diff options
| author | metagn <metagngn@gmail.com> | 2022-09-14 21:14:58 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-09-14 14:14:58 -0400 |
| commit | 79afee868d784eb90972deb3ea89c96702585968 (patch) | |
| tree | 65724d3c2ceb13ee5e4cf53a40028b7741da7c4b /lib | |
| parent | a73ae3e066caecb7a891de87cf7c004805f96ff0 (diff) | |
| download | Nim-79afee868d784eb90972deb3ea89c96702585968.tar.gz | |
partial revert and redesign of #19814, changelog (#20341)
* conservative partial revert of #19814 * fix * revert tssl * revert azure CI change * keep azure, revert version range * fully revert CI, add changelog * useOpenssl3 as separate define, .3 is a version
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pure/net.nim | 6 | ||||
| -rw-r--r-- | lib/wrappers/openssl.nim | 31 |
2 files changed, 32 insertions, 5 deletions
diff --git a/lib/pure/net.nim b/lib/pure/net.nim index 73a085220..9ed73e723 100644 --- a/lib/pure/net.nim +++ b/lib/pure/net.nim @@ -544,6 +544,12 @@ proc fromSockAddr*(sa: Sockaddr_storage | SockAddr | Sockaddr_in | Sockaddr_in6, when defineSsl: # OpenSSL >= 1.1.0 does not need explicit init. + when not useOpenssl3: + CRYPTO_malloc_init() + doAssert SslLibraryInit() == 1 + SSL_load_error_strings() + ERR_load_BIO_strings() + OpenSSL_add_all_algorithms() proc sslHandle*(self: Socket): SslPtr = ## Retrieve the ssl pointer of `socket`. diff --git a/lib/wrappers/openssl.nim b/lib/wrappers/openssl.nim index d86001c5e..e049ac9d2 100644 --- a/lib/wrappers/openssl.nim +++ b/lib/wrappers/openssl.nim @@ -10,7 +10,7 @@ ## OpenSSL wrapper. Supports OpenSSL >= 1.1.0 dynamically (as default) or statically linked ## using `--dynlibOverride:ssl`. ## -## To use openSSL 3 set the symbol: -d:sslVersion=3 +## To use openSSL 3, either set `-d:sslVersion=3` or `-d:useOpenssl3`. ## ## Build and test examples: ## @@ -37,6 +37,7 @@ const useWinVersion = defined(windows) or defined(nimdoc) # Having two different openSSL loaded version causes a crash. # Use this compile time define to force the openSSL version that your other dynamic libraries want. const sslVersion {.strdefine.}: string = "" +const useOpenssl3* {.booldefine.} = sslVersion.startsWith('3') when sslVersion != "": when defined(macosx): const @@ -75,7 +76,11 @@ elif useWinVersion: from winlean import SocketHandle else: - const versions = "(.1.1|.48|.47|.46|.45|.44|.43|.41|.39|.38|.10|)" + # same list of versions but ordered differently? + when defined(osx): + const versions = "(.3|.1.1|.38|.39|.41|.43|.44|.45|.46|.47|.48|.10|.1.0.2|.1.0.1|.1.0.0|.0.9.9|.0.9.8|)" + else: + const versions = "(.3|.1.1|.1.0.2|.1.0.1|.1.0.0|.0.9.9|.0.9.8|.48|.47|.46|.45|.44|.43|.41|.39|.38|.10|)" when defined(macosx): const @@ -270,6 +275,11 @@ proc TLSv1_method*(): PSSL_METHOD{.cdecl, dynlib: DLLSSLName, importc.} when compileOption("dynlibOverride", "ssl"): # Static linking + when not useOpenssl3: + proc OPENSSL_init_ssl*(opts: uint64, settings: uint8): cint {.cdecl, dynlib: DLLSSLName, importc, discardable.} + proc SSL_library_init*(): cint {.discardable.} = + ## Initialize SSL using OPENSSL_init_ssl for OpenSSL >= 1.1.0 + return OPENSSL_init_ssl(0.uint64, 0.uint8) proc TLS_method*(): PSSL_METHOD {.cdecl, dynlib: DLLSSLName, importc.} @@ -354,6 +364,18 @@ else: let method2Proc = cast[proc(): PSSL_METHOD {.cdecl, gcsafe, raises: [].}](methodSym) return method2Proc() + when not useOpenssl3: + proc SSL_library_init*(): cint {.discardable.} = + ## Initialize SSL using OPENSSL_init_ssl for OpenSSL >= 1.1.0 otherwise + ## SSL_library_init + let newInitSym = sslSymNullable("OPENSSL_init_ssl") + if not newInitSym.isNil: + let newInitProc = + cast[proc(opts: uint64, settings: uint8): cint {.cdecl.}](newInitSym) + return newInitProc(0, 0) + let olderProc = cast[proc(): cint {.cdecl.}](sslSymThrows("SSL_library_init")) + if not olderProc.isNil: result = olderProc() + proc SSL_load_error_strings*() = # TODO: Are we ignoring this on purpose? SSL GitHub CI fails otherwise. let theProc = cast[proc() {.cdecl.}](sslSymNullable("SSL_load_error_strings")) @@ -398,8 +420,7 @@ else: theProc = cast[typeof(theProc)](sslSymThrows("SSL_CTX_set_ciphersuites")) theProc(ctx, str) - -proc OPENSSL_init_ssl*(opts: uint64, settings: uint8): cint {.cdecl, dynlib: DLLSSLName, importc.} +proc ERR_load_BIO_strings*(){.cdecl, dynlib: DLLUtilName, importc.} proc TLS_client_method*(): PSSL_METHOD {.cdecl, dynlib: DLLSSLName, importc.} @@ -768,7 +789,7 @@ when not defined(nimDisableCertificateValidation) and not defined(windows): # proc SSL_get_peer_certificate*(ssl: SslCtx): PX509 = # loadPSSLMethod("SSL_get_peer_certificate", "SSL_get1_peer_certificate") - when sslVersion.startsWith('3'): + when useOpenssl3: proc SSL_get1_peer_certificate*(ssl: SslCtx): PX509 {.cdecl, dynlib: DLLSSLName, importc.} proc SSL_get_peer_certificate*(ssl: SslCtx): PX509 = SSL_get1_peer_certificate(ssl) |