steve
/
factor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
29,502 Commits
33 Branches
119 Tags
249 MiB
Commit Graph

110 Commits (dadff2f062dbb72e66eab24cc6e155b6f56fdff2)

Author SHA1 Message Date
Björn Lindqvist 0e7fd0340d io.sockets.secure.openssl.tests: fix so you dont get an error when test times out 2016-11-19 23:40:12 +01:00
Björn Lindqvist c6361436bf io.sockets.secure.openssl: set connected to t after do-ssl-accept 
This should prevent the SSL_shutdown:shutdown while in init error we've
been seeing
 2016-11-19 19:05:53 +01:00
Björn Lindqvist 1b7b7e8260 io.sockets.secure.openssl: second |dispose seem to be redundant 2016-11-19 18:04:17 +01:00
Alexander Iljin b35294eade io.sockets.secure-docs: update and add some documentation 2016-06-22 11:27:26 -07:00
Doug Coleman c7041fe96e io.sockets.secure.windows: Windows sockets are a bit confused. Make a word 
to get the handle out of two different paths. Probably needs more
refactoring but this makes it work.
 2016-06-02 11:07:19 -07:00
Doug Coleman 05083ba503 io.sockets.secure.windows: No need to call file>> because we have a 
win32-socket on the stack already.
 2016-06-02 10:56:50 -07:00
Doug Coleman b63aaff1c5 io.sockets.secure: (server) needs a method on secure for Windows too. Move the method to a vocab that both platforms load. 2016-06-02 10:25:11 -07:00
John Benediktsson 498285d7dd unicode: make this the API for all unicode things. 2016-03-30 23:29:48 -07:00
Doug Coleman d3bc2035a2 factor: remove rest of double paren words. 2016-03-25 03:13:27 -07:00
Doug Coleman bb7161a46f io.sockets.secure.windows: Add some code for loading the certificates on 
windows. Still disabled, and the CA certificates are duplicated.
 2016-03-13 16:11:45 -07:00
Doug Coleman 460555785c io.sockets.secure.openssl: Fix docs. 2016-03-13 01:45:52 -08:00
Doug Coleman df3f58ae61 io.sockets.secure.openssl: Fix subject-name-match? for wildcard domains. 
Also remove duplicate names before checking.
 2016-03-12 20:22:47 -08:00
Benjamin Pollack b0d62bcdc3 io.sockets.secure: add SNI support for Windows 
M: secure ((client)) is identical between Unix and Windows, so this probably
could be moved out of the platform-specific vocab, but doing it sanely would
require a refactor I'm not excited about, so punting on that for now.

Fixes #1551
 2016-03-12 09:27:31 -05:00
Doug Coleman a303637850 io.sockets.secure.windows: Try to fix compile error. 2016-03-05 02:57:39 -08:00
Doug Coleman c077ee91e9 openssl: More ciphers. 2016-03-04 18:42:35 +00:00
Doug Coleman 46c9143232 openssl: call SSL_CTX_set_ecdh_auto() for forward secrecy. 2016-03-04 10:05:09 -08:00
Doug Coleman 0bfe6ff826 openssl: support more protocols for forward secrecy. 2016-03-04 09:19:08 -08:00
Doug Coleman 3576c0930c openssl: Prefer tls1.2. Only use secure ciphers. 2016-03-04 09:15:12 -08:00
Benjamin Pollack e83e791a7a Do not attempt to set an SNI hostname on a server 2016-03-03 13:58:31 -08:00
Benjamin Pollack 62d1425971 Add SNI support to Factor 
Fixes #1527
 2016-03-03 09:48:20 -08:00
Benjamin Pollack bfd656df17 Dump everything before TLSv1 
All versions of SSL are deprecated and have major security issues. Just
kill the whole thing. If you want to deliberately expose yourself to
POODLE, you can do it on your own time.
 2016-03-01 19:43:06 -05:00
Doug Coleman 3f07cbd194 io.sockets.secure.openssl: Nuke RSA. 2016-03-01 14:02:47 -08:00
Benjamin Pollack 12af22f3ee openssl: only set RSA keys if required to do so 
Modern OpenSSL and LibreSSL both do not require SSL_CTX_set_tmp_rsa to
be called unless SSL_CTX_need_tmp_rsa returns true, and LibreSSL and
OpenSSL compiled with deprecation warnings both will fail if this
happens. This commit resolves that.

With this change, it becomes possible to use LibreSSL in place of
OpenSSL with Factor.
 2016-02-23 08:11:04 -05:00
Benjamin Pollack 8073c8a77e Update OpenSSL calls to work with LibreSSL/newer OpenSSL 
RSA_generate_key has been deprecated, and is not available in either
LibreSSL or newer OpenSSL that are not compiled with deprecated call
support. This commit switches to the still-supported
RSA_generate_key_ex, which is supported by both libraries.

