adapt ncurl and stream PEM file interface

Author: shikokuchuo

NEWS.md

@@ -3,7 +3,7 @@
 #### New Features
 
 * Implements `sha224()`, `sha256()`, `sha384()` and `sha512()` series of fast, optimised cryptographic hash and HMAC generation functions using the 'Mbed TLS' library.
-* `ncurl()` and `stream()` gain the argmument 'ca_file' for optionally specifying a certificate authority certificate chain file when connecting to secure sites.
+* `ncurl()` and `stream()` gain the argmument 'pem' for optionally specifying a certificate authority certificate chain PEM file for authenticating secure sites.
 * `ncurl()` now returns an additional `$status` field.
 * `messenger()` gains the argument 'auth' for authenticating communications based on a pre-shared key.
 * `random()` gains the argument 'n' for generating a vector of random numbers.

R/ncurl.R

@@ -29,10 +29,10 @@
 #'     HTTP request headers e.g. \code{list(`Content-Type` = "text/plain")} or
 #'     \code{c(Authorization = "Bearer APIKEY")}.
 #' @param data (optional) the request data to be submitted.
-#' @param ca_file (optional) applicable to secure HTTPS sites only. The path to
-#'     a file containing X.509 certificate(s) in PEM format, comprising the
-#'     certificate authority certificate chain. If missing or NULL, certificates
-#'     are not validated.
+#' @param pem (optional) applicable to secure HTTPS sites only. The path to a
+#'     file containing X.509 certificate(s) in PEM format, comprising the
+#'     certificate authority certificate chain (and revocation list if present).
+#'     If missing or NULL, certificates are not validated.
 #'
 #' @return Named list of 3 elements:
 #'     \itemize{
@@ -70,13 +70,13 @@ ncurl <- function(url,
                   method = NULL,
                   headers = NULL,
                   data = NULL,
-                  ca_file = NULL) {
+                  pem = NULL) {
 
   data <- if (!missing(data)) writeBin(object = data, con = raw())
 
   if (async) {
 
-    aio <- .Call(rnng_ncurl_aio, url, method, headers, data, ca_file)
+    aio <- .Call(rnng_ncurl_aio, url, method, headers, data, pem)
     is.integer(aio) && return(aio)
 
     convert <- missing(convert) || isTRUE(convert)
@@ -136,7 +136,7 @@ ncurl <- function(url,
 
   } else {
 
-    res <- .Call(rnng_ncurl, url, convert, method, headers, data, ca_file)
+    res <- .Call(rnng_ncurl, url, convert, method, headers, data, pem)
 
     is.integer(res) && return(res)
     is.character(res) && {

R/stream.R

@@ -31,10 +31,10 @@
 #'     (not all transports are supported).
 #' @param textframes [default FALSE] applicable to the websocket transport only,
 #'     enables sending and receiving of TEXT frames (ignored otherwise).
-#' @param ca_file (optional) applicable to secure websockets only. The path to a
+#' @param pem (optional) applicable to secure websockets only. The path to a
 #'     file containing X.509 certificate(s) in PEM format, comprising the
-#'     certificate authority certificate chain. If missing or NULL, certificates
-#'     are not validated.
+#'     certificate authority certificate chain (and revocation list if present).
+#'     If missing or NULL, certificates are not validated.
 #'
 #' @return A Stream (object of class 'nanoStream' and 'nano').
 #'
@@ -54,16 +54,16 @@
 #'
 #' @export
 #'
-stream <- function(dial = NULL, listen = NULL, textframes = FALSE, ca_file = NULL) {
+stream <- function(dial = NULL, listen = NULL, textframes = FALSE, pem = NULL) {
 
   if (missing(dial)) {
     if (missing(listen)) {
       stop("specify a URL for either 'dial' or 'listen'")
     } else {
-      .Call(rnng_stream_listen, listen, textframes, ca_file)
+      .Call(rnng_stream_listen, listen, textframes, pem)
     }
   } else {
-    .Call(rnng_stream_dial, dial, textframes, ca_file)
+    .Call(rnng_stream_dial, dial, textframes, pem)
   }
 
