openssl egg on openbsd added by semarie on Mon Nov 26 16:40:19 2018

;;;
;;; install server-connector for OpenBSD (use "/etc/ssl/cert.pem")
;;;
(define (register-server-connector/openbsd!)
  ;; create a ssl-context
  ;; - only TLS v1.2
  ;; - ask SSL verification of server certificate
  ;; - use "/etc/ssl/cert.pem" for validate server certificate
  (define (make-ssl-context/openbsd)
    (let ((ssl-ctx (ssl-make-client-context 'tlsv12)))
      (ssl-load-suggested-certificate-authorities! ssl-ctx "/etc/ssl/cert.pem")
      (ssl-load-verify-root-certificates! ssl-ctx "/etc/ssl/cert.pem")
      (ssl-set-verify! ssl-ctx #t)

      ssl-ctx))

  ;; register server-connector parameter
  (server-connector
   (lambda (uri proxy)
     (let ((remote-end (or proxy uri)))
       (if (eq? 'https (uri-scheme remote-end))
           ;; only use ssl-connect for HTTPS connections
           (ssl-connect (uri-host remote-end)
                        (uri-port remote-end)
                        (make-ssl-context/openbsd)
                        (uri-host remote-end))
           ;; use http-client's default otherwise
           (default-server-connector uri proxy))))))

(register-server-connector/openbsd!)
[ permalink | raw ]