OpenSSL wrapper. Supports OpenSSL >= 1.1.0 dynamically (as default) or statically linked using --dynlibOverride:ssl.
-d:sslVersion=1.2.3 can be used to force an SSL version. This version must be included in the library name. -d:useOpenssl3 may be set for OpenSSL 3 instead.
There is also limited support for OpenSSL 1.0.x which may require -d:openssl10.
Build and test examples:
./bin/nim c -d:ssl -p:. -r tests/stdlib/tssl.nim ./bin/nim c -d:ssl --threads:on -p:. -r tests/stdlib/thttpclient_ssl.nim ./bin/nim c -d:ssl -p:. -r tests/untestable/tssl.nim ./bin/nim c -d:ssl -p:. --dynlibOverride:ssl --passl:-lcrypto --passl:-lssl -r tests/untestable/tssl.nim ./bin/nim r --putenv:NIM_TESTAMENT_REMOTE_NETWORKING:1 -d:ssl -p:testament/lib --threads:on tests/untestable/thttpclient_ssl_remotenetwork.nim
Types
DES_cblock = array[0 .. 7, int8]
- Source Edit
des_key_schedule = array[1 .. 16, des_ks_struct]
- Source Edit
des_ks_struct {.final.} = object ks*: DES_cblock weak_key*: cint
- Source Edit
PaddingType = enum RSA_PKCS1_PADDING = 1, RSA_SSLV23_PADDING = 2, RSA_NO_PADDING = 3, RSA_PKCS1_OAEP_PADDING = 4, RSA_X931_PADDING = 5, RSA_PKCS1_PSS_PADDING = 6
- Source Edit
PDES_cblock = ptr DES_cblock
- Source Edit
pem_password_cb = proc (buf: cstring; size, rwflag: cint; userdata: pointer): cint {. cdecl.}
- Source Edit
PskClientCallback = proc (ssl: SslPtr; hint: cstring; identity: cstring; max_identity_len: cuint; psk: ptr uint8; max_psk_len: cuint): cuint {.cdecl.}
- Source Edit
Consts
DLLSSLName = "(libssl-1_1-x64|ssleay64|libssl64).dll"
- Source Edit
DLLUtilName = "(libcrypto-1_1-x64|libeay64).dll"
- Source Edit
EVP_MAX_MD_SIZE = 36
- Source Edit
EVP_PKEY_RSA = 6
- Source Edit
MD5_CBLOCK = 64
- Source Edit
MD5_DIGEST_LENGTH = 16
- Source Edit
MD5_LBLOCK = 16
- Source Edit
SSL_CTRL_GET_FLAGS = 13
- Source Edit
SSL_CTRL_MODE = 33
- Source Edit
SSL_CTRL_OPTIONS = 32
- Source Edit
SSL_CTRL_SESS_HIT = 27
- Source Edit
SSL_CTRL_SET_MTU = 17
- Source Edit
SSL_ERROR_NONE = 0
- Source Edit
SSL_ERROR_SSL = 1
- Source Edit
SSL_OP_ALL = 0x000FFFFF
- Source Edit
SSL_OP_NO_SSLv2 = 0x01000000
- Source Edit
SSL_OP_NO_SSLv3 = 0x02000000
- Source Edit
SSL_OP_NO_TLSv1 = 0x04000000
- Source Edit
SSL_OP_NO_TLSv1_1 = 0x08000000
- Source Edit
SSL_ST_ACCEPT = 0x00002000
- Source Edit
SSL_ST_CONNECT = 0x00001000
- Source Edit
SSL_ST_INIT = 12288
- Source Edit
SSL_VERIFY_NONE = 0x00000000
- Source Edit
SSL_VERIFY_PEER = 0x00000001
- Source Edit
useOpenssl3 {.booldefine.} = false
- Source Edit
X509_V_ILLEGAL = 1
- Source Edit
Procs
proc BIO_do_connect(bio: BIO): int {....raises: [], tags: [], forbids: [].}
- Source Edit
proc BIO_do_handshake(bio: BIO): int {....raises: [], tags: [], forbids: [].}
- Source Edit
proc BIO_new_ssl_connect(ctx: SslCtx): BIO {.cdecl, dynlib: DLLSSLName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc bioCtrlPending(b: BIO): cint {.cdecl, dynlib: DLLUtilName, importc: "BIO_ctrl_pending", ...raises: [], tags: [], forbids: [].}
- Source Edit
proc bioFreeAll(b: BIO) {.cdecl, dynlib: DLLUtilName, importc: "BIO_free_all", ...raises: [], tags: [], forbids: [].}
- Source Edit
proc bioNew(b: PBIO_METHOD): BIO {.cdecl, dynlib: DLLUtilName, importc: "BIO_new", ...raises: [], tags: [], forbids: [].}
- Source Edit
proc bioSMem(): PBIO_METHOD {.cdecl, dynlib: DLLUtilName, importc: "BIO_s_mem", ...raises: [], tags: [], forbids: [].}
- Source Edit
proc CRYPTO_malloc_init() {....raises: [], tags: [], forbids: [].}
- Source Edit
proc ERR_get_error(): culong {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc ERR_load_BIO_strings() {....raises: [Exception], tags: [RootEffect], forbids: [].}
- Source Edit
