Commit Graph

190 Commits

Author SHA1 Message Date
Anton Baklanov
c96ed22afd add basic test for Ctx session cache timeout/size options 2015-05-13 12:25:03 +03:00
Anton Baklanov
8d2efad227 add a few session cache options getters and setters 2015-05-12 22:18:27 +03:00
Phus Lu
175e155dd4 make CertificateInfo Serial type to *big.Int 2015-04-04 20:22:19 +08:00
JT Olds
84b5df4774 Merge pull request #29 from gabrielrussell/openssl-1.0.2_check
Only compile X509_check_* functions when building against openssl < 1.0.2
2015-03-09 14:47:02 -06:00
Gabriel Russell
9814818d06 Only compile X509_check_* functions when building against openssl < 1.0.2 2015-03-09 15:12:11 -04:00
Jeff
8feeee5748 Merge pull request #26 from scottjg/openssl-1.0.0-fix
fix compilation for later openssl
2015-03-04 12:56:00 -07:00
Scott J. Goldman
dfb921e960 fix compilation for later openssl
in later openssl, the key param in EVP_PKEY_assign changed from char* to
void*. causes this error:
../github.com/spacemonkeygo/openssl/key.go:324: cannot use
(*C.char)(unsafe.Pointer(rsa)) (type *C.char) as type unsafe.Pointer in
argument to _Cfunc_EVP_PKEY_assign
2015-02-24 05:33:55 -05:00
JT Olds
2c9a3f31d1 Merge pull request #23 from carlosmn/osx
OSX fixes
2015-01-22 17:16:51 -07:00
paul cannon
d0177cb6a7 Fix init'ing non-authenticated decryption contexts
As pointed out by ishbir in issue 24, the applyKeyAndIV function was
incorrectly always using EVP_EncryptInit_ex(), even when the underlying
context being initialized was for a decryption.

This change causes it to select the right initializer based on the
"encrypt" field in the EVP_CIPHER_CTX. A test is also added which
verifies a fix.

Closes #24.
2014-12-19 02:32:36 -06:00
Carlos Martín Nieto
20fdb1c664 Work with versions pickier about C types
Newer versions of Go (at least 1.4) do not like mixing C pointer
types. Cast an unsafe.Pointer to *C.char to make the compiler see
matching types.
2014-12-12 09:15:49 +01:00
Carlos Martín Nieto
2156e293c7 Hide deprecated declarations on OSX
We know that they've decided that OpenSSL is deprecated and the huge
list of warnings obscures any useful ones about the code we're actually
trying to build.
2014-12-12 09:05:38 +01:00
Carlos Martín Nieto
75f8149306 MacOSX does not have the TLSv1_X_method() functions
The header does define TLS1_X_VERSION, but the version-specific
functions are not available.
2014-12-12 08:55:33 +01:00
JT Olds
0e53dd5595 Merge pull request #22 from cfredmakecode/master
added diffie-hellman parameter functions. allows using DHE-* cipher suites
2014-12-11 17:38:54 -07:00
Christopher Fredericks
e370f5d276 added diffie-hellman parameter functions. allows using DHE-* cipher suites 2014-12-10 20:38:24 -05:00
JT Olds
ee399ccc2a Merge pull request #21 from lunixbochs/store
Add support for loading chains from a single PEM
2014-11-19 00:50:28 -07:00
Ryan Hileman
579612b5c0 add NewCert..Store(), LoadCert..sFromPEM() 2014-11-18 23:25:48 -08:00
Ryan Hileman
111569c406 add support for chains in ListenAndServeTLS 2014-11-18 23:25:48 -08:00
Ryan Hileman
9bed092d70 add pem.go with SplitPEM function 2014-11-18 23:25:48 -08:00
JT Olds
a6e28b4958 Merge pull request #18 from lunixbochs/keygen
restructure certs/keys; add key/cert generation
2014-11-18 21:57:17 -07:00
Ryan Hileman
1a2646cde3 improve GC handling (fixes #10) 2014-11-18 17:47:46 -08:00
Ryan Hileman
3945574fd1 restructure certs/keys; add key/cert generation
NID is also now an exposed type
2014-11-18 17:47:07 -08:00
JT Olds
aaf49c2d58 openssl: grave admonitions
Change-Id: I03fa44c36300404c1efd636c6bb48d4a25be83e4
2014-10-19 23:25:04 -06:00
Jeff Wendling
67e06b66c4 fix darwin build
since apple packages a really old openssl version, some of the constants
introduced recently were not present. on darwin, don't compile them in unless
explicititly asked for with the 'brew' build tag.

