steve
/
factor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
31,754 Commits
33 Branches
119 Tags
249 MiB
Commit Graph

130 Commits (master)

Author SHA1 Message Date
John Benediktsson 115b7b62df basis: removing unnecessary method stack effects. 2020-09-09 15:00:54 -07:00
Doug Coleman 0e5a3e2f6a openssl.libssl: Add functions to set options on SSL_CTX. 
With these functions we can disable TLS1.0 and TLS1.1 someday.

Related to #2273.
 2020-04-07 22:34:43 +00:00
John Benediktsson ca1612cc57 io: fix for win32-error not throwing on zero. 2020-01-06 14:20:15 -08:00
Alexander Iljin 3733b13daf Replace "win32-error-string throw" with windows-error instance throwing 
Remove win32-error-string, because there was only one place it was used in.
 2020-01-06 13:18:33 -08:00
Doug Coleman 7f395ba7f0 Revert "Replace "win32-error-string throw" with windows-error instance throwing" 
This reverts commit 2dfb3b3a73.
 2020-01-03 13:03:10 -06:00
Alexander Iljin 2dfb3b3a73 Replace "win32-error-string throw" with windows-error instance throwing 
Remove win32-error-string, because there was only one place it was used in.
 2019-11-25 07:06:59 -08:00
Doug Coleman 9f213f96f6 core: Add the shuffler words but without primitives. 
The nipd branch slowed bootstrap by a minute, this patch does not.

sorry about changing the fjsc line endings...
 2018-06-19 22:52:58 -05:00
John Benediktsson 0ab7ed6979 io.encodings: use new latin1 instead of 8-bit encoding from file. 2018-02-28 08:56:01 -08:00
John Benediktsson 85b69b5b49 io.encodings.8-bit: more encodings, and reduce hierarchy. 2018-02-26 10:21:35 -08:00
John Benediktsson ca03896d74 more test IN: cleanup. 2018-02-15 09:20:01 -08:00
John Benediktsson a92d67fcb2 fix more typos in docs. 2018-02-12 16:43:08 -08:00
Doug Coleman f6f15b9c82 io.socketes.secure: Use TLS 1.0 or TLS 1.2 certs. 
Fixes #1887.
 2017-12-17 20:02:29 -06:00
Doug Coleman 7d8fe2b54c io.sockets.secure.unix: Stop these tests from hanging on errors. 
Specifically, the server writes its port to a mailbox. On Mac 10.11.6, the last macOS for my old computers, TLS1.0 is the last supported SSL protocol, and there is a yet-undebugged error. This patch at least exposes the error for debugging.
 2017-12-17 18:49:52 -06:00
Björn Lindqvist 8675cb2c25 basis/,core/,extra/: more tags 2017-07-08 18:31:39 +02:00
Björn Lindqvist 2a5f5ca6b9 openssl.*,io.sockets.*: support for openssl 1.1 
In the new version, a lot of c function names have changed. So a new
global ssl-new-api? is needed to know if the new or old names should be
used.
 2017-07-01 13:41:22 +02:00
Björn Lindqvist 0d8338ceb8 io.sockets.secure.openssl,openssl.libssl: ENUM: over syntax 
The enum does the same thing as the custom syntax did and is a little
easier to understand.
 2017-06-24 16:46:00 +02:00
Doug Coleman e189954ecc core: Rename iota to <iota> so we can have TUPLE: iota ... ; instead of TUPLE: iota-tuple ... ; 2017-06-02 11:57:05 -05:00
John Benediktsson 3a6eefcc8e using ignore-errors instead of [ drop ] recover. 2017-02-09 15:50:33 -08:00
Björn Lindqvist a9ac763912 alien.libraries: word>dlsym was a stupid idea that didn't work 
The def>> attribute is stripped when deploying. So return dlsym? and use
that.
 2016-11-30 16:36:24 +01:00
Björn Lindqvist 2ba659dcb1 io.sockets.secure,alien.libraries: new word word>dlsym to replace the dlsym? word 2016-11-30 11:51:54 +01:00
Björn Lindqvist 0e7fd0340d io.sockets.secure.openssl.tests: fix so you dont get an error when test times out 2016-11-19 23:40:12 +01:00
Björn Lindqvist c6361436bf io.sockets.secure.openssl: set connected to t after do-ssl-accept 
This should prevent the SSL_shutdown:shutdown while in init error we've
been seeing
 2016-11-19 19:05:53 +01:00
Björn Lindqvist 1b7b7e8260 io.sockets.secure.openssl: second |dispose seem to be redundant 2016-11-19 18:04:17 +01:00
Alexander Iljin b35294eade io.sockets.secure-docs: update and add some documentation 2016-06-22 11:27:26 -07:00
Doug Coleman c7041fe96e io.sockets.secure.windows: Windows sockets are a bit confused. Make a word 
to get the handle out of two different paths. Probably needs more
refactoring but this makes it work.
 2016-06-02 11:07:19 -07:00
Doug Coleman 05083ba503 io.sockets.secure.windows: No need to call file>> because we have a 
win32-socket on the stack already.
 2016-06-02 10:56:50 -07:00
Doug Coleman b63aaff1c5 io.sockets.secure: (server) needs a method on secure for Windows too. Move the method to a vocab that both platforms load. 2016-06-02 10:25:11 -07:00
John Benediktsson 498285d7dd unicode: make this the API for all unicode things. 2016-03-30 23:29:48 -07:00
Doug Coleman d3bc2035a2 factor: remove rest of double paren words. 2016-03-25 03:13:27 -07:00
Doug Coleman bb7161a46f io.sockets.secure.windows: Add some code for loading the certificates on 
windows. Still disabled, and the CA certificates are duplicated.
 2016-03-13 16:11:45 -07:00
Doug Coleman 460555785c io.sockets.secure.openssl: Fix docs. 2016-03-13 01:45:52 -08:00
Doug Coleman df3f58ae61 io.sockets.secure.openssl: Fix subject-name-match? for wildcard domains. 
Also remove duplicate names before checking.
 2016-03-12 20:22:47 -08:00
Benjamin Pollack b0d62bcdc3 io.sockets.secure: add SNI support for Windows 
M: secure ((client)) is identical between Unix and Windows, so this probably
could be moved out of the platform-specific vocab, but doing it sanely would
require a refactor I'm not excited about, so punting on that for now.

