B{Abstract,Datagram,Secure}Socket:
- Add functionality to listen for and accept new connections, thus allowing
one to use the socket classes for server functionality as well.
BSecureSocket:
- Adjust to take into account differences between how SSL needs to be called
when accepting an incoming connection vs initiating an outbound one.
The handshake on the accepted connection stills fails for unknown reasons
at the moment though.
Note that these changes break the ABI, and thus any packages making use of
them directly will need a rebuild.
* When using a proxy, HTTPS connexion must still go directly to the
target website. The proxy can then act as a TCP stream relay and just
transmit the raw SSL stream between the client and website.
* For this, we ask the proxy sending an HTTP request with the CONNECT
method. If the proxy supports this, we can then send anything as the
payload and it will be forwarded.
* Untested, as the network here in Dusseldorf doesn't let me use a
proxy.
ticket : #10973
* Make it possible to extract more useful data from the certificate
* Also get the OpenSSL error message when a certificate can't be
validated. Send it to the verification failure callback so it can be
shown to the user.
* BSecureSocket::CertificateVerificationFailed() took a BCertificate
instance by value as parameter.
BCertificate deletes internal data in its destructor. Passing an
object by value creates a copy, so the copy attempted to delete
the internal data again during its destruction.
This caused mail_daemon to crash here when it came across a failed
certificate.
* Fix: pass BCertificate object as reference.
* Instead of creating an OpenSSL context ofor each socket, use a global
one and initialize it lazily when the first SecureSocket is created
* Load the certificates from our certificate list so SSL certificates
sent by servers can be validated.
* Add a callback for signalling that certificate validation failed, the
default implementation proceeds with the connection anyway (to keep the
old behavior).
* Introduce BCertificate class, that provides some information about a
certificate. Currently it's only used by the callback mentionned above,
but it will be possible to get the leaf certificate for the connection
after it's established.
Review of the API and implementation is welcome, before I start making
use of this in HttpRequest and WebKit to allow the user to accept new
certificates.
* Each class has a Socket() method to retrieve the underlaying file descriptor
to be able to do the more advanced stuff, if necessary.
* A server socket is yet missing, but the rest is pretty much covered.
