First the parameter Certificate_Required has been renamed Check_Certificate
to better describe the actual semantic.
The default is now to verify the certificate and the host. Both
default values in AWS.Default (Check_Certificate & Check_Host) have
been set to true. This means that the call in AWS.Client (Get, Post,
Head, Put, Delete, Upload and SOAP_Post) are safe and will always
check for certificate and host. To disable those checks one need
to create a connection and setup the SSL configuration with options
disabled:
WS : Server.HTTP;
SSL : Net.SSL.Config;
Net.SSL.Initialize
(SSL,
Security_Mode => Net.SSL.TLS_Server,
Server_Certificate => "aws-server.crt",
Server_Key => "aws-server.key",
Check_Certificate => False);
Server.Set_SSL_Config (WS, SSL);
For the client side it is also possible to disable the host check,
and so not detecting man-in-the-middle kind of attacks, so hightly
discouraged:
Net.SSL.Initialize
(SSL,
Security_Mode => Net.SSL.TLS_Client,
Client_Certificate => "cert.pem",
Check_Certificate => False,
Check_Host => False);
The configuration API has been updated to support those two new parameters.
TN: eng/toolchain/aws#31
* regtests/0024_tcom/tcom.adb
regtests/0062_smtp_2/smtp_2.adb
regtests/0116_test_hotplug/test_hotplug.adb
regtests/0128_test_soap_hotplug/test_soap_hotplug.adb:
Use zero port instead of Get_Free_Port.
* regtests/common/get_free_port.adb:
Source file removed.
* src/extended/aws-communication-server.ad[sb]
(Start): Port parameter is Natural now to be able to set zero.
(Port): New routine.
* src/extended/aws-server-hotplug.ad[sb] (Activate):
Access parameter Bound_Port to get bound port on activation.
* src/extended/aws-smtp.ad[sb] (Initialize):
Port parameter is Natural to be able to put zero value.
* src/extended/aws-smtp-server.ad[sb] (Port):
New routine to get mail server bound port.
