| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
| |
Co-authored-by: Iced Quinn <icedquinn@iceworks.cc>
|
| | |
|
| |
|
| |
Signed-off-by: Dankr4d <dude569@freenet.de>
|
| |
|
| |
Co-authored-by: Timothee Cour <timothee.cour2@gmail.com>
|
| |
|
|
|
|
| |
* Fix small leak in checkCertName
* Size is not needed either
* Free the certificate after checking
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* add simpler to use readChars overload
* use new readChars overload
* Update lib/wrappers/openssl.nim
Co-authored-by: Andreas Rumpf <rumpf_a@web.de>
Co-authored-by: flywind <xzsflywind@gmail.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Update openssl.nim
Fix issue # 16308
* Update openssl.nim
These are also related to Issues [#16308](https://github.com/nim-lang/Nim/issues/16308)
* Update openssl.nim
* Add files via upload
SSL PEM_read_RSAPUBKEY check
* Delete topenssl_rsa_private_key.pem
* Delete topenssl_rsa_public_key.pem
* Delete topenssl.nim
* Add files via upload
* Update topenssl.nim
This test makes me dizzy. Variables such as' PRSA 'must be declared in advance, otherwise they will run incorrectly. The argument uses a cString, and string also makes an error.
* Update topenssl.nim
```
lhf@lhf-pc:/media/lhf/D$ cat -e ./topenssl.nim
import std/wordwrap$
import openssl$
```
* Update topenssl.nim
* dos2unix tests/stdlib/topenssl.nim
Co-authored-by: lihaifeng <lihaifeng@wxm.com>
|
| |
|
|
| |
[backport:1.4]
|
| |
|
|
|
|
|
|
|
| |
* Added SSL_CTX_set_session_id_context()
* Added basic nimdoc
* Raise an error if sessionIdContext is longer than the maximum length
* Update nimdocs
|
| | |
|
| |
|
|
|
|
|
| |
Sometimes the analysis might get funky and decide that the if-expression
below is not an if-expression. Details of how this can happen is largely
unknown, but it's easy to prevent so we will just go forward with that.
Fix #14591
|
| | |
|
| | |
|
| |
|
|
| |
Nim will pretend that these proc are not gcsafe if they are not marked.
|
| |
|
|
|
|
| |
This procedure is not no-op for older LibreSSL, and the ABI is kept for
newer versions, so there's no harm in enabling it unconditionally for
all LibreSSL versions.
|
| |
|
|
|
| |
Previously we loaded the SSL library for this, but that's not where the
symbol resides.
|
| |
|
|
|
| |
And the fun thing is that currently we use a super old OpenSSL on
Windows.
|
| |
|
|
| |
Follow up of 794042080b270d9da8d64bb4285ce83787bdec7e
|
| |
|
|
| |
Yet another weird {.gcsafe.} triggering when it shouldn't.
|
| |
|
|
|
| |
This setting is required for servers running OpenSSL < 1.1.0 to support
EC-based secure ciphers that is now part of the default cipher list.
|
| | |
|
| |
|
|
| |
Now matches the declaration in openssl/err.h
|
| |
|
|
|
|
| |
This commit prevents "SSL_shutdown while in init" errors from happening.
See https://github.com/openssl/openssl/issues/710#issuecomment-253897666
|
| | |
|
| |
|
|
| |
This adds the procedures to read RSA keys and encrypt/decrypt messages
with both public and private keys.
|
| |
|
|
|
|
|
|
| |
This fixes at least a couple of issues:
* Procs loaded from the DLL being used even when the pointer is nil.
* The actual issue (#13903) which appeared to cause stack corruption on
Android 7.1.1 with OpenSSL 1.1.1f. The change that fixed this was the
move to loading the procs in `sslSym`.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* make i2d_X509 and d2i_X509 always available
i2d_X509 and d2i_X509 have been available in all versions of OpenSSL, so
make them available even if nimDisableCertificateValidation is set.
* introduce getPeerCertificates, fixes #13299
getPeerCertificates retrieves the verified certificate chain of the peer
we are connected to through an SSL-wrapped Socket/AsyncSocket. This
introduces the new type Certificate which stores a DER-encoded X509 certificate.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Implement SSL/TLS certificate checking #782
* SSL: Add nimDisableCertificateValidation
Remove NIM_SSL_CERT_VALIDATION env var
tests/untestable/thttpclient_ssl.nim ran successfully on Linux with libssl 1.1.1d
* SSL: update integ test to skip flapping tests
* Revert .travis.yml change
* nimDisableCertificateValidation disable imports
Prevent loading symbols that are not defined on older SSL libs
* SSL: disable verification in net.nim
..when nimDisableCertificateValidation is set
* Update changelog
* Fix peername type
* Add define check for windows
* Disable test on windows
* Add exprimental GitHub action CI for SSL
* Test nimDisableCertificateValidation
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
| |
This reverts commit 00c31e87660d9db813871f5aa23661bf6b9bbdcb.
|
| |
|
|
|
|
| |
* Fixes #12187
* Point to fork of compactdict
Since the original repo is now archived / read-only
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Prevent spurious segfaults when OpenSSL is used in multithreaded
environments since the library isn't able to handle thread-local memory.
Fixes #9016
|
| |
|
|
|
|
| |
* add SSL_set_SSL_CTX for SNI
* fix SSL_set_SSL_CTX
|
| | |
|