Added an openssl wrapper, ssl module and smtp module.

lib/impure/ssl.nim

@@ -0,0 +1,81 @@
+#
+#
+#            Nimrod's Runtime Library
+#        (c) Copyright 2010 Dominik Picheta
+#
+#    See the file "copying.txt", included in this
+#    distribution, for details about the copyright.
+#
+
+## This module provides an easy to use sockets-style nimrod interface to the OpenSSL library.
+
+import openssl, strutils, os
+
+type
+  TSecureSocket* = object
+    ssl: PSSL
+    bio: PBIO
+
+proc connect*(sock: var TSecureSocket, address: string, port: int, certResult: var Int) =
+  ## Connects to the specified `address` on the specified `port`. `certResult` will become the result of the certificate validation.
+  SslLoadErrorStrings()
+  ERR_load_BIO_strings()
+  
+  assert(SSL_library_init() == 1)
+  
+  var ctx = SSL_CTX_new(SSLv23_client_method())
+  if ctx == nil:
+    ERR_print_errors_fp(stderr)
+    assert(False)
+    
+  #if SSL_CTX_load_verify_locations(ctx, "/tmp/openssl-0.9.8e/certs/vsign1.pem", NIL) == 0:
+  #  echo("Failed load verify locations")
+  #  ERR_print_errors_fp(stderr)
+  
+  sock.bio = BIO_new_ssl_connect(ctx)
+  assert(BIO_get_ssl(sock.bio, addr(sock.ssl)) != 0)
+
+  assert(BIO_set_conn_hostname(sock.bio, address & ":" & $port) == 1)
+  
+  if BIO_do_connect(sock.bio) <= 0:
+    ERR_print_errors_fp(stderr)
+    OSError()
+  
+  certResult = SSL_get_verify_result(sock.ssl)
+
+proc recvLine*(sock: TSecureSocket, line: var String): bool =
+  ## Acts in a similar fashion to the `recvLine` in the sockets module.
+  ## Returns false when no data is available to be read.
+  ## `Line` must be initialized and not nil!
+  setLen(line, 0)
+  while True:
+    var c: array[0..0, char]
+    var n = BIO_read(sock.bio, c, c.len)
+    if n <= 0: return False
+    if c[0] == '\r':
+      n = BIO_read(sock.bio, c, c.len)
+      if n > 0 and c[0] == '\L':
+        return True
+      elif n <= 0:
+        return False
+    elif c[0] == '\L': return True
+    add(line, c)
+
+
+proc send*(sock: TSecureSocket, data: string) =
+  ## Writes `data` to the socket.
+  if BIO_write(sock.bio, data, data.len()) <= 0:
+    OSError()
+
+when isMainModule:
+  var s: TSecureSocket
+  echo connect(s, "smtp.gmail.com", 465)
+  
+  #var buffer: array[0..255, char]
+  #echo BIO_read(bio, buffer, buffer.len)
+  var buffer: string = ""
+  
+  echo s.recvLine(buffer)
+  echo buffer 
+  echo buffer.len
+  

lib/pure/smtp.nim

@@ -0,0 +1,176 @@
+#
+#
+#            Nimrod's Runtime Library
+#        (c) Copyright 2010 Dominik Picheta
+#
+#    See the file "copying.txt", included in this
+#    distribution, for details about the copyright.
+#
+
+## This module implements the SMTP client protocol as specified by RFC 5321, 
+## this can be used to send mail to any SMTP Server.
+## 
+## This module also implements the protocol used to format messages, as specified by RFC 2822.
+## 
+## Example gmail use:
+## 
+## 
+## .. code-block:: Nimrod
+##   var msg = createMessage("Hello from Nimrod's SMTP", "Hello!.\n Is this awesome or what?", @["foo@gmail.com"])
+##   var smtp = connect("smtp.gmail.com", 465, True, True)
+##   smtp.auth("username", "password")
+##   smtp.sendmail("username@gmail.com", @["foo@gmail.com"], $msg)
+##   
+
+import sockets, strutils, strtabs, ssl, base64
+
+type
+  TSMTP* = object
+    sock: TSocket
+    sslSock: TSecureSocket
+    ssl: Bool
+    debug: Bool
+  
+  TMessage* = object
+    msgTo: seq[String]
+    msgCc: seq[String]
+    msgSubject: String
+    msgOtherHeaders: PStringTable
+    msgBody: String
+  
+  EInvalidReply* = object of EBase
+  
+proc debugSend(smtp: TSMTP, cmd: String) =
+  if smtp.debug:
+    echo("C:" & cmd)
+  if not smtp.ssl:
+    smtp.sock.send(cmd)
+  else:
+    smtp.sslSock.send(cmd)
+
+proc debugRecv(smtp: TSMTP): String =
+  var line = ""
+  var ret = False
+  if not smtp.ssl:
+    ret = smtp.sock.recvLine(line)
+  else:
+    ret = smtp.sslSock.recvLine(line)
+  if ret:
+    if smtp.debug:
+      echo("S:" & line)
+    return line
+  else:
+    echo("S-Warning: recvLine failed.")
