b0d62bcdc3
io.sockets.secure: add SNI support for Windows
...
M: secure ((client)) is identical between Unix and Windows, so this probably
could be moved out of the platform-specific vocab, but doing it sanely would
require a refactor I'm not excited about, so punting on that for now.
Fixes #1551
2016-03-12 09:27:31 -05:00
a303637850
io.sockets.secure.windows: Try to fix compile error.
2016-03-05 02:57:39 -08:00
c077ee91e9
openssl: More ciphers.
2016-03-04 18:42:35 +00:00
46c9143232
openssl: call SSL_CTX_set_ecdh_auto() for forward secrecy.
2016-03-04 10:05:09 -08:00
0bfe6ff826
openssl: support more protocols for forward secrecy.
2016-03-04 09:19:08 -08:00
3576c0930c
openssl: Prefer tls1.2. Only use secure ciphers.
2016-03-04 09:15:12 -08:00
e83e791a7a
Do not attempt to set an SNI hostname on a server
2016-03-03 13:58:31 -08:00
62d1425971
Add SNI support to Factor
...
Fixes #1527
2016-03-03 09:48:20 -08:00
bfd656df17
Dump everything before TLSv1
...
All versions of SSL are deprecated and have major security issues. Just
kill the whole thing. If you want to deliberately expose yourself to
POODLE, you can do it on your own time.
2016-03-01 19:43:06 -05:00
3f07cbd194
io.sockets.secure.openssl: Nuke RSA.
2016-03-01 14:02:47 -08:00
12af22f3ee
openssl: only set RSA keys if required to do so
...
Modern OpenSSL and LibreSSL both do not require SSL_CTX_set_tmp_rsa to
be called unless SSL_CTX_need_tmp_rsa returns true, and LibreSSL and
OpenSSL compiled with deprecation warnings both will fail if this
happens. This commit resolves that.
With this change, it becomes possible to use LibreSSL in place of
OpenSSL with Factor.
2016-02-23 08:11:04 -05:00
8073c8a77e
Update OpenSSL calls to work with LibreSSL/newer OpenSSL
...
RSA_generate_key has been deprecated, and is not available in either
LibreSSL or newer OpenSSL that are not compiled with deprecated call
support. This commit switches to the still-supported
RSA_generate_key_ex, which is supported by both libraries.
Note that this is still insufficient for Factor to work under LibreSSL,
though we now get a call further than before.
2016-02-22 14:21:39 -08:00
0a3b4b4872
io.sockets.secure.debug: use <test-secure-config> in some places
...
the word can be reused in a few places when setting up ssl. it removes
some duplicated code
2015-10-04 01:25:11 +02:00
e477f6996f
Fix comments to be ! not #!.
2015-09-08 16:15:10 -07:00
ceb75057da
change ERROR: words from throw-foo back to foo.
2015-08-13 16:13:05 -07:00
b6be8685c3
basis: ERROR: changes.
2015-08-13 03:20:39 -07:00
5eec781b40
use ``if*`` instead of ``dup [ ] [ drop ] if``.
2015-07-20 22:24:30 -07:00
892c62e1dc
factor: second stab at [ ] [ ] unit-test -> { } [ ] unit-test
2015-07-03 09:39:59 -07:00
59f3b1ea57
Revert "factor: rename [ ] [ ] unit-test -> { } [ ] unit-test using a refactoring tool!"
...
Needs a bit more work.
This reverts commit 7e54cc2824
2015-07-02 13:47:06 -07:00
7e54cc2824
factor: rename [ ] [ ] unit-test -> { } [ ] unit-test using a refactoring tool!
2015-07-02 11:36:08 -07:00
999aa7c897
factor: clean up spaces in -tests files
2015-07-02 10:34:01 -07:00
39093727b1
libc: rename (io-error) to throw-errno.
2014-11-21 09:29:45 -08:00
f79d61060e
io.buffers: cleanup interface a bit.
2014-11-16 18:54:24 -08:00
8033741135
io/ui: slim down the USE: list
2014-10-24 17:33:27 -07:00
8c58b99b1d
Revert "openssl: define a startup-hook so that openssl initializes automatically"
...
This reverts commit 981ea313a0
2014-08-05 12:14:53 -07:00
6ea98afc99
io.sockets.secure.openssl: We don't care what the error is as long as it fails.