 }

man/ncurl.Rd

@@ -542,7 +542,7 @@ SEXP rnng_stream_send_aio(SEXP stream, SEXP data, SEXP timeout) {
 
 // ncurl aio -------------------------------------------------------------------
 
-SEXP rnng_ncurl_aio(SEXP http, SEXP method, SEXP headers, SEXP data, SEXP ca_file) {
+SEXP rnng_ncurl_aio(SEXP http, SEXP method, SEXP headers, SEXP data, SEXP pem) {
 
   const char *httr = CHAR(STRING_ELT(http, 0));
   nano_aio *haio = R_Calloc(1, nano_aio);
@@ -674,7 +674,7 @@ SEXP rnng_ncurl_aio(SEXP http, SEXP method, SEXP headers, SEXP data, SEXP ca_fil
       R_Free(haio);
       return mk_error(xc);
     }
-    if (ca_file == R_NilValue) {
+    if (pem == R_NilValue) {
       if ((xc = nng_tls_config_server_name(handle->cfg, handle->url->u_hostname)) ||
           (xc = nng_tls_config_auth_mode(handle->cfg, NNG_TLS_AUTH_MODE_NONE)) ||
           (xc = nng_http_client_set_tls(handle->cli, handle->cfg))) {
@@ -690,7 +690,7 @@ SEXP rnng_ncurl_aio(SEXP http, SEXP method, SEXP headers, SEXP data, SEXP ca_fil
       }
     } else {
       if ((xc = nng_tls_config_server_name(handle->cfg, handle->url->u_hostname)) ||
-          (xc = nng_tls_config_ca_file(handle->cfg, CHAR(STRING_ELT(ca_file, 0)))) ||
+          (xc = nng_tls_config_ca_file(handle->cfg, CHAR(STRING_ELT(pem, 0)))) ||
           (xc = nng_tls_config_auth_mode(handle->cfg, NNG_TLS_AUTH_MODE_REQUIRED)) ||
           (xc = nng_http_client_set_tls(handle->cli, handle->cfg))) {
         nng_tls_config_free(handle->cfg);

man/stream.Rd

@@ -748,7 +748,6 @@ SEXP rnng_listener_close(SEXP listener) {
 }
 
 // send and recv ---------------------------------------------------------------
-// nng flags: bitmask of NNG_FLAG_ALLOC = 1u + NNG_FLAG_NONBLOCK = 2u
 
 SEXP rnng_send(SEXP socket, SEXP data, SEXP block, SEXP echo) {
 

src/aio.c

@@ -117,7 +117,7 @@ SEXP rnng_random(SEXP n) {
 
 // ncurl - minimalist http client ----------------------------------------------
 
-SEXP rnng_ncurl(SEXP http, SEXP convert, SEXP method, SEXP headers, SEXP data, SEXP ca_file) {
+SEXP rnng_ncurl(SEXP http, SEXP convert, SEXP method, SEXP headers, SEXP data, SEXP pem) {
 
   nng_url *url;
   nng_http_client *client;
@@ -222,7 +222,7 @@ SEXP rnng_ncurl(SEXP http, SEXP convert, SEXP method, SEXP headers, SEXP data, S
       return mk_error(xc);
     }
 
-    if (ca_file == R_NilValue) {
+    if (pem == R_NilValue) {
       if ((xc = nng_tls_config_server_name(cfg, url->u_hostname)) ||
           (xc = nng_tls_config_auth_mode(cfg, NNG_TLS_AUTH_MODE_NONE)) ||
           (xc = nng_http_client_set_tls(client, cfg))) {
@@ -236,7 +236,7 @@ SEXP rnng_ncurl(SEXP http, SEXP convert, SEXP method, SEXP headers, SEXP data, S
       }
     } else {
       if ((xc = nng_tls_config_server_name(cfg, url->u_hostname)) ||
-          (xc = nng_tls_config_ca_file(cfg, CHAR(STRING_ELT(ca_file, 0)))) ||
+          (xc = nng_tls_config_ca_file(cfg, CHAR(STRING_ELT(pem, 0)))) ||
           (xc = nng_tls_config_auth_mode(cfg, NNG_TLS_AUTH_MODE_REQUIRED)) ||
           (xc = nng_http_client_set_tls(client, cfg))) {
         nng_tls_config_free(cfg);
@@ -320,7 +320,7 @@ SEXP rnng_ncurl(SEXP http, SEXP convert, SEXP method, SEXP headers, SEXP data, S
 