+    return ""
+
+proc quitExcpt(smtp: TSMTP, msg: String) =
+  smtp.debugSend("QUIT")
+  raise newException(EInvalidReply, msg)
+
+proc checkReply(smtp: TSMTP, reply: string) =
+  var line = smtp.debugRecv()
+  if not line.startswith(reply):
+    quitExcpt(smtp, "Expected " & reply & " reply, got: " & line)
+
+proc connect*(address: String, port: int = 25, ssl: bool = False, debug: bool = False): TSMTP =
+  ## Establishes a connection with a SMTP server.
+  ## May fail with EInvalidReply or with a socket errors.
+
+  if not ssl:
+    result.sock = socket()
+    result.sock.connect(address, TPort(port))
+  else:
+    result.ssl = True
+    var certResult: int
+    result.sslSock.connect(address, port, certResult)
+  
+  result.debug = debug
+  
+  result.checkReply("220")
+  result.debugSend("HELO " & address & "\c\L")
+  result.checkReply("250")
+
+proc auth*(smtp: TSMTP, username, password: string) =
+  ## Sends an AUTH command to the server to login as the `username` using `password`.
+  ## May fail with EInvalidReply.
+
+  smtp.debugSend("AUTH LOGIN\c\L")
+  smtp.checkReply("334") # TODO: Check whether it's asking for the "Username:"
+                         # i.e "334 VXNlcm5hbWU6"
+  smtp.debugSend(encode(username) & "\c\L")
+  smtp.checkReply("334") # TODO: Same as above, only "Password:" (I think?)
+  
+  smtp.debugSend(encode(password) & "\c\L")
+  smtp.checkReply("235") # Check whether the authentification was successful.
+
+proc sendmail*(smtp: TSMTP, fromaddr: string, toaddrs: seq[string], msg: string) =
+  ## Sends `msg` from `fromaddr` to `toaddr`. 
+  ## Messages may be formed using ``createMessage`` by converting the TMessage into a string.
+
+  smtp.debugSend("MAIL FROM:<" & fromaddr & ">\c\L")
+  smtp.checkReply("250")
+  for address in items(toaddrs):
+    smtp.debugSend("RCPT TO:<" & address & ">\c\L")
+    smtp.checkReply("250")
+  
+  # Send the message
+  smtp.debugSend("DATA " & "\c\L")
+  smtp.checkReply("354")
+  smtp.debugSend(msg & "\c\L")
+  smtp.debugSend(".\c\L")
+  smtp.checkReply("250")
+  
+  # quit
+  smtp.debugSend("QUIT\c\L")
+
+proc createMessage*(mSubject, mBody: String, mTo, mCc: seq[String],
+                    otherHeaders: openarray[tuple[name, value: String]]): TMessage =
+  ## Creates a new MIME compliant message.
+  result.msgTo = mTo
+  result.msgCc = mCc
+  result.msgSubject = mSubject
+  result.msgBody = mBody
+  result.msgOtherHeaders = newStringTable()
+  for n, v in items(otherHeaders):
+    result.msgOtherHeaders[n] = v
+
+proc createMessage*(mSubject, mBody: String, mTo, mCc: seq[String] = @[]): TMessage =
+  ## Alternate version of the above.
+  result.msgTo = mTo
+  result.msgCc = mCc
+  result.msgSubject = mSubject
+  result.msgBody = mBody
+  result.msgOtherHeaders = newStringTable()
+
+proc `$`*(msg: TMessage): String =
+  result = ""
+  if msg.msgTo.len() > 0:
+    result = "TO: " & msg.msgTo.join(", ") & "\c\L"
+  if msg.msgCc.len() > 0:
+    result.add("CC: " & msg.msgTo.join(", ") & "\c\L")
+  # TODO: Folding? i.e when a line is too long, shorten it...
