steve
/
factor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
28,351 Commits
33 Branches
119 Tags
249 MiB
Commit Graph

54 Commits (b0d62bcdc382f3921e167da8ff48a534f003d93c)

Author SHA1 Message Date
Doug Coleman c077ee91e9 openssl: More ciphers. 2016-03-04 18:42:35 +00:00
Doug Coleman 46c9143232 openssl: call SSL_CTX_set_ecdh_auto() for forward secrecy. 2016-03-04 10:05:09 -08:00
Doug Coleman 0bfe6ff826 openssl: support more protocols for forward secrecy. 2016-03-04 09:19:08 -08:00
Doug Coleman 3576c0930c openssl: Prefer tls1.2. Only use secure ciphers. 2016-03-04 09:15:12 -08:00
Benjamin Pollack 62d1425971 Add SNI support to Factor 
Fixes #1527
 2016-03-03 09:48:20 -08:00
Benjamin Pollack bfd656df17 Dump everything before TLSv1 
All versions of SSL are deprecated and have major security issues. Just
kill the whole thing. If you want to deliberately expose yourself to
POODLE, you can do it on your own time.
 2016-03-01 19:43:06 -05:00
Doug Coleman 3f07cbd194 io.sockets.secure.openssl: Nuke RSA. 2016-03-01 14:02:47 -08:00
Benjamin Pollack 12af22f3ee openssl: only set RSA keys if required to do so 
Modern OpenSSL and LibreSSL both do not require SSL_CTX_set_tmp_rsa to
be called unless SSL_CTX_need_tmp_rsa returns true, and LibreSSL and
OpenSSL compiled with deprecation warnings both will fail if this
happens. This commit resolves that.

With this change, it becomes possible to use LibreSSL in place of
OpenSSL with Factor.
 2016-02-23 08:11:04 -05:00
Benjamin Pollack 8073c8a77e Update OpenSSL calls to work with LibreSSL/newer OpenSSL 
RSA_generate_key has been deprecated, and is not available in either
LibreSSL or newer OpenSSL that are not compiled with deprecated call
support. This commit switches to the still-supported
RSA_generate_key_ex, which is supported by both libraries.

Note that this is still insufficient for Factor to work under LibreSSL,
though we now get a call further than before.
 2016-02-22 14:21:39 -08:00
John Benediktsson ceb75057da change ERROR: words from throw-foo back to foo. 2015-08-13 16:13:05 -07:00
Doug Coleman b6be8685c3 basis: ERROR: changes. 2015-08-13 03:20:39 -07:00
John Benediktsson 39093727b1 libc: rename (io-error) to throw-errno. 2014-11-21 09:29:45 -08:00
John Benediktsson f79d61060e io.buffers: cleanup interface a bit. 2014-11-16 18:54:24 -08:00
John Benediktsson 8c58b99b1d Revert "openssl: define a startup-hook so that openssl initializes automatically" 
This reverts commit 981ea313a0.

Conflicts:
	basis/openssl/openssl.factor
 2014-08-05 12:14:53 -07:00
Doug Coleman 6ea98afc99 io.sockets.secure.openssl: We don't care what the error is as long as it fails. 2014-07-09 22:32:32 -07:00
Doug Coleman 59c5373263 io.sockets.secure: Another fix for cross-platform openssl. 2014-07-07 18:45:22 -07:00
Doug Coleman 075a86f5d9 io.sockets.secure: Move some code from secure.unix to secure.openssl. Add a hook for finding sockets to upgrade. 2014-07-07 18:34:41 -07:00
Björn Lindqvist 981ea313a0 openssl: define a startup-hook so that openssl initializes automatically 2014-06-06 14:12:09 -07:00
John Benediktsson e3323818cc io.sockets.secure.openssl: disable tests for now. 2014-04-22 08:16:53 -07:00
John Benediktsson 06912460b4 io.sockets.secure.openssl: use must-fail-with. 2014-04-22 07:41:23 -07:00
Björn Lindqvist 516ffcc311 io.sockets.secure.openssl.tests: more and better SSL_connect tests 
Better error handling so it should be easier to see why the tests fail
on the build server (#1036).
 2014-04-18 10:06:46 -07:00
Björn Lindqvist df3417c5b7 io.sockets.secure.openssl: more docs 2014-04-18 10:06:46 -07:00
Björn Lindqvist e473ef628d io.sockets.secure.openssl: big refactoring, all error handling merged into one check-ssl-error word 2014-04-18 10:06:46 -07:00
Doug Coleman d123f589f7 io.sockets.secure.openssl: Check error code in unit test. 2014-04-08 12:08:58 -07:00
Doug Coleman a02e8e3cda io.sockets.secure.openssl: Fix using list. 2014-04-02 23:11:52 -05:00
Björn Lindqvist f8387a08ae Merge: 
io.sockets.secure.windows: use non-blocking sockets to prevent
SSL_connect from blocking

On Windows, SSL_connect may hang forever if the server doesn't send any
data. To counteract that we temporarily set the socket non-blocking and
then call select in the wait-for-fd method.

