Previously, the `net` module use the blanket "ALL" as the default cipher
list. This list may contain security ciphers that are weak and/or outdated
according to the current standard.
This commit introduces a new module `ssl_config` that contains the
latest OpenSSL configurations as recommended by Mozilla OpSec, and
make the `net` module use the cipher list targeting `intermediate`
compatibility level as the default.
Per SSL_get_error(3):
The current thread's error queue must be empty before the TLS/SSL I/O
operation is attempted, or SSL_get_error() will not work reliably.
There has been records of not clearing the error queue causing weird SSL
errors when there shouldn't be any, see:
https://github.com/openssl/openssl/issues/11889
Closing a socket clears the error queue of the entire thread, which
seems to be a bit too invasive.
Also I don't find any reason in the PR that added this.
* added high level sendTo and recvFrom to std/asyncnet; tests were also added.
* add .since annotation, a changelog entry and fixed to standard library style guide.
* fixes net.recvFrom to work correctly with IPv6
* raise if domain is not AF_INET or AF_INET6
* renamed template to adaptRecvFromToDomain()
* Error -> Defect for defects
The distinction between Error and Defect is subjective,
context-dependent and somewhat arbitrary, so when looking at an
exception, it's hard to guess what it is - this happens often when
looking at a `raises` list _without_ opening the corresponding
definition and digging through layers of inheritance.
With the help of a little consistency in naming, it's at least possible
to start disentangling the two error types and the standard lib can set
a good example here.
* io: make file descriptors non-inheritable by default
This prevents file descriptors/handles leakage to child processes
that might cause issues like running out of file descriptors, or potential
security issues like leaking a file descriptor to a restricted file.
While this breaks backward compatibility, I'm rather certain that not
many programs (if any) actually make use of this implementation detail.
A new API `setInheritable` is provided for the few that actually want to
use this functionality.
* io: disable inheritance at file creation time for supported platforms
Some platforms provide extension to fopen-family of functions to allow
for disabling descriptor inheritance atomically during File creation.
This guards against possible leaks when a child process is spawned
before we managed to disable the file descriptor inheritance
(ie. in a multi-threaded program).
* net, nativesockets: make sockets non inheritable by default
With this commit, sockets will no longer leak to child processes when
you don't want it to. Should solves a lot of "address in use" that might
occur when your server has just restarted.
All APIs that create sockets in these modules now expose a `inheritable`
flag that allow users to toggle inheritance for the resulting sockets.
An implementation of `setInheritance()` is also provided for SocketHandle.
While atomically disabling inheritance at creation time is supported on
Windows, it's only implemented by native winsock2, which is too much for
now. This support can be implemented in a future patch.
* posix: add F_DUPFD_CLOEXEC
This command duplicates file descriptor with close-on-exec flag set.
Defined in POSIX.1-2008.
* ioselectors_kqueue: don't leak file descriptors
File descriptors internally used by ioselectors on BSD/OSX are now
shielded from leakage.
* posix: add O_CLOEXEC
This flag allows file descriptors to be open() with close-on-exec flag
set atomically.
This flag is specified in POSIX.1-2008
* tfdleak: test for selectors leakage
Also simplified the test by using handle-type agnostic APIs to test for
validity.
* ioselectors_epoll: mark all fd created close-on-exec
File descriptors from ioselectors should no longer leaks on Linux.
* tfdleak: don't check for selector leakage on Windows
The getFd proc for ioselectors_select returns a hardcoded -1
* io: add NoInheritFlag at compile time
* io: add support for ioctl-based close-on-exec
This allows for the flag to be set/unset in one syscall. While the
performance gains might be negliable, we have one less failure point
to deal with.
* tfdleak: add a test for setInheritable
* stdlib: add nimInheritHandles to restore old behaviors
* memfiles: make file handle not inheritable by default for posix
* io: setInheritable now operates on OS file handle
On Windows, the native handle is the only thing that's inheritable, thus
we can assume that users of this function will already have the handle
available to them. This also allows users to pass down file descriptors
from memfiles on Windows with ease, should that be desired.
With this, nativesockets.setInheritable can be made much simpler.
* changelog: clarify
* nativesockets: document setInheritable return value
* posix_utils: atomically disable fd inheritance for mkstemp
* make i2d_X509 and d2i_X509 always available
i2d_X509 and d2i_X509 have been available in all versions of OpenSSL, so
make them available even if nimDisableCertificateValidation is set.
* introduce getPeerCertificates, fixes#13299
getPeerCertificates retrieves the verified certificate chain of the peer
we are connected to through an SSL-wrapped Socket/AsyncSocket. This
introduces the new type Certificate which stores a DER-encoded X509 certificate.
* Implement SSL/TLS certificate checking #782
* SSL: Add nimDisableCertificateValidation
Remove NIM_SSL_CERT_VALIDATION env var
tests/untestable/thttpclient_ssl.nim ran successfully on Linux with libssl 1.1.1d
* SSL: update integ test to skip flapping tests
* Revert .travis.yml change
* nimDisableCertificateValidation disable imports
Prevent loading symbols that are not defined on older SSL libs
* SSL: disable verification in net.nim
..when nimDisableCertificateValidation is set
* Update changelog
* Fix peername type
* Add define check for windows
* Disable test on windows
* Add exprimental GitHub action CI for SSL
* Test nimDisableCertificateValidation
* fixes overloading resolution for passing owned(Future[string]) to Future[T]
* WIP: make --newruntime work with .async
* memtracker: make it compile again
* make Nimble compile again
Unfortunately this required some code duplication because the
doConnect() from asynccommon.nim only works with addrInfo which does not
make sense for AF_UNIX.
makeUnixAddr() was moved to nativesocket.nim and exported
