* This file is part of: */
+/* GODOT ENGINE */
+/* http://www.godotengine.org */
+/*************************************************************************/
+/* Copyright (c) 2007-2016 Juan Linietsky, Ariel Manzur. */
+/* */
+/* Permission is hereby granted, free of charge, to any person obtaining */
+/* a copy of this software and associated documentation files (the */
+/* "Software"), to deal in the Software without restriction, including */
+/* without limitation the rights to use, copy, modify, merge, publish, */
+/* distribute, sublicense, and/or sell copies of the Software, and to */
+/* permit persons to whom the Software is furnished to do so, subject to */
+/* the following conditions: */
+/* */
+/* The above copyright notice and this permission notice shall be */
+/* included in all copies or substantial portions of the Software. */
+/* */
+/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
+/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
+/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
+/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
+/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
+/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
+/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
+/*************************************************************************/
+#include "register_types.h"
+
+#include "stream_peer_openssl.h"
+
+void register_openssl_types() {
+
+ ObjectTypeDB::register_type<StreamPeerOpenSSL>();
+ StreamPeerOpenSSL::initialize_ssl();
+}
+
+void unregister_openssl_types() {
+
+ StreamPeerOpenSSL::finalize_ssl();
+}
diff --git a/modules/openssl/register_types.h b/modules/openssl/register_types.h
new file mode 100644
index 0000000000..2db140cc80
--- /dev/null
+++ b/modules/openssl/register_types.h
@@ -0,0 +1,30 @@
+/*************************************************************************/
+/* register_types.h */
+/*************************************************************************/
+/* This file is part of: */
+/* GODOT ENGINE */
+/* http://www.godotengine.org */
+/*************************************************************************/
+/* Copyright (c) 2007-2016 Juan Linietsky, Ariel Manzur. */
+/* */
+/* Permission is hereby granted, free of charge, to any person obtaining */
+/* a copy of this software and associated documentation files (the */
+/* "Software"), to deal in the Software without restriction, including */
+/* without limitation the rights to use, copy, modify, merge, publish, */
+/* distribute, sublicense, and/or sell copies of the Software, and to */
+/* permit persons to whom the Software is furnished to do so, subject to */
+/* the following conditions: */
+/* */
+/* The above copyright notice and this permission notice shall be */
+/* included in all copies or substantial portions of the Software. */
+/* */
+/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
+/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
+/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
+/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
+/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
+/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
+/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
+/*************************************************************************/
+void register_openssl_types();
+void unregister_openssl_types();
diff --git a/modules/openssl/stream_peer_openssl.cpp b/modules/openssl/stream_peer_openssl.cpp
new file mode 100644
index 0000000000..b9bec4ca0b
--- /dev/null
+++ b/modules/openssl/stream_peer_openssl.cpp
@@ -0,0 +1,646 @@
+/*************************************************************************/
+/* stream_peer_openssl.cpp */