+  result.add("Subject: " & msg.msgSubject & "\c\L")
+  for key, value in pairs(msg.msgOtherHeaders):
+    result.add(key & ": " & value & "\c\L")
+
+  result.add("\c\L" & msg.msgBody)
+  
+
+when isMainModule:
+  #var msg = createMessage("Test subject!", "Hello, my name is dom96.\n What\'s yours?", @["dominik@localhost"])
+  #echo(msg)
+
+  #var smtp = connect("localhost", 25, False, True)
+  #smtp.sendmail("root@localhost", @["dominik@localhost"], $msg)
+  
+  #echo(decode("a17sm3701420wbe.12"))
+  
+  var msg = createMessage("Hello from Nimrod's SMTP!", "Hello!!!!.\n Is this awesome or what?", @["someone@yahoo.com", "someone@gmail.com"])
+  echo(msg)
+
+  var smtp = connect("smtp.gmail.com", 465, True, True)
+  smtp.auth("someone", "password")
+  smtp.sendmail("someone@gmail.com", @["someone@yahoo.com", "someone@gmail.com"], $msg)
+  
+  
+

lib/wrappers/openssl.nim

@@ -0,0 +1,386 @@
+#==============================================================================#
+# Project: Ararat Synapse                                        | 003.004.001 #
+#==============================================================================#
+# Content: SSL support by OpenSSL                                              #
+#==============================================================================#
+# Copyright (c)1999-2005, Lukas Gebauer                                        #
+# All rights reserved.                                                         #
+#                                                                              #
+# Redistribution and use in source and binary forms, with or without           #
+# modification, are permitted provided that the following conditions are met:  #
+#                                                                              #
+# Redistributions of source code must retain the above copyright notice, this  #
+# list of conditions and the following disclaimer.                             #
+#                                                                              #
+# Redistributions in binary form must reproduce the above copyright notice,    #
+# this list of conditions and the following disclaimer in the documentation    #
+# and/or other materials provided with the distribution.                       #
+#                                                                              #
+# Neither the name of Lukas Gebauer nor the names of its contributors may      #
+# be used to endorse or promote products derived from this software without    #
+# specific prior written permission.                                           #
+#                                                                              #
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"  #
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE    #
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE   #
+# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR  #
+# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL       #
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR   #
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER   #
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT           #
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY    #
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH  #
+# DAMAGE.                                                                      #
+#==============================================================================#
+# The Initial Developer of the Original Code is Lukas Gebauer (Czech Republic).#
+# Portions created by Lukas Gebauer are Copyright (c)2002-2005.                #
+# All Rights Reserved.                                                         #
+#==============================================================================#
+
+## OpenSSL support
+
+when defined(WINDOWS): 
+  const 
+    DLLSSLName = "(ssleay32|libssl32).dll"
+    DLLUtilName = "libeay32.dll"
+else:
+  const
