Previously, the `net` module use the blanket "ALL" as the default cipher
list. This list may contain security ciphers that are weak and/or outdated
according to the current standard.
This commit introduces a new module `ssl_config` that contains the
latest OpenSSL configurations as recommended by Mozilla OpSec, and
make the `net` module use the cipher list targeting `intermediate`
compatibility level as the default.
Per SSL_get_error(3):
The current thread's error queue must be empty before the TLS/SSL I/O
operation is attempted, or SSL_get_error() will not work reliably.
There has been records of not clearing the error queue causing weird SSL
errors when there shouldn't be any, see:
https://github.com/openssl/openssl/issues/11889
The error we're looking for is "certificate verify failed". The routine
that reports this will be different between openssl versions, so it
makes no sense to track the routine name as well.
Closing a socket clears the error queue of the entire thread, which
seems to be a bit too invasive.
Also I don't find any reason in the PR that added this.
* update doc CI filter to include the files mostly likely to require doc rebuild
* remove code duplication in ./config/nimdoc.cfg; show link to compiler docs, various fixes
* walkDirRecFilter, factor nativeToUnixPath workaround
* glob for getRst2html
* docslocal: 40s to build all docs
* revert code dedup in github actions which did not work alas...
* fixups
When --compileOnly is on, extraCmds are not added to JsonBuildInstructions.
```
$ echo 'echo 123'>test.nim
$ nim c --debuginfo --nimcache:cache test
$ ls
cache test test.dSYM test.nim
$ tail -n3 cache/test.json
"extraCmds": ["dsymutil /Users/khronos31/src/tmp/test"],
"stdinInput": false
}
```
```
$ echo 'echo 123'>test.nim
$ nim c --debuginfo --nimcache:cache --compileOnly test
$ nim jsonscript --nimcache:cache test
$ ls
cache test test.nim
$ tail -n3 cache/test.json
"extraCmds": [],
"stdinInput": false
}
```
Removed phrase "However, this is no real restriction because
Nim's syntax is flexible enough anyway." from the manual - I find it
very subjective, and I sometimes *do* find myself restricted by Nim's
syntax when writing DSLs
* Change `UnpackError` with `UnpackDefect`
The deprecation warning for `UnpackError` exception raised by some
`inline` procedures in the Nim standard library propagates to the user
code. If the user code has a requirement for building without warnings
this is a problem for the successful execution of the tests. In order
to resolve this, all occurrences of `UnpackError` in the Nim code base
are changed to `UnpackDefect`. Only the type alias is retained to not
break other people's user code since `UnpackError` is exported type.
* Remove the catching of `UnpackDefect`
Defect exceptions should not be cached, because they indicate problem in
the API usage. The code in `nimblesocket.nim` is rewritten to first
check whether there is a value set into the `knownDomain` variable from
the `Option` type before usage.