+/*************************************************************************/
+/* This file is part of: */
+/* GODOT ENGINE */
+/* http://www.godotengine.org */
+/*************************************************************************/
+/* Copyright (c) 2007-2016 Juan Linietsky, Ariel Manzur. */
+/* */
+/* Permission is hereby granted, free of charge, to any person obtaining */
+/* a copy of this software and associated documentation files (the */
+/* "Software"), to deal in the Software without restriction, including */
+/* without limitation the rights to use, copy, modify, merge, publish, */
+/* distribute, sublicense, and/or sell copies of the Software, and to */
+/* permit persons to whom the Software is furnished to do so, subject to */
+/* the following conditions: */
+/* */
+/* The above copyright notice and this permission notice shall be */
+/* included in all copies or substantial portions of the Software. */
+/* */
+/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
+/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
+/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
+/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
+/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
+/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
+/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
+/*************************************************************************/
+#include "stream_peer_openssl.h"
+//hostname matching code from curl
+
+
+//#include <openssl/applink.c> // To prevent crashing (see the OpenSSL FAQ)
+
+bool StreamPeerOpenSSL::_match_host_name(const char *name, const char *hostname) {
+
+ return Tool_Curl_cert_hostcheck(name,hostname)==CURL_HOST_MATCH;
+// print_line("MATCH: "+String(name)+" vs "+String(hostname));
+// return true;
+}
+
+Error StreamPeerOpenSSL::_match_common_name(const char *hostname, const X509 *server_cert) {
+
+ int common_name_loc = -1;
+ X509_NAME_ENTRY *common_name_entry = NULL;
+ ASN1_STRING *common_name_asn1 = NULL;
+ char *common_name_str = NULL;
+
+ // Find the position of the CN field in the Subject field of the certificate
+ common_name_loc = X509_NAME_get_index_by_NID(X509_get_subject_name((X509 *) server_cert), NID_commonName, -1);
+
+ ERR_FAIL_COND_V(common_name_loc < 0, ERR_INVALID_PARAMETER );
+
+ // Extract the CN field
+ common_name_entry = X509_NAME_get_entry(X509_get_subject_name((X509 *) server_cert), common_name_loc);
+
+ ERR_FAIL_COND_V(common_name_entry == NULL, ERR_INVALID_PARAMETER );
+
+ // Convert the CN field to a C string
+ common_name_asn1 = X509_NAME_ENTRY_get_data(common_name_entry);
+
+ ERR_FAIL_COND_V(common_name_asn1 == NULL, ERR_INVALID_PARAMETER );
+
+ common_name_str = (char *) ASN1_STRING_data(common_name_asn1);
+
+ // Make sure there isn't an embedded NUL character in the CN
+ bool malformed_certificate = (size_t)ASN1_STRING_length(common_name_asn1) != strlen(common_name_str);
+
+ ERR_FAIL_COND_V(malformed_certificate, ERR_INVALID_PARAMETER );
+
+
+ // Compare expected hostname with the CN
+
+
+ return _match_host_name(common_name_str,hostname)?OK:FAILED;
+
+}
+
+
+/**
+* Tries to find a match for hostname in the certificate's Subject Alternative Name extension.
+*
+*/
+
+Error StreamPeerOpenSSL::_match_subject_alternative_name(const char *hostname, const X509 *server_cert) {
+
+ Error result = FAILED;
+ int i;
+ int san_names_nb = -1;
+ STACK_OF(GENERAL_NAME) *san_names = NULL;
+
+ // Try to extract the names within the SAN extension from the certificate
+ san_names = (STACK_OF(GENERAL_NAME) *)X509_get_ext_d2i((X509 *) server_cert, NID_subject_alt_name, NULL, NULL);
+ if (san_names == NULL) {
+ return ERR_FILE_NOT_FOUND;
+ }
+ san_names_nb = sk_GENERAL_NAME_num(san_names);