+    versions = "(|.0.9.9|.0.9.8|.0.9.7|.0.9.6|.0.9.5|.0.9.4|.0.9.3|.0.9.2)"
+  when defined(posix):
+    const 
+      DLLSSLName = "libssl.so" & versions
+      DLLUtilName = "libcrypto.so" & versions
+  else: 
+    const 
+      DLLSSLName = "libssl.dylib" & versions
+      DLLUtilName = "libcrypto.dylib" & versions
+
+type 
+  SslStruct {.final, pure.} = object
+  SslPtr* = ptr SslStruct
+  PSslPtr* = ptr SslPtr
+  PSSL_CTX* = SslPtr
+  PSSL* = SslPtr
+  PSSL_METHOD* = SslPtr
+  PX509* = SslPtr
+  PX509_NAME* = SslPtr
+  PEVP_MD* = SslPtr
+  PBIO_METHOD* = SslPtr
+  PBIO* = SslPtr
+  EVP_PKEY* = SslPtr
+  PRSA* = SslPtr
+  PASN1_UTCTIME* = SslPtr
+  PASN1_cInt* = SslPtr
+  PPasswdCb* = SslPtr
+  PFunction* = proc ()
+  DES_cblock* = array[0..7, int8]
+  PDES_cblock* = ptr DES_cblock
+  des_ks_struct*{.final.} = object 
+    ks*: DES_cblock
+    weak_key*: cInt
+
+  des_key_schedule* = array[1..16, des_ks_struct]
+
+const 
+  EVP_MAX_MD_SIZE* = 16 + 20
+  SSL_ERROR_NONE* = 0
+  SSL_ERROR_SSL* = 1
+  SSL_ERROR_WANT_READ* = 2
+  SSL_ERROR_WANT_WRITE* = 3
+  SSL_ERROR_WANT_X509_LOOKUP* = 4
+  SSL_ERROR_SYSCALL* = 5      #look at error stack/return value/errno
+  SSL_ERROR_ZERO_RETURN* = 6
+  SSL_ERROR_WANT_CONNECT* = 7
+  SSL_ERROR_WANT_ACCEPT* = 8
+  SSL_CTRL_NEED_TMP_RSA* = 1
+  SSL_CTRL_SET_TMP_RSA* = 2
+  SSL_CTRL_SET_TMP_DH* = 3
+  SSL_CTRL_SET_TMP_ECDH* = 4
+  SSL_CTRL_SET_TMP_RSA_CB* = 5
+  SSL_CTRL_SET_TMP_DH_CB* = 6
+  SSL_CTRL_SET_TMP_ECDH_CB* = 7
+  SSL_CTRL_GET_SESSION_REUSED* = 8
+  SSL_CTRL_GET_CLIENT_CERT_REQUEST* = 9
+  SSL_CTRL_GET_NUM_RENEGOTIATIONS* = 10
+  SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS* = 11
+  SSL_CTRL_GET_TOTAL_RENEGOTIATIONS* = 12
+  SSL_CTRL_GET_FLAGS* = 13
+  SSL_CTRL_EXTRA_CHAIN_CERT* = 14
+  SSL_CTRL_SET_MSG_CALLBACK* = 15
+  SSL_CTRL_SET_MSG_CALLBACK_ARG* = 16 # only applies to datagram connections  
+  SSL_CTRL_SET_MTU* = 17      # Stats  
+  SSL_CTRL_SESS_NUMBER* = 20
+  SSL_CTRL_SESS_CONNECT* = 21
+  SSL_CTRL_SESS_CONNECT_GOOD* = 22
+  SSL_CTRL_SESS_CONNECT_RENEGOTIATE* = 23
+  SSL_CTRL_SESS_ACCEPT* = 24
+  SSL_CTRL_SESS_ACCEPT_GOOD* = 25
+  SSL_CTRL_SESS_ACCEPT_RENEGOTIATE* = 26
+  SSL_CTRL_SESS_HIT* = 27
+  SSL_CTRL_SESS_CB_HIT* = 28
+  SSL_CTRL_SESS_MISSES* = 29
+  SSL_CTRL_SESS_TIMEOUTS* = 30
+  SSL_CTRL_SESS_CACHE_FULL* = 31
+  SSL_CTRL_OPTIONS* = 32
+  SSL_CTRL_MODE* = 33
+  SSL_CTRL_GET_READ_AHEAD* = 40
+  SSL_CTRL_SET_READ_AHEAD* = 41
+  SSL_CTRL_SET_SESS_CACHE_SIZE* = 42
+  SSL_CTRL_GET_SESS_CACHE_SIZE* = 43
+  SSL_CTRL_SET_SESS_CACHE_MODE* = 44
+  SSL_CTRL_GET_SESS_CACHE_MODE* = 45
+  SSL_CTRL_GET_MAX_CERT_LIST* = 50
+  SSL_CTRL_SET_MAX_CERT_LIST* = 51 #* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
+                                   # * when just a single record has been written): *
+  SSL_MODE_ENABLE_PARTIAL_WRITE* = 1 #* Make it possible to retry SSL_write() with changed buffer location
+                                     # * (buffer contents must stay the same!); this is not the default to avoid
+                                     # * the misconception that non-blocking SSL_write() behaves like
+                                     # * non-blocking write(): *
+  SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER* = 2 #* Never bother the application with retries if the transport
+                                           # * is blocking: *
+  SSL_MODE_AUTO_RETRY* = 4    #* Don't attempt to automatically build certificate chain *
+  SSL_MODE_NO_AUTO_CHAIN* = 8
+  SSL_OP_NO_SSLv2* = 0x01000000
+  SSL_OP_NO_SSLv3* = 0x02000000
+  SSL_OP_NO_TLSv1* = 0x04000000
+  SSL_OP_ALL* = 0x000FFFFF
+  SSL_VERIFY_NONE* = 0x00000000
+  SSL_VERIFY_PEER* = 0x00000001
+  OPENSSL_DES_DECRYPT* = 0
+  OPENSSL_DES_ENCRYPT* = 1
+  X509_V_OK* = 0
+  X509_V_ILLEGAL* = 1
+  X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT* = 2
+  X509_V_ERR_UNABLE_TO_GET_CRL* = 3
+  X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE* = 4