 // streams ---------------------------------------------------------------------
 
-SEXP rnng_stream_dial(SEXP url, SEXP textframes, SEXP ca_file) {
+SEXP rnng_stream_dial(SEXP url, SEXP textframes, SEXP pem) {
 
   const char *add = CHAR(STRING_ELT(url, 0));
   const int mod = LOGICAL(textframes)[0];
@@ -360,7 +360,7 @@ SEXP rnng_stream_dial(SEXP url, SEXP textframes, SEXP ca_file) {
       return mk_error(xc);
     }
 
-    if (ca_file == R_NilValue) {
+    if (pem == R_NilValue) {
       if ((xc = nng_tls_config_server_name(cfg, up->u_hostname)) ||
           (xc = nng_tls_config_auth_mode(cfg, NNG_TLS_AUTH_MODE_NONE)) ||
           (xc = nng_stream_dialer_set_ptr(dp, NNG_OPT_TLS_CONFIG, cfg))) {
@@ -371,7 +371,7 @@ SEXP rnng_stream_dial(SEXP url, SEXP textframes, SEXP ca_file) {
       }
     } else {
       if ((xc = nng_tls_config_server_name(cfg, up->u_hostname)) ||
-          (xc = nng_tls_config_ca_file(cfg, CHAR(STRING_ELT(ca_file, 0)))) ||
+          (xc = nng_tls_config_ca_file(cfg, CHAR(STRING_ELT(pem, 0)))) ||
           (xc = nng_tls_config_auth_mode(cfg, NNG_TLS_AUTH_MODE_REQUIRED)) ||
           (xc = nng_stream_dialer_set_ptr(dp, NNG_OPT_TLS_CONFIG, cfg))) {
         nng_tls_config_free(cfg);
@@ -429,7 +429,7 @@ SEXP rnng_stream_dial(SEXP url, SEXP textframes, SEXP ca_file) {
 
 }
 
-SEXP rnng_stream_listen(SEXP url, SEXP textframes, SEXP ca_file) {
+SEXP rnng_stream_listen(SEXP url, SEXP textframes, SEXP pem) {
 
   const char *add = CHAR(STRING_ELT(url, 0));
   const int mod = LOGICAL(textframes)[0];
@@ -468,7 +468,7 @@ SEXP rnng_stream_listen(SEXP url, SEXP textframes, SEXP ca_file) {
       nng_url_free(up);
       return mk_error(xc);
     }
-    if (ca_file == R_NilValue) {
+    if (pem == R_NilValue) {
       if ((xc = nng_tls_config_server_name(cfg, up->u_hostname)) ||
           (xc = nng_tls_config_auth_mode(cfg, NNG_TLS_AUTH_MODE_NONE)) ||
           (xc = nng_stream_listener_set_ptr(lp, "tls-config", cfg))) {
@@ -479,7 +479,7 @@ SEXP rnng_stream_listen(SEXP url, SEXP textframes, SEXP ca_file) {
       }
     } else {
       if ((xc = nng_tls_config_server_name(cfg, up->u_hostname)) ||
-          (xc = nng_tls_config_ca_file(cfg, CHAR(STRING_ELT(ca_file, 0)))) ||
+          (xc = nng_tls_config_ca_file(cfg, CHAR(STRING_ELT(pem, 0)))) ||
           (xc = nng_tls_config_auth_mode(cfg, NNG_TLS_AUTH_MODE_REQUIRED)) ||
           (xc = nng_stream_listener_set_ptr(lp, "tls-config", cfg))) {
         nng_tls_config_free(cfg);