Doug Coleman
9f213f96f6
core: Add the shuffler words but without primitives.
...
The nipd branch slowed bootstrap by a minute, this patch does not.
sorry about changing the fjsc line endings...
2018-06-19 22:52:58 -05:00
John Benediktsson
0ab7ed6979
io.encodings: use new latin1 instead of 8-bit encoding from file.
2018-02-28 08:56:01 -08:00
John Benediktsson
85b69b5b49
io.encodings.8-bit: more encodings, and reduce hierarchy.
2018-02-26 10:21:35 -08:00
John Benediktsson
ca03896d74
more test IN: cleanup.
2018-02-15 09:20:01 -08:00
John Benediktsson
a92d67fcb2
fix more typos in docs.
2018-02-12 16:43:08 -08:00
Doug Coleman
f6f15b9c82
io.socketes.secure: Use TLS 1.0 or TLS 1.2 certs.
...
Fixes #1887 .
2017-12-17 20:02:29 -06:00
Doug Coleman
7d8fe2b54c
io.sockets.secure.unix: Stop these tests from hanging on errors.
...
Specifically, the server writes its port to a mailbox. On Mac 10.11.6, the last macOS for my old computers, TLS1.0 is the last supported SSL protocol, and there is a yet-undebugged error. This patch at least exposes the error for debugging.
2017-12-17 18:49:52 -06:00
Björn Lindqvist
8675cb2c25
basis/,core/,extra/: more tags
2017-07-08 18:31:39 +02:00
Björn Lindqvist
2a5f5ca6b9
openssl.*,io.sockets.*: support for openssl 1.1
...
In the new version, a lot of c function names have changed. So a new
global ssl-new-api? is needed to know if the new or old names should be
used.
2017-07-01 13:41:22 +02:00
Björn Lindqvist
0d8338ceb8
io.sockets.secure.openssl,openssl.libssl: ENUM: over syntax
...
The enum does the same thing as the custom syntax did and is a little
easier to understand.
2017-06-24 16:46:00 +02:00
Doug Coleman
e189954ecc
core: Rename iota to <iota> so we can have TUPLE: iota ... ; instead of TUPLE: iota-tuple ... ;
2017-06-02 11:57:05 -05:00
John Benediktsson
3a6eefcc8e
using ignore-errors instead of [ drop ] recover.
2017-02-09 15:50:33 -08:00
Björn Lindqvist
a9ac763912
alien.libraries: word>dlsym was a stupid idea that didn't work
...
The def>> attribute is stripped when deploying. So return dlsym? and use
that.
2016-11-30 16:36:24 +01:00
Björn Lindqvist
2ba659dcb1
io.sockets.secure,alien.libraries: new word word>dlsym to replace the dlsym? word
2016-11-30 11:51:54 +01:00
Björn Lindqvist
0e7fd0340d
io.sockets.secure.openssl.tests: fix so you dont get an error when test times out
2016-11-19 23:40:12 +01:00
Björn Lindqvist
c6361436bf
io.sockets.secure.openssl: set connected to t after do-ssl-accept
...
This should prevent the SSL_shutdown:shutdown while in init error we've
been seeing
2016-11-19 19:05:53 +01:00
Björn Lindqvist
1b7b7e8260
io.sockets.secure.openssl: second |dispose seem to be redundant
2016-11-19 18:04:17 +01:00
Alexander Iljin
b35294eade
io.sockets.secure-docs: update and add some documentation
2016-06-22 11:27:26 -07:00
Doug Coleman
c7041fe96e
io.sockets.secure.windows: Windows sockets are a bit confused. Make a word
...
to get the handle out of two different paths. Probably needs more
refactoring but this makes it work.
2016-06-02 11:07:19 -07:00
Doug Coleman
05083ba503
io.sockets.secure.windows: No need to call file>> because we have a
...
win32-socket on the stack already.
2016-06-02 10:56:50 -07:00
Doug Coleman
b63aaff1c5
io.sockets.secure: (server) needs a method on secure for Windows too. Move the method to a vocab that both platforms load.
2016-06-02 10:25:11 -07:00
John Benediktsson
498285d7dd
unicode: make this the API for all unicode things.
2016-03-30 23:29:48 -07:00
Doug Coleman
d3bc2035a2
factor: remove rest of double paren words.
2016-03-25 03:13:27 -07:00
Doug Coleman
bb7161a46f
io.sockets.secure.windows: Add some code for loading the certificates on
...
windows. Still disabled, and the CA certificates are duplicated.
2016-03-13 16:11:45 -07:00
Doug Coleman
460555785c
io.sockets.secure.openssl: Fix docs.
2016-03-13 01:45:52 -08:00
Doug Coleman
df3f58ae61
io.sockets.secure.openssl: Fix subject-name-match? for wildcard domains.