proc ERR_peek_last_error(): culong {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc ERR_print_errors_fp(fp: File) {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc ErrClearError() {.cdecl, dynlib: DLLUtilName, importc: "ERR_clear_error", ...raises: [], tags: [], forbids: [].}
- Source Edit
proc ErrFreeStrings() {.cdecl, dynlib: DLLUtilName, importc: "ERR_free_strings", ...raises: [], tags: [], forbids: [].}
- Source Edit
proc ErrRemoveState(pid: cint) {.cdecl, dynlib: DLLUtilName, importc: "ERR_remove_state", ...raises: [], tags: [], forbids: [].}
- Source Edit
proc EVP_DigestFinal_ex(ctx: EVP_MD_CTX; buffer: pointer; size: ptr cuint): cint {. cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc EVP_DigestInit_ex(ctx: EVP_MD_CTX; typ: EVP_MD; engine: SslPtr = nil): cint {. cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc EVP_DigestSignFinal(ctx: EVP_MD_CTX; data: pointer; len: ptr csize_t): cint {. cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc EVP_DigestSignInit(ctx: EVP_MD_CTX; pctx: ptr EVP_PKEY_CTX; typ: EVP_MD; e: ENGINE; pkey: EVP_PKEY): cint {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc EVP_DigestUpdate(ctx: EVP_MD_CTX; data: pointer; len: cuint): cint {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc EVP_MD_CTX_cleanup(ctx: EVP_MD_CTX): cint {.cdecl, importc: "EVP_MD_CTX_cleanup", dynlib: DLLUtilName, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc EVP_MD_CTX_create(): EVP_MD_CTX {.cdecl, importc: "EVP_MD_CTX_new", dynlib: DLLUtilName, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc EVP_MD_CTX_destroy(ctx: EVP_MD_CTX) {.cdecl, importc: "EVP_MD_CTX_free", dynlib: DLLUtilName, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc EVP_md_null(): EVP_MD {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc EVP_MD_size(md: EVP_MD): cint {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc EVP_PKEY_CTX_free(pkeyCtx: EVP_PKEY_CTX) {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc EVP_PKEY_CTX_new(pkey: EVP_PKEY; e: ENGINE): EVP_PKEY_CTX {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc EVP_PKEY_free(p: EVP_PKEY) {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc EVP_PKEY_sign_init(c: EVP_PKEY_CTX): cint {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc EVP_ripemd160(): EVP_MD {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc EVP_sha224(): EVP_MD {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc EVP_sha256(): EVP_MD {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc EVP_sha384(): EVP_MD {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc EVP_sha512(): EVP_MD {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc EVP_whirlpool(): EVP_MD {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc getOpenSSLVersion(): culong {....raises: [Exception], tags: [RootEffect], forbids: [].}
- Return OpenSSL version as unsigned long or 0 if not available Source Edit
proc md5_Transform(c: var MD5_CTX; b: ptr uint8) {.importc: "MD5_Transform", ...raises: [], tags: [], forbids: [].}
- Source Edit
proc OpenSSL_add_all_algorithms() {....raises: [LibraryError, Exception], tags: [RootEffect], forbids: [].}
- Source Edit
proc OPENSSL_config(configName: cstring) {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc OPENSSL_sk_num(stack: PSTACK): int {.cdecl, dynlib: DLLSSLName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc PEM_read_bio_RSA_PUBKEY(bp: BIO; x: ptr PRSA; pw: pem_password_cb; u: pointer): PRSA {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc PEM_read_bio_RSAPrivateKey(bp: BIO; x: ptr PRSA; cb: pem_password_cb; u: pointer): PRSA {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc PEM_read_bio_RSAPublicKey(bp: BIO; x: ptr PRSA; cb: pem_password_cb; u: pointer): PRSA {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc PEM_read_RSA_PUBKEY(fp: pointer; x: ptr PRSA; cb: pem_password_cb; u: pointer): PRSA {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc PEM_read_RSAPrivateKey(fp: pointer; x: ptr PRSA; cb: pem_password_cb; u: pointer): PRSA {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc PEM_read_RSAPublicKey(fp: pointer; x: ptr PRSA; cb: pem_password_cb; u: pointer): PRSA {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc RSA_private_decrypt(flen: cint; fr: ptr uint8; to: ptr uint8; rsa: PRSA; padding: PaddingType): cint {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc RSA_private_encrypt(flen: cint; fr: ptr uint8; to: ptr uint8; rsa: PRSA; padding: PaddingType): cint {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc RSA_public_decrypt(flen: cint; fr: ptr uint8; to: ptr uint8; rsa: PRSA; padding: PaddingType): cint {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc RSA_public_encrypt(flen: cint; fr: ptr uint8; to: ptr uint8; rsa: PRSA; padding: PaddingType): cint {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc SSL_accept(ssl: SslPtr): cint {.cdecl, dynlib: DLLSSLName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc SSL_connect(ssl: SslPtr): cint {.cdecl, dynlib: DLLSSLName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc SSL_CTX_check_private_key(ctx: SslCtx): cint {.cdecl, dynlib: DLLSSLName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc SSL_CTX_free(arg0: SslCtx) {.cdecl, dynlib: DLLSSLName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc SSL_CTX_new(meth: PSSL_METHOD): SslCtx {.cdecl, dynlib: DLLSSLName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc SSL_CTX_set_psk_client_callback(ctx: SslCtx; callback: PskClientCallback) {. cdecl, dynlib: DLLSSLName, importc, ...raises: [], tags: [], forbids: [].}
- Set callback called when OpenSSL needs PSK (for client). Source Edit
proc SSL_CTX_set_psk_server_callback(ctx: SslCtx; callback: PskServerCallback) {. cdecl, dynlib: DLLSSLName, importc, ...raises: [], tags: [], forbids: [].}
- Set callback called when OpenSSL needs PSK (for server). Source Edit
proc SSL_CTX_set_tlsext_servername_callback(ctx: SslCtx; cb: proc (ssl: SslPtr; cb_id: int; arg: pointer): int {.cdecl.}): int {. ...raises: [], tags: [], forbids: [].}
-
Set the callback to be used on listening SSL connections when the client hello is received.
The callback should return one of:
- SSL_TLSEXT_ERR_OK
- SSL_TLSEXT_ERR_ALERT_WARNING
- SSL_TLSEXT_ERR_ALERT_FATAL
- SSL_TLSEXT_ERR_NOACK
proc SSL_get0_verified_chain(ssl: SslPtr): PSTACK {.cdecl, dynlib: DLLSSLName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc SSL_get_peer_certificate(ssl: SslCtx): PX509 {....raises: [LibraryError], tags: [RootEffect], forbids: [].}
- Source Edit
proc SSL_get_psk_identity(ssl: SslPtr): cstring {.cdecl, dynlib: DLLSSLName, importc, ...raises: [], tags: [], forbids: [].}
- Get PSK identity. Source Edit
proc SSL_get_servername(ssl: SslPtr; typ: cint = TLSEXT_NAMETYPE_host_name): cstring {. cdecl, dynlib: DLLSSLName, importc, ...raises: [], tags: [], forbids: [].}
- Retrieve the server name requested in the client hello. This can be used in the callback set in SSL_CTX_set_tlsext_servername_callback to implement virtual hosting. May return nil. Source Edit
proc SSL_get_shutdown(ssl: SslPtr): cint {.cdecl, dynlib: DLLSSLName, importc: "SSL_get_shutdown", ...raises: [], tags: [], forbids: [].}
- Source Edit
proc SSL_get_SSL_CTX(ssl: SslPtr): SslCtx {.cdecl, dynlib: DLLSSLName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc SSL_get_verify_result(ssl: SslPtr): int {.cdecl, dynlib: DLLSSLName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc SSL_in_init(ssl: SslPtr): cint {....raises: [LibraryError, Exception], tags: [RootEffect], forbids: [].}
- Source Edit