2014-07-09 22:32:32 -07:00
377180baf6
io.sockets.secure.windows: Fix using, remove duplication.
2014-07-07 21:44:40 -05:00
59c5373263
io.sockets.secure: Another fix for cross-platform openssl.
2014-07-07 18:45:22 -07:00
075a86f5d9
io.sockets.secure: Move some code from secure.unix to secure.openssl. Add a hook for finding sockets to upgrade.
2014-07-07 18:34:41 -07:00
981ea313a0
openssl: define a startup-hook so that openssl initializes automatically
2014-06-06 14:12:09 -07:00
e3323818cc
io.sockets.secure.openssl: disable tests for now.
2014-04-22 08:16:53 -07:00
06912460b4
io.sockets.secure.openssl: use must-fail-with.
2014-04-22 07:41:23 -07:00
516ffcc311
io.sockets.secure.openssl.tests: more and better SSL_connect tests
...
Better error handling so it should be easier to see why the tests fail
on the build server (#1036 ).
2014-04-18 10:06:46 -07:00
df3417c5b7
io.sockets.secure.openssl: more docs
2014-04-18 10:06:46 -07:00
e473ef628d
io.sockets.secure.openssl: big refactoring, all error handling merged into one check-ssl-error word
2014-04-18 10:06:46 -07:00
d123f589f7
io.sockets.secure.openssl: Check error code in unit test.
2014-04-08 12:08:58 -07:00
a02e8e3cda
io.sockets.secure.openssl: Fix using list.
2014-04-02 23:11:52 -05:00
f8387a08ae
Merge:
...
io.sockets.secure.windows: use non-blocking sockets to prevent
SSL_connect from blocking
On Windows, SSL_connect may hang forever if the server doesn't send any
data. To counteract that we temporarily set the socket non-blocking and
then call select in the wait-for-fd method.
Conflicts:
basis/io/sockets/secure/openssl/openssl-tests.factor
2014-04-02 12:16:51 -05:00
4d8f3e8a78
io.sockets.secure.openssl: do-ssl-connect needs to call wait-for-fd
2014-04-02 12:13:21 -05:00
753b2f0177
io.files: make wait-for-fd generic and dispatch depending on backend
...
do-ssl-accept need to call wait-for-fd so it needs to be generic. On
windows it's a noop but on unix it will wait for the fd.
2014-04-02 12:12:49 -05:00
6421af3401
io.sockets.secure.*: unification of lots of platform-independent code
...
Code that is duplicated in the backends moved to
io.sockets.secure.openssl. The wait-for-fd verb used by do-ssl-accept
doesn't have any equivalent on Windows so that needs to be
implemented.
2014-04-02 12:12:37 -05:00
5f38df7741
io.sockets.secure.windows: reading and writing from ssl sockets
...
Unified the drain and refill generics and put their definition in
io.files. They are now used by both the windows and unix ssl backend
for io. Windows ssl kind of works now, but the error cases are not
implemented correctly.
2014-04-02 12:12:14 -05:00
6ed3a09b5d
io.sockets.secure: new hook variable ssl-certificate-verification-supported?
...
t if the backend is able to verify certificates, f
otherwise. Currently certificate validation isn't implemented on Windows
2014-04-02 12:11:53 -05:00
39b13b6736
io.sockets.secure.openssl: guard against SSL_get_peer_certificate returning null
2014-03-06 18:41:37 +01:00
a71e2d8060
io.sockets.secure.openssl: Fix docs.
2013-11-28 12:59:36 -06:00
53592b9c7d
io.sockets.secure.windows: add platforms.txt.
2013-11-16 16:20:34 -08:00
4bcb356ba8
io.sockets.secure.openssl: libssl error is opaque, check that cert files
...
exist in Factor beforehand so we can get a nicer error message.
Add missing USE: and neaten up the list.
2013-11-16 15:59:31 -08:00
5f2238f7d4
io.sockets.secure.windows: secure socket implementation for windows, it works reasonably but certificate validation is not working correctly yet
2013-10-11 10:23:40 -07:00
729bd8a362
io.sockets.secure.openssl.tests: remove windows.winsock import and another test for subject-name
2013-10-11 10:23:40 -07:00
ad627a1395
openssl.libssl: on windows the X509_* family of functions is in a
...
different dll than the other functions in libssl
2013-10-11 10:23:40 -07:00
Benjamin Pollack
Doug Coleman
Björn Lindqvist
John Benediktsson