First the parameter Certificate_Required has been renamed Check_Certificate
to better describe the actual semantic.
The default is now to verify the certificate and the host. Both
default values in AWS.Default (Check_Certificate & Check_Host) have
been set to true. This means that the call in AWS.Client (Get, Post,
Head, Put, Delete, Upload and SOAP_Post) are safe and will always
check for certificate and host. To disable those checks one need
to create a connection and setup the SSL configuration with options
disabled:
WS : Server.HTTP;
SSL : Net.SSL.Config;
Net.SSL.Initialize
(SSL,
Security_Mode => Net.SSL.TLS_Server,
Server_Certificate => "aws-server.crt",
Server_Key => "aws-server.key",
Check_Certificate => False);
Server.Set_SSL_Config (WS, SSL);
For the client side it is also possible to disable the host check,
and so not detecting man-in-the-middle kind of attacks, so hightly
discouraged:
Net.SSL.Initialize
(SSL,
Security_Mode => Net.SSL.TLS_Client,
Client_Certificate => "cert.pem",
Check_Certificate => False,
Check_Host => False);
The configuration API has been updated to support those two new parameters.
TN: eng/toolchain/aws#31
It is now possible to use a signed key file with AWS. In this case
a pass-phrase is requested to be able to start the HTTPS
session. This pass-phrase can be handed over to the server using
the Set_Password_Callback in AWS.Net.SSL.Certificate.
The HTTPS demo has been enhanced to demonstrate this.
Add corresponding regression test.
For 0202-018.
When the priority string is empty it is set depending on the
protocol version set in Security_Mode. This allows better
compatibility with the OpenSSL mode.
Motivated by O202-018.
