| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Update openssl.nim
Fix issue # 16308
* Update openssl.nim
These are also related to Issues [#16308](https://github.com/nim-lang/Nim/issues/16308)
* Update openssl.nim
* Add files via upload
SSL PEM_read_RSAPUBKEY check
* Delete topenssl_rsa_private_key.pem
* Delete topenssl_rsa_public_key.pem
* Delete topenssl.nim
* Add files via upload
* Update topenssl.nim
This test makes me dizzy. Variables such as' PRSA 'must be declared in advance, otherwise they will run incorrectly. The argument uses a cString, and string also makes an error.
* Update topenssl.nim
```
lhf@lhf-pc:/media/lhf/D$ cat -e ./topenssl.nim
import std/wordwrap$
import openssl$
```
* Update topenssl.nim
* dos2unix tests/stdlib/topenssl.nim
Co-authored-by: lihaifeng <lihaifeng@wxm.com>
|
| |
|
|
| |
[backport:1.4]
|
| |
|
|
|
|
|
|
|
| |
* Added SSL_CTX_set_session_id_context()
* Added basic nimdoc
* Raise an error if sessionIdContext is longer than the maximum length
* Update nimdocs
|
| | |
|
| |
|
|
|
|
|
| |
Sometimes the analysis might get funky and decide that the if-expression
below is not an if-expression. Details of how this can happen is largely
unknown, but it's easy to prevent so we will just go forward with that.
Fix #14591
|
| | |
|
| | |
|
| |
|
|
| |
Nim will pretend that these proc are not gcsafe if they are not marked.
|
| |
|
|
|
|
| |
This procedure is not no-op for older LibreSSL, and the ABI is kept for
newer versions, so there's no harm in enabling it unconditionally for
all LibreSSL versions.
|
| |
|
|
|
| |
Previously we loaded the SSL library for this, but that's not where the
symbol resides.
|
| |
|
|
|
| |
And the fun thing is that currently we use a super old OpenSSL on
Windows.
|
| |
|
|
| |
Follow up of 794042080b270d9da8d64bb4285ce83787bdec7e
|
| |
|
|
| |
Yet another weird {.gcsafe.} triggering when it shouldn't.
|
| |
|
|
|
| |
This setting is required for servers running OpenSSL < 1.1.0 to support
EC-based secure ciphers that is now part of the default cipher list.
|
| | |
|
| |
|
|
| |
Now matches the declaration in openssl/err.h
|
| |
|
|
|
|
| |
This commit prevents "SSL_shutdown while in init" errors from happening.
See https://github.com/openssl/openssl/issues/710#issuecomment-253897666
|
| | |
|
| |
|
|
| |
This adds the procedures to read RSA keys and encrypt/decrypt messages
with both public and private keys.
|
| |
|
|
|
|
|
|
| |
This fixes at least a couple of issues:
* Procs loaded from the DLL being used even when the pointer is nil.
* The actual issue (#13903) which appeared to cause stack corruption on
Android 7.1.1 with OpenSSL 1.1.1f. The change that fixed this was the
move to loading the procs in `sslSym`.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* make i2d_X509 and d2i_X509 always available
i2d_X509 and d2i_X509 have been available in all versions of OpenSSL, so
make them available even if nimDisableCertificateValidation is set.
* introduce getPeerCertificates, fixes #13299
getPeerCertificates retrieves the verified certificate chain of the peer
we are connected to through an SSL-wrapped Socket/AsyncSocket. This
introduces the new type Certificate which stores a DER-encoded X509 certificate.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Implement SSL/TLS certificate checking #782
* SSL: Add nimDisableCertificateValidation
Remove NIM_SSL_CERT_VALIDATION env var
tests/untestable/thttpclient_ssl.nim ran successfully on Linux with libssl 1.1.1d
* SSL: update integ test to skip flapping tests
* Revert .travis.yml change
* nimDisableCertificateValidation disable imports
Prevent loading symbols that are not defined on older SSL libs
* SSL: disable verification in net.nim
..when nimDisableCertificateValidation is set
* Update changelog
* Fix peername type
* Add define check for windows
* Disable test on windows
* Add exprimental GitHub action CI for SSL
* Test nimDisableCertificateValidation
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
| |
This reverts commit 00c31e87660d9db813871f5aa23661bf6b9bbdcb.
|
| |
|
|
|
|
| |
* Fixes #12187
* Point to fork of compactdict
Since the original repo is now archived / read-only
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Prevent spurious segfaults when OpenSSL is used in multithreaded
environments since the library isn't able to handle thread-local memory.
Fixes #9016
|
| |
|
|
|
|
| |
* add SSL_set_SSL_CTX for SNI
* fix SSL_set_SSL_CTX
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
modules that need to expand on the openssl wrapper
|
| | |
|
| |
|
|
|
|
|
| |
This commit basically returns the code that was removed in
a78d7a31f780c6cf1e421f820d9ed19a5db64ca7, but under 'openssl10'
define symbol. OpenSSL 1.0.2 is still actively maintained, so there is
no point in dropping support of it.
|