Fixes #1551
 2016-03-12 09:27:31 -05:00
Doug Coleman a303637850 io.sockets.secure.windows: Try to fix compile error. 2016-03-05 02:57:39 -08:00
Doug Coleman c077ee91e9 openssl: More ciphers. 2016-03-04 18:42:35 +00:00
Doug Coleman 46c9143232 openssl: call SSL_CTX_set_ecdh_auto() for forward secrecy. 2016-03-04 10:05:09 -08:00
Doug Coleman 0bfe6ff826 openssl: support more protocols for forward secrecy. 2016-03-04 09:19:08 -08:00
Doug Coleman 3576c0930c openssl: Prefer tls1.2. Only use secure ciphers. 2016-03-04 09:15:12 -08:00
Benjamin Pollack e83e791a7a Do not attempt to set an SNI hostname on a server 2016-03-03 13:58:31 -08:00
Benjamin Pollack 62d1425971 Add SNI support to Factor 
Fixes #1527
 2016-03-03 09:48:20 -08:00
Benjamin Pollack bfd656df17 Dump everything before TLSv1 
All versions of SSL are deprecated and have major security issues. Just
kill the whole thing. If you want to deliberately expose yourself to
POODLE, you can do it on your own time.
 2016-03-01 19:43:06 -05:00
Doug Coleman 3f07cbd194 io.sockets.secure.openssl: Nuke RSA. 2016-03-01 14:02:47 -08:00
Benjamin Pollack 12af22f3ee openssl: only set RSA keys if required to do so 
Modern OpenSSL and LibreSSL both do not require SSL_CTX_set_tmp_rsa to
be called unless SSL_CTX_need_tmp_rsa returns true, and LibreSSL and
OpenSSL compiled with deprecation warnings both will fail if this
happens. This commit resolves that.

With this change, it becomes possible to use LibreSSL in place of
OpenSSL with Factor.
 2016-02-23 08:11:04 -05:00
Benjamin Pollack 8073c8a77e Update OpenSSL calls to work with LibreSSL/newer OpenSSL 
RSA_generate_key has been deprecated, and is not available in either
LibreSSL or newer OpenSSL that are not compiled with deprecated call
support. This commit switches to the still-supported
RSA_generate_key_ex, which is supported by both libraries.

Note that this is still insufficient for Factor to work under LibreSSL,
though we now get a call further than before.
 2016-02-22 14:21:39 -08:00
Björn Lindqvist 0a3b4b4872 io.sockets.secure.debug: use <test-secure-config> in some places 
the word can be reused in a few places when setting up ssl. it removes
some duplicated code
 2015-10-04 01:25:11 +02:00
John Benediktsson e477f6996f Fix comments to be ! not #!. 2015-09-08 16:15:10 -07:00
John Benediktsson ceb75057da change ERROR: words from throw-foo back to foo. 2015-08-13 16:13:05 -07:00
Doug Coleman b6be8685c3 basis: ERROR: changes. 2015-08-13 03:20:39 -07:00
John Benediktsson 5eec781b40 use ``if*`` instead of ``dup [ ] [ drop ] if``. 2015-07-20 22:24:30 -07:00
Doug Coleman 892c62e1dc factor: second stab at [ ] [ ] unit-test -> { } [ ] unit-test 2015-07-03 09:39:59 -07:00