godoc

2025-04-25 17:50:23 +08:00 · 2014-04-29 03:00:19 -06:00 · 2014-04-29 03:00:19 -06:00 · cd4183cd7c
commit cd4183cd7c
parent a7000f8add
4 changed files with 122 additions and 106 deletions
--- a/conn.go
+++ b/conn.go
@ -25,7 +25,7 @@ import (
 	"time"
 	"unsafe"

-	"code.spacemonkey.com/go/openssl/utils"
+	"github.com/SpaceMonkeyGo/openssl/utils"
 )

 var (
--- a/ctx.go
+++ b/ctx.go
@ -3,49 +3,54 @@

 package openssl

-//#include <openssl/crypto.h>
-//#include <openssl/ssl.h>
-//#include <openssl/err.h>
-//#include <openssl/conf.h>
-//
-//static long SSL_CTX_set_options_not_a_macro(SSL_CTX* ctx, long options) {
-//   return SSL_CTX_set_options(ctx, options);
-//}
-//
-//static long SSL_CTX_set_mode_not_a_macro(SSL_CTX* ctx, long modes) {
-//   return SSL_CTX_set_mode(ctx, modes);
-//}
-//
-//static long SSL_CTX_set_session_cache_mode_not_a_macro(SSL_CTX* ctx, long modes) {
-//   return SSL_CTX_set_session_cache_mode(ctx, modes);
-//}
-//
-//static int CRYPTO_add_not_a_macro(int *pointer,int amount,int type) {
-//   return CRYPTO_add(pointer, amount, type);
-//}
-//
-//#ifndef SSL_MODE_RELEASE_BUFFERS
-//#define SSL_MODE_RELEASE_BUFFERS 0
-//#endif
-//#ifndef SSL_OP_NO_COMPRESSION
-//#define SSL_OP_NO_COMPRESSION 0
-//#endif
-//static const SSL_METHOD *OUR_TLSv1_1_method() {
-//#ifdef TLS1_1_VERSION
-//    return TLSv1_1_method();
-//#else
-//    return NULL;
-//#endif
-//}
-//static const SSL_METHOD *OUR_TLSv1_2_method() {
-//#ifdef TLS1_2_VERSION
-//    return TLSv1_2_method();
-//#else
-//    return NULL;
-//#endif
-//}
-//
-//extern int verify_cb(int ok, X509_STORE_CTX* store);
+/*
+#include <openssl/crypto.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/conf.h>
+
+static long SSL_CTX_set_options_not_a_macro(SSL_CTX* ctx, long options) {
+   return SSL_CTX_set_options(ctx, options);
+}
+
+static long SSL_CTX_set_mode_not_a_macro(SSL_CTX* ctx, long modes) {
+   return SSL_CTX_set_mode(ctx, modes);
+}
+
+static long SSL_CTX_set_session_cache_mode_not_a_macro(SSL_CTX* ctx, long modes) {
+   return SSL_CTX_set_session_cache_mode(ctx, modes);
+}
+
+static int CRYPTO_add_not_a_macro(int *pointer,int amount,int type) {
+   return CRYPTO_add(pointer, amount, type);
+}
+
+#ifndef SSL_MODE_RELEASE_BUFFERS
+#define SSL_MODE_RELEASE_BUFFERS 0
+#endif
+
+#ifndef SSL_OP_NO_COMPRESSION
+#define SSL_OP_NO_COMPRESSION 0
+#endif
+
+static const SSL_METHOD *OUR_TLSv1_1_method() {
+#ifdef TLS1_1_VERSION
+    return TLSv1_1_method();
+#else
+    return NULL;
+#endif
+}
+
+static const SSL_METHOD *OUR_TLSv1_2_method() {
+#ifdef TLS1_2_VERSION
+    return TLSv1_2_method();
+#else
+    return NULL;
+#endif
+}
+
+extern int verify_cb(int ok, X509_STORE_CTX* store);
+*/
 import "C"

 import (
@ -56,13 +61,13 @@ import (
 	"runtime"
 	"unsafe"

-	space_log "code.spacemonkey.com/go/space/log"
+	"github.com/SpaceMonkeyGo/spacelog"
 )

 var (
 	ssl_ctx_idx = C.SSL_CTX_get_ex_new_index(0, nil, nil, nil, nil)

-	logger = space_log.GetLogger()
+	logger = spacelog.GetLogger()
 )

 type Ctx struct {
--- a/init.go
+++ b/init.go
@ -1,65 +1,76 @@
 // Copyright (C) 2014 Space Monkey, Inc.
 // +build cgo

