fixes SSL version check logic [backport] (#21324)

* fixed version check logic [backport] * add ciphersuites * debug nimble * fixes returns omission * finally * remove debug message * add ciphersuites --------- Co-authored-by: Araq <rumpf_a@web.de>
2025-12-28 17:04:41 +00:00 · 2023-02-02 23:44:14 +08:00
parent 43b1b9d077
commit 17115cbc73
4 changed files with 8 additions and 8 deletions
--- a/lib/pure/asynchttpserver.nim
+++ b/lib/pure/asynchttpserver.nim
@@ -158,7 +158,7 @@ proc parseProtocol(protocol: string): tuple[orig: string, major, minor: int] =
 proc sendStatus(client: AsyncSocket, status: string): Future[void] =
  client.send("HTTP/1.1 " & status & "\c\L\c\L")

-func hasChunkedEncoding(request: Request): bool = 
+func hasChunkedEncoding(request: Request): bool =
  ## Searches for a chunked transfer encoding
  const transferEncoding = "Transfer-Encoding"

@@ -300,7 +300,7 @@ proc processRequest(
    while true:
      lineFut.mget.setLen(0)
      lineFut.clean()
-      
+
      # The encoding format alternates between specifying a number of bytes to read
      # and the data to be read, of the previously specified size
      if sizeOrData mod 2 == 0:
--- a/lib/pure/net.nim
+++ b/lib/pure/net.nim
@@ -621,7 +621,7 @@ when defineSsl:

  proc newContext*(protVersion = protSSLv23, verifyMode = CVerifyPeer,
                   certFile = "", keyFile = "", cipherList = CiphersIntermediate,
-                   caDir = "", caFile = ""): SslContext =
+                   caDir = "", caFile = "", ciphersuites = CiphersModern): SslContext =
    ## Creates an SSL context.
    ##
    ## Protocol version is currently ignored by default and TLS is used.
@@ -675,10 +675,10 @@ when defineSsl:
      raiseSSLError()
    when not defined(openssl10) and not defined(libressl):
      let sslVersion = getOpenSSLVersion()
-      if sslVersion >= 0x010101000 and not sslVersion == 0x020000000:
+      if sslVersion >= 0x010101000 and sslVersion != 0x020000000:
        # In OpenSSL >= 1.1.1, TLSv1.3 cipher suites can only be configured via
        # this API.
-        if newCTX.SSL_CTX_set_ciphersuites(cipherList) != 1:
+        if newCTX.SSL_CTX_set_ciphersuites(ciphersuites) != 1:
          raiseSSLError()
    # Automatically the best ECDH curve for client exchange. Without this, ECDH
    # ciphers will be ignored by the server.
--- a/lib/pure/unicode.nim
+++ b/lib/pure/unicode.nim
@@ -887,7 +887,7 @@ proc reversed*(s: openArray[char]): string =

 proc graphemeLen*(s: openArray[char]; i: Natural): Natural =
  ## The number of bytes belonging to byte index ``s[i]``,
-  ## including following combining code unit.
+  ## including following combining code units.
  runnableExamples:
    let a = "añyóng"
    doAssert a.graphemeLen(1) == 2 ## ñ
--- a/lib/wrappers/openssl.nim
+++ b/lib/wrappers/openssl.nim
@@ -467,10 +467,10 @@ else:
      raiseInvalidLibrary MainProc

  proc SSL_CTX_set_ciphersuites*(ctx: SslCtx, str: cstring): cint =
-    var theProc {.global.}: proc(ctx: SslCtx, str: cstring) {.cdecl, gcsafe.}
+    var theProc {.global.}: proc(ctx: SslCtx, str: cstring): cint {.cdecl, gcsafe.}
    if theProc.isNil:
      theProc = cast[typeof(theProc)](sslSymThrows("SSL_CTX_set_ciphersuites"))
-    theProc(ctx, str)
+    result = theProc(ctx, str)

 proc SSL_new*(context: SslCtx): SslPtr{.cdecl, dynlib: DLLSSLName, importc.}
 proc SSL_free*(ssl: SslPtr){.cdecl, dynlib: DLLSSLName, importc.}