+  X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE* = 5
+  X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY* = 6
+  X509_V_ERR_CERT_SIGNATURE_FAILURE* = 7
+  X509_V_ERR_CRL_SIGNATURE_FAILURE* = 8
+  X509_V_ERR_CERT_NOT_YET_VALID* = 9
+  X509_V_ERR_CERT_HAS_EXPIRED* = 10
+  X509_V_ERR_CRL_NOT_YET_VALID* = 11
+  X509_V_ERR_CRL_HAS_EXPIRED* = 12
+  X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD* = 13
+  X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD* = 14
+  X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD* = 15
+  X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD* = 16
+  X509_V_ERR_OUT_OF_MEM* = 17
+  X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT* = 18
+  X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN* = 19
+  X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY* = 20
+  X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE* = 21
+  X509_V_ERR_CERT_CHAIN_TOO_LONG* = 22
+  X509_V_ERR_CERT_REVOKED* = 23
+  X509_V_ERR_INVALID_CA* = 24
+  X509_V_ERR_PATH_LENGTH_EXCEEDED* = 25
+  X509_V_ERR_INVALID_PURPOSE* = 26
+  X509_V_ERR_CERT_UNTRUSTED* = 27
+  X509_V_ERR_CERT_REJECTED* = 28 #These are 'informational' when looking for issuer cert
+  X509_V_ERR_SUBJECT_ISSUER_MISMATCH* = 29
+  X509_V_ERR_AKID_SKID_MISMATCH* = 30
+  X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH* = 31
+  X509_V_ERR_KEYUSAGE_NO_CERTSIGN* = 32
+  X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER* = 33
+  X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION* = 34 #The application is not happy
+  X509_V_ERR_APPLICATION_VERIFICATION* = 50
+  SSL_FILETYPE_ASN1* = 2
+  SSL_FILETYPE_PEM* = 1
+  EVP_PKEY_RSA* = 6           # libssl.dll
+  
+  BIO_C_SET_CONNECT = 100
+  BIO_C_DO_STATE_MACHINE = 101
+  BIO_C_GET_SSL = 110
+
+proc SSL_library_init*(): cInt{.cdecl, dynlib: DLLSSLName, importc.}
+proc SSL_load_error_strings*(){.cdecl, dynlib: DLLSSLName, importc.}
+proc ERR_load_BIO_strings*(){.cdecl, dynlib: DLLSSLName, importc.}
+
+proc SSLv23_client_method*(): PSSL_METHOD{.cdecl, dynlib: DLLSSLName, importc.}
+
+proc SSL_CTX_new*(meth: PSSL_METHOD): PSSL_CTX{.cdecl, dynlib: DLLSSLName, importc.}
+proc SSL_CTX_load_verify_locations*(ctx: PSSL_CTX, CAfile: cstring, CApath: cstring): cInt{.
+    cdecl, dynlib: DLLSSLName, importc.}
+proc SSL_get_verify_result*(ssl: PSSL): int{.cdecl, dynlib: DLLSSLName, importc.}
+
+proc BIO_new_ssl_connect*(ctx: PSSL_CTX): PBIO{.cdecl, dynlib: DLLSSLName, importc.}
+proc BIO_ctrl*(bio: PBIO, cmd: cint, larg: int, arg: cstring): int{.cdecl, dynlib: DLLSSLName, importc.}
+proc BIO_get_ssl*(bio: PBIO, ssl: ptr PSSL): int = 
+  return BIO_ctrl(bio, BIO_C_GET_SSL, 0, cast[cstring](ssl))
+proc BIO_set_conn_hostname*(bio: PBIO, name: cstring): int =
+  return BIO_ctrl(bio, BIO_C_SET_CONNECT, 0, name)
+proc BIO_do_handshake*(bio: PBIO): int =
+  return BIO_ctrl(bio, BIO_C_DO_STATE_MACHINE, 0, NIL)
+proc BIO_do_connect*(bio: PBIO): int =
+  return BIO_do_handshake(bio)
+
+proc BIO_read*(b: PBIO, data: cstring, length: cInt): cInt{.cdecl, 
+    dynlib: DLLUtilName, importc.}
+proc BIO_write*(b: PBIO, data: cstring, length: cInt): cInt{.cdecl, 
+    dynlib: DLLUtilName, importc.}
+
+proc ERR_print_errors_fp*(fp: TFile){.cdecl, dynlib: DLLSSLName, importc.}
+
+when True:
+  nil
+else:
+  proc SslGetError*(s: PSSL, ret_code: cInt): cInt{.cdecl, dynlib: DLLSSLName, 
+      importc.}
+  proc SslCtxSetCipherList*(arg0: PSSL_CTX, str: cstring): cInt{.cdecl, 
+      dynlib: DLLSSLName, importc.}
+  proc SslCtxNew*(meth: PSSL_METHOD): PSSL_CTX{.cdecl, dynlib: DLLSSLName, importc.}
+  proc SslCtxFree*(arg0: PSSL_CTX){.cdecl, dynlib: DLLSSLName, importc.}
+  proc SslSetFd*(s: PSSL, fd: cInt): cInt{.cdecl, dynlib: DLLSSLName, importc.}
+  proc SslCtrl*(ssl: PSSL, cmd: cInt, larg: int, parg: Pointer): int{.cdecl, 
+      dynlib: DLLSSLName, importc.}
+  proc SslCTXCtrl*(ctx: PSSL_CTX, cmd: cInt, larg: int, parg: Pointer): int{.