fixes #14
2014-10-09 11:25:36 -06:00
JT Olds
62e1937684 Merge pull request #13 from bramp/verify-result
Added support for SSL_get_verify_result(..)
2014-10-08 11:04:20 -06:00
Andrew Brampton
948f122871 Correctly formated my changes. 2014-10-08 09:25:03 -07:00
JT Olds
db59c1a898 Merge pull request #12 from bramp/cipher-name
Add SSL_get_cipher_name(...)
2014-10-08 01:09:43 -06:00
JT Olds
4d527ee8a3 Merge pull request #11 from bramp/options
Added support for NoTLSv1_1 and NoTLSv1_2, and allowed options to be cleared
2014-10-08 01:08:50 -06:00
Andrew Brampton
45882fc7a6 Added support for NoTLSv1_1 and NoTLSv1_2, and allowed options to be cleared. 2014-10-07 20:42:41 -07:00
Andrew Brampton
87a7e0f1c3 Add SSL_get_cipher_name(...) 2014-10-07 20:41:21 -07:00
Andrew Brampton
f13a5e0288 Added support for SSL_get_verify_result(..) 2014-10-07 20:09:48 -07:00
Andrew Harding
10dbddf4e6 use pkgconfig on windows too
Change-Id: I6596c63c7c3b4509ac01c57a37ed1279991da8dc
2014-08-15 17:26:29 -06:00
Andrew Harding
199abcbc27 windows mingw support
Change-Id: I4d1c1f7f990dce2d3f4727af6eb3b43fd7d186ee
2014-06-30 17:21:08 -06:00
Andrew Harding
11f8f384f4 fix taking address of first element of empty byte slice
Change-Id: I57efec6116b688bf1aaa5da34280f76a0d9ec882
2014-06-30 17:21:08 -06:00
JT
4eb00a0087 Merge pull request #5 from 9uuso/patch-1
fix mingw-w64 url path
2014-06-23 02:10:54 -06:00
Juuso Haavisto
33ba9ec4fd fix mingw-w64 url path
Currently the mingw path is relative and points to a directory in the Github repo. Adding http prefix makes the URL absolute, which I believe it's supposed to be.
2014-06-19 08:55:29 +03:00
Jeff
05477109fd make cbioFree not a go callback
i have reason to believe this breaks things
2014-05-28 20:23:19 -04:00
JT
2bf5553cf8 Merge pull request #2 from zowens/add_ecdh
Adding EnableECDH to Context
2014-05-21 10:15:57 -06:00
Zack Owens
f35adbfa78 Adding explicit curves and corresponding SSL context function 2014-05-21 11:58:32 -04:00
JT
64a7adcc54 Merge pull request #3 from thepaul/master
use CString with SetTlsExtHostName
2014-05-19 15:27:42 -06:00
paul cannon
8db626a560 use CString with SetTlsExtHostName
i guess we can't rely on there being a null byte after the memory for a
byte array. in retrospect it seems really stupid to think there would
be.

go me

Change-Id: I35ab6704cefbfbde064906aa682985574cb7e034
2014-05-15 12:58:28 -06:00
Zack Owens
45c85576f8 Adding EnableECDH to Context 2014-05-15 13:11:05 -04:00
JT Olds
1738273569 close wrapping conn if handshake fails 2014-05-15 11:00:49 -06:00
JT
af8071e04e Merge pull request #1 from zowens/add_chain
Adding AddChainCertificate func
2014-05-14 12:57:27 -06:00
Zack Owens
85a1dc3167 Adding AddChainCertificate func 2014-05-14 12:53:53 -04:00
JT Olds
0022daa4f4 case change
Change-Id: Ia5d0629bd2649f50b462994752029ac8a586a8da
2014-05-13 09:44:10 -06:00
JT Olds
cbf2fb6031 fix heading
Change-Id: I7588a4cb537f8963c0787a5bc02662fdfb5a9313
2014-05-12 11:49:29 -06:00
JT Olds
42391d89a5 add license
Change-Id: I4642fb9b97256ec6b3ffbe403272efc690bf1606
2014-05-09 15:38:13 -06:00
JT Olds
b364999a65 fix releasebuffers
Change-Id: I2aaeb8c5a411ef089b3a52a2ec7f0c8353d7dfd3
2014-04-30 14:47:50 -06:00
Jeff Wendling
1b3b1e773b allow building on default os x
since it doesn't have gcm stuff put it in a conditionally built
file.

Change-Id: I8083ff9b86b6fe0723fd21ffc77038b7679c97c7
2014-04-29 19:26:12 +00:00
JT Olds
3c41e85fc4 openssl: add sni to dial helper
Change-Id: Ibfa19f720987a7ba39e3a02c47d8e9f3fff925be
2014-04-29 10:43:01 -06:00