proc SSL_library_init(): cint {.discardable, ...raises: [LibraryError, Exception], tags: [RootEffect], forbids: [].}
- Initialize SSL using OPENSSL_init_ssl for OpenSSL >= 1.1.0 otherwise SSL_library_init Source Edit
proc SSL_load_error_strings() {....raises: [LibraryError, Exception], tags: [RootEffect], forbids: [].}
- Source Edit
proc SSL_pending(ssl: SslPtr): cint {.cdecl, dynlib: DLLSSLName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc SSL_set_fd(ssl: SslPtr; fd: SocketHandle): cint {.cdecl, dynlib: DLLSSLName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc SSL_set_shutdown(ssl: SslPtr; mode: cint) {.cdecl, dynlib: DLLSSLName, importc: "SSL_set_shutdown", ...raises: [], tags: [], forbids: [].}
- Source Edit
proc SSL_shutdown(ssl: SslPtr): cint {.cdecl, dynlib: DLLSSLName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc sslDoHandshake(ssl: SslPtr): cint {.cdecl, dynlib: DLLSSLName, importc: "SSL_do_handshake", ...raises: [], tags: [], forbids: [].}
- Source Edit
proc sslSetAcceptState(s: SslPtr) {.cdecl, dynlib: DLLSSLName, importc: "SSL_set_accept_state", ...raises: [], tags: [], forbids: [].}
- Source Edit
proc sslSetConnectState(s: SslPtr) {.cdecl, dynlib: DLLSSLName, importc: "SSL_set_connect_state", ...raises: [], tags: [], forbids: [].}
- Source Edit
proc SSLv2_method(): PSSL_METHOD {....raises: [LibraryError], tags: [RootEffect], forbids: [].}
- Source Edit
proc SSLv3_method(): PSSL_METHOD {....raises: [LibraryError], tags: [RootEffect], forbids: [].}
- Source Edit
proc SSLv23_client_method(): PSSL_METHOD {....raises: [LibraryError], tags: [RootEffect], forbids: [].}
- Source Edit
proc SSLv23_method(): PSSL_METHOD {....raises: [LibraryError], tags: [RootEffect], forbids: [].}
- Source Edit
proc TLS_client_method(): PSSL_METHOD {....raises: [LibraryError], tags: [RootEffect], forbids: [].}
- Source Edit
proc TLS_method(): PSSL_METHOD {....raises: [LibraryError], tags: [RootEffect], forbids: [].}
- Source Edit
proc TLS_server_method(): PSSL_METHOD {....raises: [LibraryError], tags: [RootEffect], forbids: [].}
- Source Edit
proc TLSv1_method(): PSSL_METHOD {.cdecl, dynlib: DLLSSLName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc X509_get_issuer_name(a: PX509): PX509_NAME {.cdecl, dynlib: DLLUtilName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc X509_get_subject_name(a: PX509): PX509_NAME {.cdecl, dynlib: DLLSSLName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc X509_NAME_oneline(a: PX509_NAME; buf: cstring; size: cint): cstring {. cdecl, dynlib: DLLSSLName, importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc X509_OBJECT_free(a: PX509_OBJECT) {.importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc X509_OBJECT_new(): PX509_OBJECT {.importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc X509_STORE_add_cert(ctx: PX509_STORE; x: PX509): cint {.importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc X509_STORE_free(v: PX509_STORE) {.importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc X509_STORE_lock(ctx: PX509_STORE): cint {.importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc X509_STORE_new(): PX509_STORE {.importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc X509_STORE_set_flags(ctx: PX509_STORE; flags: culong): cint {.importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc X509_STORE_set_purpose(ctx: PX509_STORE; purpose: cint): cint {.importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc X509_STORE_set_trust(ctx: PX509_STORE; trust: cint): cint {.importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc X509_STORE_unlock(ctx: PX509_STORE): cint {.importc, ...raises: [], tags: [], forbids: [].}
- Source Edit
proc X509_STORE_up_ref(v: PX509_STORE): cint {.importc, ...raises: [], tags: [], forbids: [].}
- Source Edit