+      cdecl, dynlib: DLLSSLName, importc.}
+
+  proc SSLCTXSetMode*(ctx: PSSL_CTX, mode: int): int
+  proc SSLSetMode*(s: PSSL, mode: int): int
+  proc SSLCTXGetMode*(ctx: PSSL_CTX): int
+  proc SSLGetMode*(s: PSSL): int
+  proc SslMethodV2*(): PSSL_METHOD{.cdecl, dynlib: DLLSSLName, importc.}
+  proc SslMethodV3*(): PSSL_METHOD{.cdecl, dynlib: DLLSSLName, importc.}
+  proc SslMethodTLSV1*(): PSSL_METHOD{.cdecl, dynlib: DLLSSLName, importc.}
+  proc SslMethodV23*(): PSSL_METHOD{.cdecl, dynlib: DLLSSLName, importc.}
+  proc SslCtxUsePrivateKey*(ctx: PSSL_CTX, pkey: SslPtr): cInt{.cdecl, 
+      dynlib: DLLSSLName, importc.}
+  proc SslCtxUsePrivateKeyASN1*(pk: cInt, ctx: PSSL_CTX, d: cstring, length: int): cInt{.
+      cdecl, dynlib: DLLSSLName, importc.}
+  proc SslCtxUsePrivateKeyFile*(ctx: PSSL_CTX, filename: cstring, typ: cInt): cInt{.
+      cdecl, dynlib: DLLSSLName, importc.}
+  proc SslCtxUseCertificate*(ctx: PSSL_CTX, x: SslPtr): cInt{.cdecl, 
+      dynlib: DLLSSLName, importc.}
+  proc SslCtxUseCertificateASN1*(ctx: PSSL_CTX, length: int, d: cstring): cInt{.
+      cdecl, dynlib: DLLSSLName, importc.}
+  proc SslCtxUseCertificateFile*(ctx: PSSL_CTX, filename: cstring, typ: cInt): cInt{.
+      cdecl, dynlib: DLLSSLName, importc.}
+    #  function SslCtxUseCertificateChainFile(ctx: PSSL_CTX; const filename: PChar):cInt;
+  proc SslCtxUseCertificateChainFile*(ctx: PSSL_CTX, filename: cstring): cInt{.
+      cdecl, dynlib: DLLSSLName, importc.}
+  proc SslCtxCheckPrivateKeyFile*(ctx: PSSL_CTX): cInt{.cdecl, dynlib: DLLSSLName, 
+      importc.}
+  proc SslCtxSetDefaultPasswdCb*(ctx: PSSL_CTX, cb: PPasswdCb){.cdecl, 
+      dynlib: DLLSSLName, importc.}
+  proc SslCtxSetDefaultPasswdCbUserdata*(ctx: PSSL_CTX, u: SslPtr){.cdecl, 
+      dynlib: DLLSSLName, importc.}
+    #  function SslCtxLoadVerifyLocations(ctx: PSSL_CTX; const CAfile: PChar; const CApath: PChar):cInt;
+  proc SslCtxLoadVerifyLocations*(ctx: PSSL_CTX, CAfile: cstring, CApath: cstring): cInt{.