+
+ // Check each name within the extension
+ for (i=0; i<san_names_nb; i++) {
+ const GENERAL_NAME *current_name = sk_GENERAL_NAME_value(san_names, i);
+
+ if (current_name->type == GEN_DNS) {
+ // Current name is a DNS name, let's check it
+ char *dns_name = (char *) ASN1_STRING_data(current_name->d.dNSName);
+
+ // Make sure there isn't an embedded NUL character in the DNS name
+ if ((size_t)ASN1_STRING_length(current_name->d.dNSName) != strlen(dns_name)) {
+ result = ERR_INVALID_PARAMETER;
+ break;
+ }
+ else { // Compare expected hostname with the DNS name
+ if (_match_host_name(dns_name, hostname)) {
+ result = OK;
+ break;
+ }
+ }
+ }
+ }
+ sk_GENERAL_NAME_pop_free(san_names, GENERAL_NAME_free);
+
+ return result;
+}
+
+/* See http://archives.seul.org/libevent/users/Jan-2013/msg00039.html */
+int StreamPeerOpenSSL::_cert_verify_callback(X509_STORE_CTX *x509_ctx, void *arg) {
+
+ /* This is the function that OpenSSL would call if we hadn't called
+ * SSL_CTX_set_cert_verify_callback(). Therefore, we are "wrapping"
+ * the default functionality, rather than replacing it. */
+
+ bool base_cert_valid = X509_verify_cert(x509_ctx);
+ if (!base_cert_valid) {
+ print_line("Cause: "+String(X509_verify_cert_error_string(X509_STORE_CTX_get_error(x509_ctx))));
+ ERR_print_errors_fp(stdout);
+ }
+ X509 *server_cert = X509_STORE_CTX_get_current_cert(x509_ctx);
+
+ ERR_FAIL_COND_V(!server_cert,0);
+
+ char cert_str[256];
+ X509_NAME_oneline(X509_get_subject_name (server_cert),
+ cert_str, sizeof (cert_str));
+
+ print_line("CERT STR: "+String(cert_str));
+ print_line("VALID: "+itos(base_cert_valid));
+
+ if (!base_cert_valid)
+ return 0;
+
+ StreamPeerOpenSSL *ssl = (StreamPeerOpenSSL *)arg;
+
+ if (ssl->validate_hostname) {
+
+ Error err = _match_subject_alternative_name(ssl->hostname.utf8().get_data(),server_cert);
+
+ if (err==ERR_FILE_NOT_FOUND) {
+
+ err = _match_common_name(ssl->hostname.utf8().get_data(),server_cert);
+ }
+
+ if (err!=OK) {
+
+ ssl->status=STATUS_ERROR_HOSTNAME_MISMATCH;
+ return 0;
+ }
+ }
+
+ return 1;
+
+}
+
+
+
+int StreamPeerOpenSSL::_bio_create( BIO *b ) {
+ b->init = 1;
+ b->num = 0;
+ b->ptr = NULL;
+ b->flags = 0;
+ return 1;
+}
+
+int StreamPeerOpenSSL::_bio_destroy( BIO *b )
+{
+ if ( b == NULL )
+ return 0;
+
+ b->ptr = NULL; /* sb_tls_remove() will free it */
+ b->init = 0;
+ b->flags = 0;
+ return 1;
+}
+
+int StreamPeerOpenSSL::_bio_read( BIO *b, char *buf, int len ) {
+
+
+ if ( buf == NULL || len <= 0 ) return 0;
+
+ StreamPeerOpenSSL *sp = (StreamPeerOpenSSL *)b->ptr;
+
+ ERR_FAIL_COND_V( sp == NULL, 0);
+
+ BIO_clear_retry_flags( b );
+ if (sp->use_blocking) {
+
+ Error err = sp->base->get_data((uint8_t*)buf,len);
+ if (err!=OK) {
+ return -1;
+ }
+
+ return len;
+ } else {
+
+ int got;
+ Error err = sp->base->get_partial_data((uint8_t*)buf,len,got);
+ if (err!=OK) {
+ return -1;
+ }
+ if (got==0) {
+ BIO_set_retry_read( b );
+ }
+ return got;
+ }
+
+ //unreachable
+ return 0;
+}
+
+int StreamPeerOpenSSL::_bio_write( BIO *b, const char *buf, int len ) {
+
+ if ( buf == NULL || len <= 0 ) return 0;
+
+ StreamPeerOpenSSL *sp = (StreamPeerOpenSSL *)b->ptr;
+
+ ERR_FAIL_COND_V( sp == NULL, 0);
+
+ BIO_clear_retry_flags( b );
+ if (sp->use_blocking) {
+
+ Error err = sp->base->put_data((const uint8_t*)buf,len);
+ if (err!=OK) {
+ return -1;
+ }
+
+ return len;
+ } else {
+
+ int sent;
+ Error err = sp->base->put_partial_data((const uint8_t*)buf,len,sent);
+ if (err!=OK) {
+ return -1;
+ }
+ if (sent==0) {
+ BIO_set_retry_write( b );
+ }
+ return sent;
+
+ }
+
+ //unreachable
+ return 0;
+}
+
+long StreamPeerOpenSSL::_bio_ctrl( BIO *b, int cmd, long num, void *ptr )
+{
+ if ( cmd == BIO_CTRL_FLUSH ) {
