From ba61a8d00a65948fc0b3a1c100a20cca711fdd0f Mon Sep 17 00:00:00 2001 From: Michał Zieliński Date: Sat, 24 Oct 2015 08:53:18 +0200 Subject: net.nim: support for TLS-PSK ciphersuites --- examples/ssl/pskclient.nim | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 examples/ssl/pskclient.nim (limited to 'examples/ssl/pskclient.nim') diff --git a/examples/ssl/pskclient.nim b/examples/ssl/pskclient.nim new file mode 100644 index 000000000..7c93bbb61 --- /dev/null +++ b/examples/ssl/pskclient.nim @@ -0,0 +1,15 @@ +# Create connection encrypted using preshared key (TLS-PSK). +import net + +static: assert defined(ssl) + +let sock = newSocket() +sock.connect("localhost", Port(8800)) + +proc clientFunc(identityHint: string): tuple[identity: string, psk: string] = + echo "identity hint ", identityHint.repr + return ("foo", "psk-of-foo") + +let context = newContext(cipherList="PSK-AES256-CBC-SHA") +context.clientGetPskFunc = clientFunc +context.wrapConnectedSocket(sock, handshakeAsClient) -- cgit 1.4.1-2-gfad0 From 3ecf33fa6acc87b204ac0240b597d5d91d0a78f7 Mon Sep 17 00:00:00 2001 From: Michał Zieliński Date: Sat, 24 Oct 2015 22:48:33 +0200 Subject: net.nim: destroyContext for destroying SSLContext --- examples/ssl/pskclient.nim | 1 + lib/pure/net.nim | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'examples/ssl/pskclient.nim') diff --git a/examples/ssl/pskclient.nim b/examples/ssl/pskclient.nim index 7c93bbb61..c83f27fbc 100644 --- a/examples/ssl/pskclient.nim +++ b/examples/ssl/pskclient.nim @@ -13,3 +13,4 @@ proc clientFunc(identityHint: string): tuple[identity: string, psk: string] = let context = newContext(cipherList="PSK-AES256-CBC-SHA") context.clientGetPskFunc = clientFunc context.wrapConnectedSocket(sock, handshakeAsClient) +context.destroyContext() diff --git a/lib/pure/net.nim b/lib/pure/net.nim index 4bdfede42..368ff6e87 100644 --- a/lib/pure/net.nim +++ b/lib/pure/net.nim @@ -267,7 +267,6 @@ when defined(ssl): newCTX.loadCertificates(certFile, keyFile) result = SSLContext(newCTX) - # this is never freed, but SSLContext can't be freed anyway yet let extraInternal = new(SslContextExtraInternal) GC_ref(extraInternal) result.setExtraData(extraInternalIndex, cast[pointer](extraInternal)) @@ -275,6 +274,13 @@ when defined(ssl): proc getExtraInternal(ctx: SSLContext): SslContextExtraInternal = return cast[SslContextExtraInternal](ctx.getExtraData(extraInternalIndex)) + proc destroyContext*(ctx: SSLContext) = + ## Free memory referenced by SSLContext. + let extraInternal = ctx.getExtraInternal() + if extraInternal != nil: + GC_unref(extraInternal) + SSLCTX(ctx).SSL_CTX_free() + proc `pskIdentityHint=`*(ctx: SSLContext, hint: string) = ## Sets the identity hint passed to server. ## -- cgit 1.4.1-2-gfad0