A resource for communication using TLS protocol.

Needs review from someone who knows TLS protocol and SSLEngine better than me.

secure

Available since version 1.0 (view source)

not referred automatically

Usage:
  • (secure x & {:as opts})

Type signature:
  • ((U String+ Uri (I IOpenAware IReadable IWritable)) ⨯ Any) → IAcquirableFactory

Returns TLS resource factory with given open non-blocking selectable transport resource x, or uri of one, and opts set.

Passable thread local in non-blocking mode, otherwise thread safe except for multiple concurrent reads (or writes).

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
(ns foo.bar
  (:api dunaj)
  (:require [dunaj.concurrent.thread :refer [sleep]]
            [dunaj.resource.tcp :refer [tcp finish-connect!]]
            [dunaj.resource.selector :refer [selector register!]]
            [dunaj.resource.secure :refer [secure]]))

;; non-blocking
(with-io-scope
  (let [uri "tcp://gotofail.com:443"
        c (acquire! (tcp uri :non-blocking? true))
        s (acquire! (secure c))
        gm "GET / HTTP/1.0\r\nFrom: example@example.com\r\nUser-Agent: Mozilla/5.0 Gecko/20100101 Firefox/36.0\r\n\r\n"
        sel (acquire! (selector))]
    (register! sel c [:connect])
    (select sel)
    (finish-connect! c)
    (pass! s nil)
    (println! "writing" (write! s (print utf-8 gm)))
    (register! sel c [:read])
    (thread
     (io!
      (try
        (let [rf #(println! "got" (str (take 350 (parse utf-8 %2))))]
          (loop [r (reduce-batched nil nil rf nil (read! s))]
            (println! ".")
            (when (postponed? r)
              (select sel 500)
              (recur (unsafe-advance! r))))
          (println! "EOF"))
        (catch java.lang.Exception e (println! "R exception:" e)))))
    (sleep 5000)))
;; writing #<Postponed@16c42c7c: 98>
;; .
;; .
;; .
;; .
;; .
;; .
;; .
;; .
;; .
;; got back HTTP/1.1 200 OK
;; Server: nginx/1.4.6 (Ubuntu)
;; Date: Mon, 08 Dec 2014 21:39:51 GMT
;; Content-Type: text/html
;; Content-Length: 8618
;; Last-Modified: Mon, 20 Oct 2014 20:06:13 GMT
;; Connection: close
;; ETag: "54456b35-21ab"
;; Accept-Ranges: bytes
;;
;; <!DOCTYPE html>
;; <html><head><meta charset=utf-8><title>goto fail;</title>
;; <link rel="icon" href="data:";base
;; .
;; EOF
;;=> nil
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
;; blocking
(with-io-scope
  (let [s (acquire! (resource "tcps://gotofail.com:443/"
                              :ignore-missing-close? true
                              :non-blocking? false))
        gm "GET / HTTP/1.0\r\nFrom: example@example.com\r\nUser-Agent: Mozilla/5.0 Gecko/20100101 Firefox/36.0\r\n\r\n"]
    (println! "writing" (write! s (print utf-8 gm)))
    (let [rf #(println! "got" (str (take 350 (parse utf-8 %2))))]
      (reduce-batched nil nil rf nil (read! s))
      (println! "EOF"))))
;; writing 98
;; got HTTP/1.1 200 OK
;; Server: nginx/1.4.6 (Ubuntu)
;; Date: Mon, 08 Dec 2014 22:03:09 GMT
;; Content-Type: text/html
;; Content-Length: 8618
;; Last-Modified: Mon, 20 Oct 2014 20:06:13 GMT
;; Connection: close
;; ETag: "54456b35-21ab"
;; Accept-Ranges: bytes
;;
;; <!DOCTYPE html>
;; <html><head><meta charset=utf-8><title>goto fail;</title>
;; <link rel="icon" href="data:;base
;; EOF
;;=> nil

See also: secure-factory

secure-factory

Available since version 1.0 (view source)

not referred automatically

VAR of type IAcquirableFactory

TLS resource factory. Passable thread local in non-blocking mode, otherwise thread safe except for multiple concurrent reads (or writes). Current options are:

  • :transport - transport resource, must be set with open non-blocking selectable resource.

  • :ssl-context - nil or host specific SSL context

  • :remote-address - string, remote address

  • :remote-port - integer, remote port

  • :client? - boolean, default true, client mode?

  • :session-creation? - boolean, default true, enable new session creation?

  • :client-auth - nil, :want, :need - client auth

  • :cipher-suites - collection of strings - allowed cipher suites

  • :protocols - collection of strings - allowed protocols

  • :session-cache-size - nil or integer, session cache size

  • :session-timeout - nil or integer, session timeout in seconds

  • :ignore-missing-close? - boolean, default false - ignore missing close handshake?

  • :executor - executor for running delegated tasks

  • :executor-fn - onbe arg fn that takes SSLEngine and runs all delegated tasks

  • :direct-buffers? - boolean, default true, use direct internal buffers?

  • :non-blocking? - boolean, default true, open in non-blocking mode?

See also: secure