+ /* The OpenSSL library needs this */
+ return 1;
+ }
+ return 0;
+}
+
+int StreamPeerOpenSSL::_bio_gets( BIO *b, char *buf, int len )
+{
+ return -1;
+}
+
+int StreamPeerOpenSSL::_bio_puts( BIO *b, const char *str )
+{
+ return _bio_write( b, str, strlen( str ) );
+}
+
+BIO_METHOD StreamPeerOpenSSL::_bio_method = {
+ /* it's a source/sink BIO */
+ ( 100 | 0x400 ),
+ "streampeer glue",
+ _bio_write,
+ _bio_read,
+ _bio_puts,
+ _bio_gets,
+ _bio_ctrl,
+ _bio_create,
+ _bio_destroy
+};
+
+Error StreamPeerOpenSSL::connect(Ref<StreamPeer> p_base, bool p_validate_certs, const String& p_for_hostname) {
+
+ if (connected)
+ disconnect();
+
+
+ hostname=p_for_hostname;
+ status=STATUS_DISCONNECTED;
+
+ // Set up a SSL_CTX object, which will tell our BIO object how to do its work
+ ctx = SSL_CTX_new(SSLv23_client_method());
+ base=p_base;
+ validate_certs=p_validate_certs;
+ validate_hostname=p_for_hostname!="";
+
+
+
+
+ if (p_validate_certs) {
+
+
+ if (certs.size()) {
+ //yay for undocumented OpenSSL functions
+
+ X509_STORE *store = SSL_CTX_get_cert_store(ctx);
+ for(int i=0;i<certs.size();i++) {
+
+ X509_STORE_add_cert(store,certs[i]);
+
+ }
+#if 0
+ const unsigned char *in=(const unsigned char *)certs.ptr();
+ X509 *Cert = d2i_X509(NULL, &in, certs.size()-1);
+ if (!Cert) {
+ print_line(String(ERR_error_string(ERR_get_error(),NULL)));
+ }
+ ERR_FAIL_COND_V(!Cert,ERR_PARSE_ERROR);
+
+ X509_STORE *store = SSL_CTX_get_cert_store(ctx);
+ X509_STORE_add_cert(store,Cert);
+
+ //char *str = X509_NAME_oneline(X509_get_subject_name(Cert),0,0);
+ //printf ("subject: %s\n", str); /* [1] */
+#endif
+ }
+
+ //used for testing
+ //int res = SSL_CTX_load_verify_locations(ctx,"/etc/ssl/certs/ca-certificates.crt",NULL);
+ //print_line("verify locations res: "+itos(res));
+
+
+ /* Ask OpenSSL to verify the server certificate. Note that this
+ * does NOT include verifying that the hostname is correct.
+ * So, by itself, this means anyone with any legitimate
+ * CA-issued certificate for any website, can impersonate any
+ * other website in the world. This is not good. See "The
+ * Most Dangerous Code in the World" article at
+ * https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html
+ */
+ SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
+ /* This is how we solve the problem mentioned in the previous
+ * comment. We "wrap" OpenSSL's validation routine in our
+ * own routine, which also validates the hostname by calling
+ * the code provided by iSECPartners. Note that even though
+ * the "Everything You've Always Wanted to Know About
+ * Certificate Validation With OpenSSL (But Were Afraid to
+ * Ask)" paper from iSECPartners says very explicitly not to
+ * call SSL_CTX_set_cert_verify_callback (at the bottom of
+ * page 2), what we're doing here is safe because our
+ * cert_verify_callback() calls X509_verify_cert(), which is
+ * OpenSSL's built-in routine which would have been called if
+ * we hadn't set the callback. Therefore, we're just
+ * "wrapping" OpenSSL's routine, not replacing it. */
+ SSL_CTX_set_cert_verify_callback (ctx, _cert_verify_callback,this);
+
+ //Let the verify_callback catch the verify_depth error so that we get an appropriate error in the logfile. (??)
+ SSL_CTX_set_verify_depth(ctx,max_cert_chain_depth + 1);
+
+ }
+
+
+
+
+
+ ssl = SSL_new( ctx );
+ bio = BIO_new( &_bio_method );
+ bio->ptr = this;
+ SSL_set_bio( ssl, bio, bio );
+
+ if (p_for_hostname!=String()) {
+ SSL_set_tlsext_host_name(ssl,p_for_hostname.utf8().get_data());
+ }
+
+ use_blocking=true; // let handshake use blocking
+ // Set the SSL to automatically retry on failure.
+ SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+
+ // Same as before, try to connect.
