summary refs log tree commit diff stats
path: root/lib/wrappers/openssl.nim
Commit message (Collapse)AuthorAgeFilesLines
* Add SSL_CTX_set_session_id_context (#15233)IDF2020-09-041-0/+1
| | | | | | | | | * Added SSL_CTX_set_session_id_context() * Added basic nimdoc * Raise an error if sessionIdContext is longer than the maximum length * Update nimdocs
* add openssl missing procs (#15180)Bung2020-08-171-0/+5
|
* openssl: use explicit result for SSL_in_init (#14597)alaviss2020-06-081-2/+2
| | | | | | | Sometimes the analysis might get funky and decide that the if-expression below is not an if-expression. Details of how this can happen is largely unknown, but it's easy to prevent so we will just go forward with that. Fix #14591
* wrappers/openssl: defer loading SSL_CTX_set_ciphersuitesLeorize2020-06-061-1/+3
|
* net: also set TLSv1.3 cipher suitesLeorize2020-06-061-0/+5
|
* wrappers/openssl: mark casts as gcsafeLeorize2020-06-061-17/+13
| | | | Nim will pretend that these proc are not gcsafe if they are not marked.
* wrappers/openssl: enable SSL_CTX_set_ecdh_auto for LibreSSLLeorize2020-06-061-1/+1
| | | | | | This procedure is not no-op for older LibreSSL, and the ABI is kept for newer versions, so there's no harm in enabling it unconditionally for all LibreSSL versions.
* wrappers/openssl: the version number comes from the utility libraryLeorize2020-06-061-9/+20
| | | | | Previously we loaded the SSL library for this, but that's not where the symbol resides.
* net: don't call set_ecdh_auto for super old OpenSSLLeorize2020-06-061-5/+3
| | | | | And the fun thing is that currently we use a super old OpenSSL on Windows.
* wrappers/openssl: fix SSL_CTX_set_modeLeorize2020-06-061-1/+1
| | | | Follow up of 794042080b270d9da8d64bb4285ce83787bdec7e
* wrappers/openssl: getOpenSSLVersion is gcsafeLeorize2020-06-061-3/+4
| | | | Yet another weird {.gcsafe.} triggering when it shouldn't.
* net: enable automatic EC curve selection for OpenSSL 1.0.2Leorize2020-06-061-0/+16
| | | | | This setting is required for servers running OpenSSL < 1.1.0 to support EC-based secure ciphers that is now part of the default cipher list.
* wrappers/openssl: fix SSL_CTX_ctrl signatureLeorize2020-06-061-1/+1
|
* openssl: fix erroneous function signaturesLeorize2020-06-061-3/+3
| | | | Now matches the declaration in openssl/err.h
* asyncnet, net: call SSL_shutdown only when connection establishedLeorize2020-06-061-0/+28
| | | | | | This commit prevents "SSL_shutdown while in init" errors from happening. See https://github.com/openssl/openssl/issues/710#issuecomment-253897666
* Add procedures to read RSA keys from BIO format (#14223)PMunch2020-05-041-0/+4
|
* Add RSA key reading and encrypt/decrypt to openssl (#14137)PMunch2020-04-271-0/+23
| | | | This adds the procedures to read RSA keys and encrypt/decrypt messages with both public and private keys.
* Fixes issues with dynamic loading OpenSSL. Fixes #13903. (#13919) [backport]Dominik Picheta2020-04-081-19/+39
| | | | | | | | This fixes at least a couple of issues: * Procs loaded from the DLL being used even when the pointer is nil. * The actual issue (#13903) which appeared to cause stack corruption on Android 7.1.1 with OpenSSL 1.1.1f. The change that fixed this was the move to loading the procs in `sslSym`.
* Deprecate DCE:on (#13839)Juan Carlos2020-04-021-1/+0
|
* introduce getPeerCertificates, fixes #13299 (#13650)Christian Ulrich2020-03-221-22/+32
| | | | | | | | | | | | * make i2d_X509 and d2i_X509 always available i2d_X509 and d2i_X509 have been available in all versions of OpenSSL, so make them available even if nimDisableCertificateValidation is set. * introduce getPeerCertificates, fixes #13299 getPeerCertificates retrieves the verified certificate chain of the peer we are connected to through an SSL-wrapped Socket/AsyncSocket. This introduces the new type Certificate which stores a DER-encoded X509 certificate.
