diff options
Diffstat (limited to 'lib/wrappers/openssl.nim')
| -rw-r--r-- | lib/wrappers/openssl.nim | 46 |
1 files changed, 42 insertions, 4 deletions
diff --git a/lib/wrappers/openssl.nim b/lib/wrappers/openssl.nim index 29fe3a921..03729dbab 100644 --- a/lib/wrappers/openssl.nim +++ b/lib/wrappers/openssl.nim @@ -50,7 +50,7 @@ when useWinVersion: from winlean import SocketHandle else: const - versions = "(.10|.1.0.1|.1.0.0|.0.9.9|.0.9.8|.0.9.7|.0.9.6|.0.9.5|.0.9.4)" + versions = "(.10|.1.0.1|.1.0.0|.0.9.9|.0.9.8)" when defined(macosx): const DLLSSLName = "libssl" & versions & ".dylib" @@ -141,6 +141,14 @@ const SSL_CTRL_GET_MAX_CERT_LIST* = 50 SSL_CTRL_SET_MAX_CERT_LIST* = 51 #* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success # * when just a single record has been written): * + SSL_CTRL_SET_TLSEXT_SERVERNAME_CB = 53 + SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG = 54 + SSL_CTRL_SET_TLSEXT_HOSTNAME = 55 + TLSEXT_NAMETYPE_host_name* = 0 + SSL_TLSEXT_ERR_OK* = 0 + SSL_TLSEXT_ERR_ALERT_WARNING* = 1 + SSL_TLSEXT_ERR_ALERT_FATAL* = 2 + SSL_TLSEXT_ERR_NOACK* = 3 SSL_MODE_ENABLE_PARTIAL_WRITE* = 1 #* Make it possible to retry SSL_write() with changed buffer location # * (buffer contents must stay the same!); this is not the default to avoid # * the misconception that non-blocking SSL_write() behaves like @@ -290,15 +298,47 @@ when not useWinVersion: if p != nil: dealloc(p) proc CRYPTO_malloc_init*() = - when not useWinVersion: + when not useWinVersion and not defined(macosx): CRYPTO_set_mem_functions(allocWrapper, reallocWrapper, deallocWrapper) proc SSL_CTX_ctrl*(ctx: SslCtx, cmd: cInt, larg: int, parg: pointer): int{. cdecl, dynlib: DLLSSLName, importc.} +proc SSL_CTX_callback_ctrl(ctx: SslCtx, typ: cInt, fp: PFunction): int{. + cdecl, dynlib: DLLSSLName, importc.} + proc SSLCTXSetMode*(ctx: SslCtx, mode: int): int = result = SSL_CTX_ctrl(ctx, SSL_CTRL_MODE, mode, nil) +proc SSL_ctrl*(ssl: SslPtr, cmd: cInt, larg: int, parg: pointer): int{. + cdecl, dynlib: DLLSSLName, importc.} + +proc SSL_set_tlsext_host_name*(ssl: SslPtr, name: cstring): int = + result = SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, name) + ## Set the SNI server name extension to be used in a client hello. + ## Returns 1 if SNI was set, 0 if current SSL configuration doesn't support SNI. + + +proc SSL_get_servername*(ssl: SslPtr, typ: cInt = TLSEXT_NAMETYPE_host_name): cstring {.cdecl, dynlib: DLLSSLName, importc.} + ## Retrieve the server name requested in the client hello. This can be used + ## in the callback set in `SSL_CTX_set_tlsext_servername_callback` to + ## implement virtual hosting. May return `nil`. + +proc SSL_CTX_set_tlsext_servername_callback*(ctx: SslCtx, cb: proc(ssl: SslPtr, cb_id: int, arg: pointer): int {.cdecl.}): int = + ## Set the callback to be used on listening SSL connections when the client hello is received. + ## + ## The callback should return one of: + ## * SSL_TLSEXT_ERR_OK + ## * SSL_TLSEXT_ERR_ALERT_WARNING + ## * SSL_TLSEXT_ERR_ALERT_FATAL + ## * SSL_TLSEXT_ERR_NOACK + result = SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_CB, cast[PFunction](cb)) + +proc SSL_CTX_set_tlsext_servername_arg*(ctx: SslCtx, arg: pointer): int = + ## Set the pointer to be used in the callback registered to ``SSL_CTX_set_tlsext_servername_callback``. + result = SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG, 0, arg) + + proc bioNew*(b: PBIO_METHOD): BIO{.cdecl, dynlib: DLLUtilName, importc: "BIO_new".} proc bioFreeAll*(b: BIO){.cdecl, dynlib: DLLUtilName, importc: "BIO_free_all".} proc bioSMem*(): PBIO_METHOD{.cdecl, dynlib: DLLUtilName, importc: "BIO_s_mem".} @@ -341,8 +381,6 @@ else: dynlib: DLLSSLName, importc.} proc SslSetFd*(s: PSSL, fd: cInt): cInt{.cdecl, dynlib: DLLSSLName, importc.} - proc SslCtrl*(ssl: PSSL, cmd: cInt, larg: int, parg: Pointer): int{.cdecl, - dynlib: DLLSSLName, importc.} proc SslCTXCtrl*(ctx: PSSL_CTX, cmd: cInt, larg: int, parg: Pointer): int{. cdecl, dynlib: DLLSSLName, importc.} |