...
Also remove duplicate names before checking.
2016-03-12 20:22:47 -08:00
Benjamin Pollack
b0d62bcdc3
io.sockets.secure: add SNI support for Windows
...
M: secure ((client)) is identical between Unix and Windows, so this probably
could be moved out of the platform-specific vocab, but doing it sanely would
require a refactor I'm not excited about, so punting on that for now.
Fixes #1551
2016-03-12 09:27:31 -05:00
Doug Coleman
a303637850
io.sockets.secure.windows: Try to fix compile error.
2016-03-05 02:57:39 -08:00
Doug Coleman
c077ee91e9
openssl: More ciphers.
2016-03-04 18:42:35 +00:00
Doug Coleman
46c9143232
openssl: call SSL_CTX_set_ecdh_auto() for forward secrecy.
2016-03-04 10:05:09 -08:00
Doug Coleman
0bfe6ff826
openssl: support more protocols for forward secrecy.
2016-03-04 09:19:08 -08:00
Doug Coleman
3576c0930c
openssl: Prefer tls1.2. Only use secure ciphers.
2016-03-04 09:15:12 -08:00
Benjamin Pollack
e83e791a7a
Do not attempt to set an SNI hostname on a server
2016-03-03 13:58:31 -08:00
Benjamin Pollack
62d1425971
Add SNI support to Factor
...
Fixes #1527
2016-03-03 09:48:20 -08:00
Benjamin Pollack
bfd656df17
Dump everything before TLSv1
...
All versions of SSL are deprecated and have major security issues. Just
kill the whole thing. If you want to deliberately expose yourself to
POODLE, you can do it on your own time.
2016-03-01 19:43:06 -05:00
Doug Coleman
3f07cbd194
io.sockets.secure.openssl: Nuke RSA.
2016-03-01 14:02:47 -08:00
Benjamin Pollack
12af22f3ee
openssl: only set RSA keys if required to do so
...
Modern OpenSSL and LibreSSL both do not require SSL_CTX_set_tmp_rsa to
be called unless SSL_CTX_need_tmp_rsa returns true, and LibreSSL and
OpenSSL compiled with deprecation warnings both will fail if this
happens. This commit resolves that.
With this change, it becomes possible to use LibreSSL in place of
OpenSSL with Factor.
2016-02-23 08:11:04 -05:00
Benjamin Pollack
8073c8a77e
Update OpenSSL calls to work with LibreSSL/newer OpenSSL
...
RSA_generate_key has been deprecated, and is not available in either
LibreSSL or newer OpenSSL that are not compiled with deprecated call
support. This commit switches to the still-supported
RSA_generate_key_ex, which is supported by both libraries.
Note that this is still insufficient for Factor to work under LibreSSL,
though we now get a call further than before.
2016-02-22 14:21:39 -08:00
Björn Lindqvist
0a3b4b4872
io.sockets.secure.debug: use <test-secure-config> in some places
...
the word can be reused in a few places when setting up ssl. it removes
some duplicated code
2015-10-04 01:25:11 +02:00
John Benediktsson
e477f6996f
Fix comments to be ! not #!.
2015-09-08 16:15:10 -07:00
John Benediktsson
ceb75057da
change ERROR: words from throw-foo back to foo.
2015-08-13 16:13:05 -07:00
Doug Coleman
b6be8685c3
basis: ERROR: changes.
2015-08-13 03:20:39 -07:00
John Benediktsson
5eec781b40
use ``if*`` instead of ``dup [ ] [ drop ] if``.
2015-07-20 22:24:30 -07:00
Doug Coleman
892c62e1dc
factor: second stab at [ ] [ ] unit-test -> { } [ ] unit-test
2015-07-03 09:39:59 -07:00
Doug Coleman
59f3b1ea57
Revert "factor: rename [ ] [ ] unit-test -> { } [ ] unit-test using a refactoring tool!"
...
Needs a bit more work.
This reverts commit 7e54cc2824
.
2015-07-02 13:47:06 -07:00
Doug Coleman
7e54cc2824
factor: rename [ ] [ ] unit-test -> { } [ ] unit-test using a refactoring tool!
2015-07-02 11:36:08 -07:00
Doug Coleman
999aa7c897
factor: clean up spaces in -tests files
2015-07-02 10:34:01 -07:00
John Benediktsson
39093727b1
libc: rename (io-error) to throw-errno.
2014-11-21 09:29:45 -08:00
John Benediktsson
f79d61060e
io.buffers: cleanup interface a bit.
2014-11-16 18:54:24 -08:00
John Benediktsson
8033741135
io/ui: slim down the USE: list
2014-10-24 17:33:27 -07:00