-// Package openssl is a light wrapper around OpenSSL for Go.
-// It strives to provide a near-drop-in replacement for the Go standard library
-// tls package, while allowing for:
-//  * Performance - OpenSSL is battle-tested and optimized C. While Go's built-
-//    in library shows great promise, it is still young and in some places,
-//    inefficient. This simple OpenSSL wrapper can often do at least 2x with
-//    the same cipher and protocol.
-//
-//    On my lappytop, I get the following benchmarking speeds:
-//    BenchmarkSHA1Large_openssl      1000  2611282 ns/op  401.56 MB/s
-//    BenchmarkSHA1Large_stdlib        500  3963983 ns/op  264.53 MB/s
-//    BenchmarkSHA1Small_openssl   1000000     3476 ns/op    0.29 MB/s
-//    BenchmarkSHA1Small_stdlib    5000000      550 ns/op    1.82 MB/s
-//    BenchmarkSHA256Large_openssl     200  8085314 ns/op  129.69 MB/s
-//    BenchmarkSHA256Large_stdlib      100 18948189 ns/op   55.34 MB/s
-//    BenchmarkSHA256Small_openssl 1000000     4262 ns/op    0.23 MB/s
-//    BenchmarkSHA256Small_stdlib  1000000     1444 ns/op    0.69 MB/s
-//    BenchmarkOpenSSLThroughput    100000    21634 ns/op   47.33 MB/s
-//    BenchmarkStdlibThroughput      50000    58974 ns/op   17.36 MB/s
-//
-//  * Interoperability - many systems support OpenSSL with a variety of plugins
-//    and modules for things, such as hardware acceleration in embedded devices
-//
-//  * Greater flexibility and configuration - OpenSSL allows for far greater
-//    configuration of corner cases and backwards compatibility (such as
-//    support of SSLv2)
-//
-//  * Security - According to the author of the standard library's TLS
-//    implementation, Go's TLS library is vulnerable to timing attacks and has
-//    not received the same amount of scrutiny that OpenSSL has. While OpenSSL
-//    has indeed had security problems recently, the incentive to fix OpenSSL
-//    security problems is shared by many distributors and services, and
-//    OpenSSL is fixed quickly.
-//
-// Starting an HTTP server that uses OpenSSL is very easy. It's as simple as:
-//  log.Fatal(openssl.ListenAndServeTLS(
-//          ":8443", "my_server.crt", "my_server.key", myHandler))
-//
-// Getting a net.Listener that uses OpenSSL is also easy:
-//  ctx, err := openssl.NewCtxFromFiles("my_server.crt", "my_server.key")
-//  if err != nil {
-//          log.Fatal(err)
-//  }
-//  l, err := openssl.Listen("tcp", ":7777", ctx)
-//
-// Making a client connection is straightforward too:
-//  ctx, err := NewCtx()
-//  if err != nil {
-//          log.Fatal(err)
-//  }
-//  err = ctx.LoadVerifyLocations("/etc/ssl/certs/ca-certificates.crt", "")
-//  if err != nil {
-//          log.Fatal(err)
-//  }
-//  conn, err := openssl.Dial("tcp", "localhost:7777", ctx, 0)
-//
-// TODO/Help wanted: To get this library to work with net/http's client, we've
-//  had to fork net/http. It would be nice if an alternate http client library
-//  supported the generality needed to use OpenSSL instead of crypto/tls.
+/*
+Package openssl is a light wrapper around OpenSSL for Go.
+
+It strives to provide a near-drop-in replacement for the Go standard library
+tls package, while allowing for:
+
+Performance
+
+OpenSSL is battle-tested and optimized C. While Go's built-in library shows
+great promise, it is still young and in some places, inefficient. This simple
+OpenSSL wrapper can often do at least 2x with the same cipher and protocol.
+
+On my lappytop, I get the following benchmarking speeds:
+  BenchmarkSHA1Large_openssl      1000  2611282 ns/op  401.56 MB/s
+  BenchmarkSHA1Large_stdlib        500  3963983 ns/op  264.53 MB/s
+  BenchmarkSHA1Small_openssl   1000000     3476 ns/op    0.29 MB/s
+  BenchmarkSHA1Small_stdlib    5000000      550 ns/op    1.82 MB/s
+  BenchmarkSHA256Large_openssl     200  8085314 ns/op  129.69 MB/s
+  BenchmarkSHA256Large_stdlib      100 18948189 ns/op   55.34 MB/s
+  BenchmarkSHA256Small_openssl 1000000     4262 ns/op    0.23 MB/s
+  BenchmarkSHA256Small_stdlib  1000000     1444 ns/op    0.69 MB/s
+  BenchmarkOpenSSLThroughput    100000    21634 ns/op   47.33 MB/s
+  BenchmarkStdlibThroughput      50000    58974 ns/op   17.36 MB/s
+
+Interoperability
+
+Many systems support OpenSSL with a variety of plugins and modules for things,
+such as hardware acceleration in embedded devices.
+
+Greater flexibility and configuration
+
+OpenSSL allows for far greater configuration of corner cases and backwards
+compatibility (such as support of SSLv2). You shouldn't be using SSLv2 if you
+can help but, but sometimes you can't help it.
+
+Security
+
+Yeah yeah, Heartbleed. But according to the author of the standard library's
+TLS implementation, Go's TLS library is vulnerable to timing attacks. And
+whether or not OpenSSL received the appropriate amount of scrutiny
+pre-Heartbleed, it sure is receiving it now.
+
+Usage
+
+Starting an HTTP server that uses OpenSSL is very easy. It's as simple as:
+  log.Fatal(openssl.ListenAndServeTLS(
+        ":8443", "my_server.crt", "my_server.key", myHandler))
+
+Getting a net.Listener that uses OpenSSL is also easy:
+  ctx, err := openssl.NewCtxFromFiles("my_server.crt", "my_server.key")
+  if err != nil {
+          log.Fatal(err)
+  }
+  l, err := openssl.Listen("tcp", ":7777", ctx)
+
+Making a client connection is straightforward too:
+  ctx, err := NewCtx()
+  if err != nil {
+          log.Fatal(err)
+  }
+  err = ctx.LoadVerifyLocations("/etc/ssl/certs/ca-certificates.crt", "")
+  if err != nil {
+          log.Fatal(err)
+  }
+  conn, err := openssl.Dial("tcp", "localhost:7777", ctx, 0)
+
+Help wanted: To get this library to work with net/http's client, we
+had to fork net/http. It would be nice if an alternate http client library
+supported the generality needed to use OpenSSL instead of crypto/tls.
+*/
 package openssl

 /*
--- a/ssl_test.go
+++ b/ssl_test.go
@ -13,7 +13,7 @@ import (
 	"testing"
 	"time"

-	"code.spacemonkey.com/go/openssl/utils"
+	"github.com/SpaceMonkeyGo/openssl/utils"
 )

 var (