+      cdecl, dynlib: DLLSSLName, importc.}
+  proc SslNew*(ctx: PSSL_CTX): PSSL{.cdecl, dynlib: DLLSSLName, importc.}
+  proc SslFree*(ssl: PSSL){.cdecl, dynlib: DLLSSLName, importc.}
+  proc SslAccept*(ssl: PSSL): cInt{.cdecl, dynlib: DLLSSLName, importc.}
+  proc SslConnect*(ssl: PSSL): cInt{.cdecl, dynlib: DLLSSLName, importc.}
+  proc SslShutdown*(ssl: PSSL): cInt{.cdecl, dynlib: DLLSSLName, importc.}
+  proc SslRead*(ssl: PSSL, buf: SslPtr, num: cInt): cInt{.cdecl, 
+      dynlib: DLLSSLName, importc.}
+  proc SslPeek*(ssl: PSSL, buf: SslPtr, num: cInt): cInt{.cdecl, 
+      dynlib: DLLSSLName, importc.}
+  proc SslWrite*(ssl: PSSL, buf: SslPtr, num: cInt): cInt{.cdecl, 
+      dynlib: DLLSSLName, importc.}
+  proc SslPending*(ssl: PSSL): cInt{.cdecl, dynlib: DLLSSLName, importc.}
+  proc SslGetVersion*(ssl: PSSL): cstring{.cdecl, dynlib: DLLSSLName, importc.}
+  proc SslGetPeerCertificate*(ssl: PSSL): PX509{.cdecl, dynlib: DLLSSLName, 
+      importc.}
+  proc SslCtxSetVerify*(ctx: PSSL_CTX, mode: cInt, arg2: PFunction){.cdecl, 
+      dynlib: DLLSSLName, importc.}
+  proc SSLGetCurrentCipher*(s: PSSL): SslPtr{.cdecl, dynlib: DLLSSLName, importc.}
+  proc SSLCipherGetName*(c: SslPtr): cstring{.cdecl, dynlib: DLLSSLName, importc.}
+  proc SSLCipherGetBits*(c: SslPtr, alg_bits: var cInt): cInt{.cdecl, 
+      dynlib: DLLSSLName, importc.}
+  proc SSLGetVerifyResult*(ssl: PSSL): int{.cdecl, dynlib: DLLSSLName, importc.}
+    # libeay.dll
+  proc X509New*(): PX509{.cdecl, dynlib: DLLUtilName, importc.}
+  proc X509Free*(x: PX509){.cdecl, dynlib: DLLUtilName, importc.}
+  proc X509NameOneline*(a: PX509_NAME, buf: cstring, size: cInt): cstring{.
+      cdecl, dynlib: DLLUtilName, importc.}
+  proc X509GetSubjectName*(a: PX509): PX509_NAME{.cdecl, dynlib: DLLUtilName, 
+      importc.}
+  proc X509GetIssuerName*(a: PX509): PX509_NAME{.cdecl, dynlib: DLLUtilName, 
+      importc.}
+  proc X509NameHash*(x: PX509_NAME): int{.cdecl, dynlib: DLLUtilName, importc.}
+    #  function SslX509Digest(data: PX509; typ: PEVP_MD; md: PChar; len: PcInt):cInt;
+  proc X509Digest*(data: PX509, typ: PEVP_MD, md: cstring, length: var cInt): cInt{.
+      cdecl, dynlib: DLLUtilName, importc.}
+  proc X509print*(b: PBIO, a: PX509): cInt{.cdecl, dynlib: DLLUtilName, importc.}
+  proc X509SetVersion*(x: PX509, version: cInt): cInt{.cdecl, dynlib: DLLUtilName, 
+      importc.}
+  proc X509SetPubkey*(x: PX509, pkey: EVP_PKEY): cInt{.cdecl, dynlib: DLLUtilName, 
+      importc.}
+  proc X509SetIssuerName*(x: PX509, name: PX509_NAME): cInt{.cdecl, 
+      dynlib: DLLUtilName, importc.}
+  proc X509NameAddEntryByTxt*(name: PX509_NAME, field: cstring, typ: cInt, 
+                              bytes: cstring, length, loc, theSet: cInt): cInt{.
+      cdecl, dynlib: DLLUtilName, importc.}
+  proc X509Sign*(x: PX509, pkey: EVP_PKEY, md: PEVP_MD): cInt{.cdecl, 
+      dynlib: DLLUtilName, importc.}
+  proc X509GmtimeAdj*(s: PASN1_UTCTIME, adj: cInt): PASN1_UTCTIME{.cdecl, 
+      dynlib: DLLUtilName, importc.}
+  proc X509SetNotBefore*(x: PX509, tm: PASN1_UTCTIME): cInt{.cdecl, 
+      dynlib: DLLUtilName, importc.}
+  proc X509SetNotAfter*(x: PX509, tm: PASN1_UTCTIME): cInt{.cdecl, 
+      dynlib: DLLUtilName, importc.}
+  proc X509GetSerialNumber*(x: PX509): PASN1_cInt{.cdecl, dynlib: DLLUtilName, 
+      importc.}