+ int result = SSL_connect( ssl );
+
+ print_line("CONNECTION RESULT: "+itos(result));
+ if (result<1) {
+ ERR_print_errors_fp(stdout);
+ _print_error(result);
+ }
+
+ X509 * peer = SSL_get_peer_certificate(ssl);
+
+ if (peer) {
+ bool cert_ok = SSL_get_verify_result(ssl) == X509_V_OK;
+ print_line("cert_ok: "+itos(cert_ok));
+
+ } else if (validate_certs){
+ status=STATUS_ERROR_NO_CERTIFICATE;
+ }
+
+ connected=true;
+ status=STATUS_CONNECTED;
+
+ return OK;
+}
+
+Error StreamPeerOpenSSL::accept(Ref<StreamPeer> p_base) {
+
+
+ return ERR_UNAVAILABLE;
+}
+
+void StreamPeerOpenSSL::_print_error(int err) {
+
+ err = SSL_get_error(ssl,err);
+ switch(err) {
+ case SSL_ERROR_NONE: ERR_PRINT("NO ERROR: The TLS/SSL I/O operation completed"); break;
+ case SSL_ERROR_ZERO_RETURN: ERR_PRINT("The TLS/SSL connection has been closed.");
+ case SSL_ERROR_WANT_READ:
+ case SSL_ERROR_WANT_WRITE:
+ ERR_PRINT("The operation did not complete."); break;
+ case SSL_ERROR_WANT_CONNECT:
+ case SSL_ERROR_WANT_ACCEPT:
+ ERR_PRINT("The connect/accept operation did not complete"); break;
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ ERR_PRINT("The operation did not complete because an application callback set by SSL_CTX_set_client_cert_cb() has asked to be called again."); break;
+ case SSL_ERROR_SYSCALL:
+ ERR_PRINT("Some I/O error occurred. The OpenSSL error queue may contain more information on the error."); break;
+ case SSL_ERROR_SSL:
+ ERR_PRINT("A failure in the SSL library occurred, usually a protocol error."); break;
+
+ }
+}
+
+Error StreamPeerOpenSSL::put_data(const uint8_t* p_data,int p_bytes) {
+
+ ERR_FAIL_COND_V(!connected,ERR_UNCONFIGURED);
+
+ while(p_bytes>0) {
+ int ret = SSL_write(ssl,p_data,p_bytes);
+ if (ret<=0) {
+ _print_error(ret);
+ disconnect();
+ return ERR_CONNECTION_ERROR;
+ }
+ p_data+=ret;
+ p_bytes-=ret;
+ }
+
+ return OK;
+
+}
+
+Error StreamPeerOpenSSL::put_partial_data(const uint8_t* p_data,int p_bytes, int &r_sent){
+
+ ERR_FAIL_COND_V(!connected,ERR_UNCONFIGURED);
+ if (p_bytes==0)
+ return OK;
+
+ Error err = put_data(p_data,p_bytes);
+ if (err!=OK)
+ return err;
+
+ r_sent=p_bytes;
+ return OK;
+
+}
+
+Error StreamPeerOpenSSL::get_data(uint8_t* p_buffer, int p_bytes){
+
+ ERR_FAIL_COND_V(!connected,ERR_UNCONFIGURED);
+
+ while(p_bytes>0) {
+
+ int ret = SSL_read(ssl,p_buffer,p_bytes);
+ if (ret<=0) {
+ _print_error(ret);
+ disconnect();
+ return ERR_CONNECTION_ERROR;
+ }
+ p_buffer+=ret;
+ p_bytes-=ret;
+ }
+
+ return OK;
+}
+
+Error StreamPeerOpenSSL::get_partial_data(uint8_t* p_buffer, int p_bytes,int &r_received){
+
+ ERR_FAIL_COND_V(!connected,ERR_UNCONFIGURED);
+ if (p_bytes==0) {
+ r_received=0;
+ return OK;
+ }
+
+ Error err = get_data(p_buffer,p_bytes);
+ if (err!=OK)
+ return err;
+ r_received=p_bytes;
+ return OK;
+}
+
+int StreamPeerOpenSSL::get_available_bytes() const {
+
+ ERR_FAIL_COND_V(!connected,0);
+
+ return SSL_pending(ssl);
+
+}
+StreamPeerOpenSSL::StreamPeerOpenSSL() {
+
+ ctx=NULL;
+ ssl=NULL;
+ bio=NULL;
+ connected=false;
+ use_blocking=true; //might be improved int the future, but for now it always blocks
+ max_cert_chain_depth=9;
+ flags=0;
+}
+
+void StreamPeerOpenSSL::disconnect() {
+
+ if (!connected)
+ return;
+ SSL_shutdown( ssl );
+ SSL_free( ssl );
+ SSL_CTX_free(ctx);
+ base=Ref<StreamPeer>();
+ connected=false;
