This procedure is not no-op for older LibreSSL, and the ABI is kept for
newer versions, so there's no harm in enabling it unconditionally for
all LibreSSL versions.
Previously, the `net` module use the blanket "ALL" as the default cipher
list. This list may contain security ciphers that are weak and/or outdated
according to the current standard.
This commit introduces a new module `ssl_config` that contains the
latest OpenSSL configurations as recommended by Mozilla OpSec, and
make the `net` module use the cipher list targeting `intermediate`
compatibility level as the default.
Per SSL_get_error(3):
The current thread's error queue must be empty before the TLS/SSL I/O
operation is attempted, or SSL_get_error() will not work reliably.
There has been records of not clearing the error queue causing weird SSL
errors when there shouldn't be any, see:
https://github.com/openssl/openssl/issues/11889
Closing a socket clears the error queue of the entire thread, which
seems to be a bit too invasive.
Also I don't find any reason in the PR that added this.
* update doc CI filter to include the files mostly likely to require doc rebuild
* remove code duplication in ./config/nimdoc.cfg; show link to compiler docs, various fixes
* walkDirRecFilter, factor nativeToUnixPath workaround
* glob for getRst2html
* docslocal: 40s to build all docs
* revert code dedup in github actions which did not work alas...
* fixups
* Change `UnpackError` with `UnpackDefect`
The deprecation warning for `UnpackError` exception raised by some
`inline` procedures in the Nim standard library propagates to the user
code. If the user code has a requirement for building without warnings
this is a problem for the successful execution of the tests. In order
to resolve this, all occurrences of `UnpackError` in the Nim code base
are changed to `UnpackDefect`. Only the type alias is retained to not
break other people's user code since `UnpackError` is exported type.
* Remove the catching of `UnpackDefect`
Defect exceptions should not be cached, because they indicate problem in
the API usage. The code in `nimblesocket.nim` is rewritten to first
check whether there is a value set into the `knownDomain` variable from
the `Option` type before usage.
* add bindParams to db_sqlite
* no need typeinfo
* remove extro spaces
* reduce bindParams to two branches,raise DbError
* Update lib/impure/db_sqlite.nim
* change bindParams to macro,accept varargs[untyped] as params
* change bind blob val to openArray[byte]
* remove unused err type
* explicitly using i32 param
* using import std/private/since
* SQLITE_OK to right hand
* bindParam val int using bindParam overload
* copy data by default
* change exec to template
* remove SqlPrepared procs unused varargs
* fix setupquery for prepared,reset first for exec prepared,add bindNull for literal nil
Co-authored-by: alaviss <leorize+oss@disroot.org>
* add insert,tryInsert unify for postgres that need pk name
* add ReadDbEffect to new procs
* add .since and changelog
* change since to 1.3
* Update lib/impure/db_postgres.nim
Co-authored-by: bung87 <crc32@qq.com>
Co-authored-by: Andreas Rumpf <rumpf_a@web.de>
Co-authored-by: alaviss <leorize+oss@disroot.org>