Note that this is still insufficient for Factor to work under LibreSSL,
though we now get a call further than before.
 2016-02-22 14:21:39 -08:00
Björn Lindqvist 0a3b4b4872 io.sockets.secure.debug: use <test-secure-config> in some places 
the word can be reused in a few places when setting up ssl. it removes
some duplicated code
 2015-10-04 01:25:11 +02:00
John Benediktsson e477f6996f Fix comments to be ! not #!. 2015-09-08 16:15:10 -07:00
John Benediktsson ceb75057da change ERROR: words from throw-foo back to foo. 2015-08-13 16:13:05 -07:00
Doug Coleman b6be8685c3 basis: ERROR: changes. 2015-08-13 03:20:39 -07:00
John Benediktsson 5eec781b40 use ``if*`` instead of ``dup [ ] [ drop ] if``. 2015-07-20 22:24:30 -07:00
Doug Coleman 892c62e1dc factor: second stab at [ ] [ ] unit-test -> { } [ ] unit-test 2015-07-03 09:39:59 -07:00
Doug Coleman 59f3b1ea57 Revert "factor: rename [ ] [ ] unit-test -> { } [ ] unit-test using a refactoring tool!" 
Needs a bit more work.

This reverts commit 7e54cc2824.
 2015-07-02 13:47:06 -07:00
Doug Coleman 7e54cc2824 factor: rename [ ] [ ] unit-test -> { } [ ] unit-test using a refactoring tool! 2015-07-02 11:36:08 -07:00
Doug Coleman 999aa7c897 factor: clean up spaces in -tests files 2015-07-02 10:34:01 -07:00
John Benediktsson 39093727b1 libc: rename (io-error) to throw-errno. 2014-11-21 09:29:45 -08:00
John Benediktsson f79d61060e io.buffers: cleanup interface a bit. 2014-11-16 18:54:24 -08:00
John Benediktsson 8033741135 io/ui: slim down the USE: list 2014-10-24 17:33:27 -07:00
John Benediktsson 8c58b99b1d Revert "openssl: define a startup-hook so that openssl initializes automatically" 
This reverts commit 981ea313a0.

Conflicts:
	basis/openssl/openssl.factor
 2014-08-05 12:14:53 -07:00
Doug Coleman 6ea98afc99 io.sockets.secure.openssl: We don't care what the error is as long as it fails. 2014-07-09 22:32:32 -07:00
Doug Coleman 377180baf6 io.sockets.secure.windows: Fix using, remove duplication. 2014-07-07 21:44:40 -05:00
Doug Coleman 59c5373263 io.sockets.secure: Another fix for cross-platform openssl. 2014-07-07 18:45:22 -07:00
Doug Coleman 075a86f5d9 io.sockets.secure: Move some code from secure.unix to secure.openssl. Add a hook for finding sockets to upgrade. 2014-07-07 18:34:41 -07:00
Björn Lindqvist 981ea313a0 openssl: define a startup-hook so that openssl initializes automatically 2014-06-06 14:12:09 -07:00
John Benediktsson e3323818cc io.sockets.secure.openssl: disable tests for now. 2014-04-22 08:16:53 -07:00
John Benediktsson 06912460b4 io.sockets.secure.openssl: use must-fail-with. 2014-04-22 07:41:23 -07:00
Björn Lindqvist 516ffcc311 io.sockets.secure.openssl.tests: more and better SSL_connect tests 
Better error handling so it should be easier to see why the tests fail
on the build server (#1036).
 2014-04-18 10:06:46 -07:00
Björn Lindqvist df3417c5b7 io.sockets.secure.openssl: more docs 2014-04-18 10:06:46 -07:00
Björn Lindqvist e473ef628d io.sockets.secure.openssl: big refactoring, all error handling merged into one check-ssl-error word 2014-04-18 10:06:46 -07:00
Doug Coleman d123f589f7 io.sockets.secure.openssl: Check error code in unit test. 2014-04-08 12:08:58 -07:00
Doug Coleman a02e8e3cda io.sockets.secure.openssl: Fix using list. 2014-04-02 23:11:52 -05:00
Björn Lindqvist f8387a08ae Merge: 
io.sockets.secure.windows: use non-blocking sockets to prevent
SSL_connect from blocking

On Windows, SSL_connect may hang forever if the server doesn't send any
data. To counteract that we temporarily set the socket non-blocking and
then call select in the wait-for-fd method.

Conflicts:
	basis/io/sockets/secure/openssl/openssl-tests.factor
 2014-04-02 12:16:51 -05:00