+ validate_certs=false;
+ validate_hostname=false;
+ status=STATUS_DISCONNECTED;
+
+
+}
+
+StreamPeerOpenSSL::Status StreamPeerOpenSSL::get_status() const {
+
+ return status;
+}
+
+
+StreamPeerOpenSSL::~StreamPeerOpenSSL() {
+ disconnect();
+}
+
+StreamPeerSSL* StreamPeerOpenSSL::_create_func() {
+
+ return memnew( StreamPeerOpenSSL );
+}
+
+
+Vector<X509*> StreamPeerOpenSSL::certs;
+
+
+void StreamPeerOpenSSL::_load_certs(const ByteArray& p_array) {
+
+ ByteArray::Read r = p_array.read();
+ BIO* mem = BIO_new(BIO_s_mem());
+ BIO_puts(mem,(const char*)r.ptr());
+ while(true) {
+ X509*cert = PEM_read_bio_X509(mem, NULL, 0, NULL);
+ if (!cert)
+ break;
+ certs.push_back(cert);
+ }
+ BIO_free(mem);
+}
+
+void StreamPeerOpenSSL::initialize_ssl() {
+
+ available=true;
+
+ load_certs_func=_load_certs;
+
+ _create=_create_func;
+ CRYPTO_malloc_init(); // Initialize malloc, free, etc for OpenSSL's use
+ SSL_library_init(); // Initialize OpenSSL's SSL libraries
+ SSL_load_error_strings(); // Load SSL error strings
+ ERR_load_BIO_strings(); // Load BIO error strings
+ OpenSSL_add_all_algorithms(); // Load all available encryption algorithms
+ String certs_path =GLOBAL_DEF("ssl/certificates","");
+ Globals::get_singleton()->set_custom_property_info("ssl/certificates",PropertyInfo(Variant::STRING,"ssl/certificates",PROPERTY_HINT_FILE,"*.crt"));
+ if (certs_path!="") {
+
+
+
+ FileAccess *f=FileAccess::open(certs_path,FileAccess::READ);
+ if (f) {
+ ByteArray arr;
+ int flen = f->get_len();
+ arr.resize(flen+1);
+ {
+ ByteArray::Write w = arr.write();
+ f->get_buffer(w.ptr(),flen);
+ w[flen]=0; //end f string
+ }
+
+ memdelete(f);
+
+ _load_certs(arr);
+ print_line("Loaded certs from '"+certs_path+"': "+itos(certs.size()));
+ }
+ }
+ String config_path =GLOBAL_DEF("ssl/config","");
+ Globals::get_singleton()->set_custom_property_info("ssl/config",PropertyInfo(Variant::STRING,"ssl/config",PROPERTY_HINT_FILE,"*.cnf"));
+ if (config_path!="") {
+
+ Vector<uint8_t> data = FileAccess::get_file_as_array(config_path);
+ if (data.size()) {
+ data.push_back(0);
+ BIO* mem = BIO_new(BIO_s_mem());
+ BIO_puts(mem,(const char*) data.ptr());
+
+ while(true) {
+ X509*cert = PEM_read_bio_X509(mem, NULL, 0, NULL);
+ if (!cert)
+ break;
+ certs.push_back(cert);
+ }
+ BIO_free(mem);
+ }
+ print_line("Loaded certs from '"+certs_path+"': "+itos(certs.size()));
+
+ }
+
+}
+
+void StreamPeerOpenSSL::finalize_ssl(){
+
+ for(int i=0;i<certs.size();i++) {
+ X509_free(certs[i]);
+ }
+ certs.clear();
+}
diff --git a/modules/openssl/stream_peer_openssl.h b/modules/openssl/stream_peer_openssl.h
new file mode 100644
index 0000000000..853ede2036
--- /dev/null
+++ b/modules/openssl/stream_peer_openssl.h
@@ -0,0 +1,109 @@
+/*************************************************************************/
+/* stream_peer_openssl.h */
+/*************************************************************************/
+/* This file is part of: */
+/* GODOT ENGINE */
+/* http://www.godotengine.org */
+/*************************************************************************/
+/* Copyright (c) 2007-2016 Juan Linietsky, Ariel Manzur. */
+/* */
+/* Permission is hereby granted, free of charge, to any person obtaining */
+/* a copy of this software and associated documentation files (the */