Conflicts:
	basis/io/sockets/secure/openssl/openssl-tests.factor
 2014-04-02 12:16:51 -05:00
Björn Lindqvist 4d8f3e8a78 io.sockets.secure.openssl: do-ssl-connect needs to call wait-for-fd 2014-04-02 12:13:21 -05:00
Björn Lindqvist 753b2f0177 io.files: make wait-for-fd generic and dispatch depending on backend 
do-ssl-accept need to call wait-for-fd so it needs to be generic. On
windows it's a noop but on unix it will wait for the fd.
 2014-04-02 12:12:49 -05:00
Björn Lindqvist 6421af3401 io.sockets.secure.*: unification of lots of platform-independent code 
Code that is duplicated in the backends moved to
io.sockets.secure.openssl. The wait-for-fd verb used by do-ssl-accept
doesn't have any equivalent on Windows so that needs to be
implemented.
 2014-04-02 12:12:37 -05:00
Björn Lindqvist 39b13b6736 io.sockets.secure.openssl: guard against SSL_get_peer_certificate returning null 2014-03-06 18:41:37 +01:00
Doug Coleman a71e2d8060 io.sockets.secure.openssl: Fix docs. 2013-11-28 12:59:36 -06:00
Doug Coleman 4bcb356ba8 io.sockets.secure.openssl: libssl error is opaque, check that cert files 
exist in Factor beforehand so we can get a nicer error message.
Add missing USE: and neaten up the list.
 2013-11-16 15:59:31 -08:00
Björn Lindqvist 5f2238f7d4 io.sockets.secure.windows: secure socket implementation for windows, it works reasonably but certificate validation is not working correctly yet 2013-10-11 10:23:40 -07:00
Björn Lindqvist 729bd8a362 io.sockets.secure.openssl.tests: remove windows.winsock import and another test for subject-name 2013-10-11 10:23:40 -07:00
Björn Lindqvist ad627a1395 openssl.libssl: on windows the X509_* family of functions is in a 
different dll than the other functions in libssl
 2013-10-11 10:23:40 -07:00
John Benediktsson 32b07016b0 io.sockets.secure.openssl: some style improvements. 2013-09-16 17:24:31 -07:00
Björn Lindqvist c2fd5031e0 io.sockets.secure, io.sockets.secure.openssl: improved host name verification that takes into account a certificates subject alternative names. 2013-09-16 17:17:48 -07:00
Björn Lindqvist f4f60b8ba3 io.sockets.secure.openssl: support for getting issuer name 2013-09-16 17:17:47 -07:00
Doug Coleman 30673f65cf io.ports: More correct memory handling. There are still leaks in the tests... 2012-08-25 19:44:22 -07:00
Joe Groff 65c3259761 "cdecl" -> cdecl 2010-03-31 19:20:35 -07:00
Doug Coleman 1ff1e3f4bc add docs to 8-bit encodings vocabs, update usages 2009-11-12 18:36:20 -06:00
Doug Coleman 17f0a5d41a Merge branch 'master' of git://factorcode.org/git/factor 2009-10-28 17:26:23 -05:00
Doug Coleman e376a0ece2 (normalize-path) -> absolute-path, canonicalize-path -> resolve-symlinks 2009-10-28 17:25:50 -05:00
Joe Groff 935c0797c3 update existing code for [let change 2009-10-27 22:05:37 -05:00
Joe Groff e6bc708882 update openssl.libcrypto structs 2009-09-18 17:50:20 -05:00
Joe Groff 076ab42dc3 move some allocation words that don't really have much to do with c types out of alien.c-types into a new alien.data vocab 2009-09-17 22:36:05 -05:00
Slava Pestov 46045c882e Disposables are now registered in a global disposables set. To take advantage of this, subclass disposable instead of providing a disposed slot and call new-disposable instead of new. tools.disposables defines two words, 'disposable.' and 'leaks', to help track down resource lifetime problems 2009-08-24 02:26:13 -05:00
Doug Coleman 3f3d57032b Delete empty unit tests files, remove 1- and 1+, reorder IN: lines in a lot of places, minor refactoring 2009-08-13 19:21:44 -05:00
Slava Pestov be40bd33ee New initialize-alien word 2009-02-20 20:51:13 -06:00
Slava Pestov 79bb003e6d io.sockets.secure.openssl: Don't allocate empty password string. Fixes test failures introduced by >c-ptr change 2009-02-06 10:17:20 -06:00