+  proc EvpPkeyNew*(): EVP_PKEY{.cdecl, dynlib: DLLUtilName, importc.}
+  proc EvpPkeyFree*(pk: EVP_PKEY){.cdecl, dynlib: DLLUtilName, importc.}
+  proc EvpPkeyAssign*(pkey: EVP_PKEY, typ: cInt, key: Prsa): cInt{.cdecl, 
+      dynlib: DLLUtilName, importc.}
+  proc EvpGetDigestByName*(Name: cstring): PEVP_MD{.cdecl, dynlib: DLLUtilName, 
+      importc.}
+  proc EVPcleanup*(){.cdecl, dynlib: DLLUtilName, importc.}
+    #  function ErrErrorString(e: cInt; buf: PChar): PChar;
+  proc SSLeayversion*(t: cInt): cstring{.cdecl, dynlib: DLLUtilName, importc.}
+  proc ErrErrorString*(e: cInt, buf: cstring, length: cInt){.cdecl, 
+      dynlib: DLLUtilName, importc.}
+  proc ErrGetError*(): cInt{.cdecl, dynlib: DLLUtilName, importc.}
+  proc ErrClearError*(){.cdecl, dynlib: DLLUtilName, importc.}
+  proc ErrFreeStrings*(){.cdecl, dynlib: DLLUtilName, importc.}
+  proc ErrRemoveState*(pid: cInt){.cdecl, dynlib: DLLUtilName, importc.}
+  proc OPENSSLaddallalgorithms*(){.cdecl, dynlib: DLLUtilName, importc.}
+  proc CRYPTOcleanupAllExData*(){.cdecl, dynlib: DLLUtilName, importc.}
+  proc RandScreen*(){.cdecl, dynlib: DLLUtilName, importc.}
+  proc BioNew*(b: PBIO_METHOD): PBIO{.cdecl, dynlib: DLLUtilName, importc.}
+  proc BioFreeAll*(b: PBIO){.cdecl, dynlib: DLLUtilName, importc.}
+  proc BioSMem*(): PBIO_METHOD{.cdecl, dynlib: DLLUtilName, importc.}
+  proc BioCtrlPending*(b: PBIO): cInt{.cdecl, dynlib: DLLUtilName, importc.}
+  proc BioRead*(b: PBIO, Buf: cstring, length: cInt): cInt{.cdecl, 
+      dynlib: DLLUtilName, importc.}
+  proc BioWrite*(b: PBIO, Buf: cstring, length: cInt): cInt{.cdecl, 
+      dynlib: DLLUtilName, importc.}
+  proc d2iPKCS12bio*(b: PBIO, Pkcs12: SslPtr): SslPtr{.cdecl, dynlib: DLLUtilName, 
+      importc.}
+  proc PKCS12parse*(p12: SslPtr, pass: cstring, pkey, cert, ca: var SslPtr): cint{.
+      dynlib: DLLUtilName, importc, cdecl.}
+
+  proc PKCS12free*(p12: SslPtr){.cdecl, dynlib: DLLUtilName, importc.}
+  proc RsaGenerateKey*(bits, e: cInt, callback: PFunction, cb_arg: SslPtr): PRSA{.
+      cdecl, dynlib: DLLUtilName, importc.}
+  proc Asn1UtctimeNew*(): PASN1_UTCTIME{.cdecl, dynlib: DLLUtilName, importc.}
+  proc Asn1UtctimeFree*(a: PASN1_UTCTIME){.cdecl, dynlib: DLLUtilName, importc.}
+  proc Asn1cIntSet*(a: PASN1_cInt, v: cInt): cInt{.cdecl, dynlib: DLLUtilName, 
+      importc.}
+  proc i2dX509bio*(b: PBIO, x: PX509): cInt{.cdecl, dynlib: DLLUtilName, importc.}
+  proc i2dPrivateKeyBio*(b: PBIO, pkey: EVP_PKEY): cInt{.cdecl, 
+      dynlib: DLLUtilName, importc.}
+    # 3DES functions
+  proc DESsetoddparity*(Key: des_cblock){.cdecl, dynlib: DLLUtilName, importc.}
+  proc DESsetkeychecked*(key: des_cblock, schedule: des_key_schedule): cInt{.
+      cdecl, dynlib: DLLUtilName, importc.}
+  proc DESecbencrypt*(Input: des_cblock, output: des_cblock, ks: des_key_schedule, 
+                      enc: cInt){.cdecl, dynlib: DLLUtilName, importc.}
+  # implementation
+
+  proc SSLCTXSetMode(ctx: PSSL_CTX, mode: int): int = 
+    Result = SslCTXCtrl(ctx, SSL_CTRL_MODE, mode, nil)
+
+  proc SSLSetMode(s: PSSL, mode: int): int = 
+    Result = SSLctrl(s, SSL_CTRL_MODE, mode, nil)
+
+  proc SSLCTXGetMode(ctx: PSSL_CTX): int = 
+    Result = SSLCTXctrl(ctx, SSL_CTRL_MODE, 0, nil)
+
+  proc SSLGetMode(s: PSSL): int = 
+    Result = SSLctrl(s, SSL_CTRL_MODE, 0, nil)
+