+/* "Software"), to deal in the Software without restriction, including */
+/* without limitation the rights to use, copy, modify, merge, publish, */
+/* distribute, sublicense, and/or sell copies of the Software, and to */
+/* permit persons to whom the Software is furnished to do so, subject to */
+/* the following conditions: */
+/* */
+/* The above copyright notice and this permission notice shall be */
+/* included in all copies or substantial portions of the Software. */
+/* */
+/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
+/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
+/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
+/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
+/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
+/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
+/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
+/*************************************************************************/
+#ifndef STREAM_PEER_OPEN_SSL_H
+#define STREAM_PEER_OPEN_SSL_H
+
+#include <stdio.h> // If you don't know what this is for stop reading now.
+#include "io/stream_peer_ssl.h"
+#include "globals.h"
+#include "os/file_access.h"
+#include "curl_hostcheck.h"
+
+#include <openssl/bio.h> // BIO objects for I/O
+#include <openssl/ssl.h> // SSL and SSL_CTX for SSL connections
+#include <openssl/err.h> // Error reporting
+#include <openssl/x509v3.h>
+
+class StreamPeerOpenSSL : public StreamPeerSSL {
+private:
+ static int _bio_create( BIO *b );
+ static int _bio_destroy( BIO *b );
+ static int _bio_read( BIO *b, char *buf, int len );
+ static int _bio_write( BIO *b, const char *buf, int len );
+ static long _bio_ctrl( BIO *b, int cmd, long num, void *ptr );
+ static int _bio_gets( BIO *b, char *buf, int len );
+ static int _bio_puts( BIO *b, const char *str );
+
+ static BIO_METHOD _bio_method;
+
+ static bool _match_host_name(const char *name, const char *hostname);
+ static Error _match_common_name(const char *hostname, const X509 *server_cert);
+ static Error _match_subject_alternative_name(const char *hostname, const X509 *server_cert);
+
+
+ static int _cert_verify_callback(X509_STORE_CTX *x509_ctx, void *arg);
+
+
+ Status status;
+ String hostname;
+ int max_cert_chain_depth;
+ SSL_CTX* ctx;
+ SSL* ssl;
+ BIO* bio;
+ bool connected;
+ int flags;
+ bool use_blocking;
+ bool validate_certs;
+ bool validate_hostname;
+
+ Ref<StreamPeer> base;
+
+ static StreamPeerSSL* _create_func();
+ void _print_error(int err);
+
+ static Vector<X509*> certs;
+
+ static void _load_certs(const ByteArray& p_array);
+protected:
+ static void _bind_methods();
+public:
+
+
+ virtual Error accept(Ref<StreamPeer> p_base);
+ virtual Error connect(Ref<StreamPeer> p_base,bool p_validate_certs=false,const String& p_for_hostname=String());
+ virtual Status get_status() const;
+
+ virtual void disconnect();
+
+ virtual Error put_data(const uint8_t* p_data,int p_bytes);
+ virtual Error put_partial_data(const uint8_t* p_data,int p_bytes, int &r_sent);
+
+ virtual Error get_data(uint8_t* p_buffer, int p_bytes);
+ virtual Error get_partial_data(uint8_t* p_buffer, int p_bytes,int &r_received);
+
+ virtual int get_available_bytes() const;
+
+ static void initialize_ssl();
+ static void finalize_ssl();
+
+ StreamPeerOpenSSL();
+ ~StreamPeerOpenSSL();
+};
+
+#endif // STREAM_PEER_SSL_H