* SSL certificate verify GitHub action (#13697)Federico Ceratto2020-03-201-0/+71
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Implement SSL/TLS certificate checking #782 * SSL: Add nimDisableCertificateValidation Remove NIM_SSL_CERT_VALIDATION env var tests/untestable/thttpclient_ssl.nim ran successfully on Linux with libssl 1.1.1d * SSL: update integ test to skip flapping tests * Revert .travis.yml change * nimDisableCertificateValidation disable imports Prevent loading symbols that are not defined on older SSL libs * SSL: disable verification in net.nim ..when nimDisableCertificateValidation is set * Update changelog * Fix peername type * Add define check for windows * Disable test on windows * Add exprimental GitHub action CI for SSL * Test nimDisableCertificateValidation
* Expose more openSSL methods. (#13131)treeform2020-01-131-0/+43
|
* Remove some unused/disabled OpenSSL functions (#13106)treeform2020-01-111-135/+0
|
* introduce csize_t instead of fixing csize (#12497)Arne Döring2019-10-311-4/+4
|
* fix several typos in documentation and comments (#12553)Nindaleth2019-10-301-1/+1
|
* Revert "Fixes #12187 (#12321)" (#12447)Andreas Rumpf2019-10-181-2/+2
| | | This reverts commit 00c31e87660d9db813871f5aa23661bf6b9bbdcb.
* Fixes #12187 (#12321)Clyybber2019-10-081-2/+2
| | | | | | * Fixes #12187 * Point to fork of compactdict Since the original repo is now archived / read-only
* style improvements; fixes #11774Araq2019-07-191-1/+1
|
* [bugfix] openssl styleCheck fix: consistent var naming (#11750)Kaushal Modi2019-07-161-4/+4
|
* minor style changesAraq2019-07-111-70/+75
|
* [bugfix] Add `.47` as supported libssl versionSolitudeSF2019-06-141-2/+2
|
* Add force openSSL version with -d:sslVersion=1.0.0 (#11272)treeform2019-05-201-2/+25
|
* fix #10281 (#10282)Timothee Cour2019-01-121-1/+5
|
* Fix libssl order. Newest one is 1.1Andre von Houck2019-01-081-1/+1
|
* Better LibSSL search order. (#10230)treeform2019-01-081-1/+1
|
* removes deprecated T/P typesAraq2018-11-161-2/+0
|
* Add `.46` as supported libssl version (#9704)Solitude2018-11-151-1/+1
|
* Allocate OpenSSL memory outside of the thread heapLemonBoy2018-09-271-5/+5
| | | | | | | Prevent spurious segfaults when OpenSSL is used in multithreaded environments since the library isn't able to handle thread-local memory. Fixes #9016
* add SSL_set_SSL_CTX for SNI(Server Name Indication) (#8308)momf2018-07-131-0/+1
| | | | | | * add SSL_set_SSL_CTX for SNI * fix SSL_set_SSL_CTX
* Set Genode Openssl shared-object stringsEmery Hemingway2018-06-071-0/+4
|
* SSL implementation: added nimNoAllocForSSLAndreas Rumpf2018-05-271-2/+2
|
* link against libssl.so.45SolitudeSF2018-04-261-1/+1
|
* remove dead code elimination option (#7669)Jacek Sieka2018-04-231-1/+1
|
* libssl.so.44 fix (#7358)Solitude2018-03-201-1/+1
|
* OpenSSL: 32bit DLL names on Windows lack the -x32 suffixAraq2018-02-091-2/+2
|
* OpenSSL: use modern DLLs on Windows; export DLLSSLName and DLLUtilName for ↵Araq2018-02-091-8/+8
| | | | modules that need to expand on the openssl wrapper
* Add note about OpenSSL 1.0.x support to openssl module.Dominik Picheta2018-01-201-1/+3
|
* Allow static linking with OpenSSL 1.0.xRuslan Mustakov2018-01-201-20/+26
| | | | | | | This commit basically returns the code that was removed in a78d7a31f780c6cf1e421f820d9ed19a5db64ca7, but under 'openssl10' define symbol. OpenSSL 1.0.2 is still actively maintained, so there is no point in dropping support of it.
* Add OpenSSL 1.1.0 support #5000Federico Ceratto2017-12-281-20/+75
| | | | Add a simple online test
* Added a couple of procs for RSA verification (#6942)Yuriy Glukhov2017-12-191-0/+8
|
generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2025-03-10 14:15:15 +0000