generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2024-12-13 02:22:57 +01:00
Code Issues Projects Releases Wiki Activity
4,871 Commits 157 Branches 71 Tags 320 MiB
3bab3548f4
Commit Graph

94 Commits

Author SHA1 Message Date
Robin Lee
3bab3548f4
Basic support for OpenSSL 3.0.0 (#3448) 
* updated README.md

* Create close-inactive-issues.yml

* check return codes of EVP_CIPHER_CTX_new and EVP_CipherInit

Especially with OpenSSL 3, it is possible that EVP_CipherInit may fail even when
passed a non-null cipher[1]. Without the checking, it will finally get to a
segfault.

[1] https://github.com/openssl/openssl/issues/16864

* Automatically load default and legacy providers with OpenSSL 3

Without the legacy provider [1], some ciphers are not available. For example,
the 'des-ecb' one used by test sutie is missed and the test will fail.

[1] OSSL_PROVIDER-LEGACY(7ossl)

* Make p12 ca order the same as pem

OpenSSL < 3 returns p12 ca order in reversed order. This is fixed
in OpenSSL 3. We work around it with old OpenSSL.

See:
https://github.com/openssl/openssl/issues/16421
https://github.com/openssl/openssl/pull/12641
f5eb85eb0f

* Implement SSL abort handling on OpenSSL 3

On an unexpected EOF, versions before OpenSSL 3.0 returned SSL_ERROR_SYSCALL,
nothing was added to the error stack, and errno was 0. Since OpenSSL 3.0 the
returned error is SSL_ERROR_SSL with a meaningful error on the error stack.[1]

[1] SSL_GET_ERROR(3ossl)

Co-authored-by: Günter Obiltschnig <guenter.obiltschnig@appinf.com>
Co-authored-by: Robin Lee <cheeselee@fedoraproject.org>
Co-authored-by: Aleksandar Fabijanic <aleks-f@users.noreply.github.com>
 2022-03-29 13:23:44 -05:00
Günter Obiltschnig
dbfd27611b manually merge #3448, part 1 (NetSSL) 2022-02-07 17:56:05 +01:00
Günter Obiltschnig
3ca91a8fe1 #2895, #2935: support OCSP stapling 2021-06-23 08:36:38 +02:00
Günter Obiltschnig
22eb76d3ae #3302: MSVC: Poco hides warnings (C4996) for the C++14 attribute [[deprecated]] 2021-06-17 18:20:29 +02:00
Günter Obiltschnig
746a69dc09 testReuseSession: remove bad checks for session reuse 2021-06-16 18:30:30 +02:00
Günter Obiltschnig
907e240ff2 #3269: Poco::Net::Context initialization with empty certificateFile 2021-06-15 14:05:56 +02:00
Günter Obiltschnig
e01fede825 disallow SSLv3 2021-06-15 13:51:41 +02:00
Günter Obiltschnig
7917abf727 #2418: SecureServerSocket doesn't work with IpV6 2021-06-15 10:23:22 +02:00
Günter Obiltschnig
59ae91e5ba #3089: HTTPSessionFactory does not support HTTPClientSession::ProxyConfig 2021-06-15 09:45:01 +02:00
Günter Obiltschnig
ab010473b9 #3299: NetSSL: Allow per-Context InvalidCertificateHandler 2021-06-06 18:11:05 +02:00
Günter Obiltschnig
13d3a03529 remove curves unsupported by some OpenSSL builds 2020-02-04 15:31:48 +01:00
Günter Obiltschnig
fc8a95c44e make Context compile with OpenSSL >= 1.1 2020-02-04 13:41:23 +01:00
Günter Obiltschnig
81624a269f #2898: poco 1.10/ NetSSL / openssl < 1.1 : default server usage changed (compare to 1.9.4) 2020-02-04 10:23:55 +01:00
Günter Obiltschnig
d33a39a987 #2816: Modernise TLS configuration 2020-02-04 09:33:31 +01:00
Günter Obiltschnig
839009d9b5 fix header comments 2020-01-23 18:57:05 +01:00
Günter Obiltschnig
d65bf03a83 fixes and improvements to FTP(S)ClientSession 2020-01-23 17:55:30 +01:00
Günter Obiltschnig
878b8bbeca fixes for FTPSClientSession 2020-01-23 13:29:54 +01:00
Günter Obiltschnig
5d481ff493 merge FTPSClientSession from develop-experimental 2020-01-23 11:57:28 +01:00
Günter Obiltschnig
18adb1e43b code cleanup; fix move ctors and assignment 2020-01-21 17:52:43 +01:00
Günter Obiltschnig
e1f09a602b cleanup and modernization 2020-01-10 12:20:30 +01:00
Günter Obiltschnig
a2f8f8fbe1 NetSSL_OpenSSL: better way to specify TLS version for Context 2020-01-09 21:25:30 +01:00
Günter Obiltschnig
27335031e1 fixed GH #2380: Calling Poco::Net::X509Certificate::addChainCertificate() leads to double free. 2019-06-22 18:11:05 +02:00
Günter Obiltschnig
ec8ea48062 SecureSMTPClientSession now uses _host from SMTPClientSession 2019-05-16 14:35:19 +02:00
Günter Obiltschnig
6000982c8b added preliminary TLSv1.3 support with OpenSSL version 1.1.1 2018-08-24 10:47:05 +02:00
proller
bada9ed2b9 Backport #2257 to Poco 1.9.1 2018-08-18 11:09:43 +02:00
Joerg-Christian Boehme
5fb10f6746 Set EVP private key on SSL context (#2259) 2018-06-03 11:27:32 -05:00
Günter Obiltschnig
8dc4223acb X509Certificate::verify(): use OpenSSL X509_check_host() and X509_check_ip_asc() if available 2018-03-05 22:17:31 +01:00
Günter Obiltschnig
451f05121e #2197: fix style 2018-03-05 22:15:39 +01:00
Günter Obiltschnig
38c9328db6 fix style 2018-03-05 19:54:01 +01:00
Joerg-Christian Boehme
4c05d4baf7 Improve ssl context, include a function to add CA certificates. 2018-03-05 13:37:45 +01:00
Günter Obiltschnig
320fa9c445 don't set _peerHostName from peerAddress 2017-12-21 14:32:08 +01:00
Günter Obiltschnig
04e7e04d4d Remove \$Id`$ headers 2017-09-09 11:14:06 +02:00
Günter Obiltschnig
75a7ee4b0f Crypto and NetSSL fixes for OpenSSL 1.1 2016-11-27 23:58:39 +01:00
Guenter Obiltschnig
3bd6689751 fixed GH #1472: HTTP(S)StreamFactory should send a User-Agent header 2016-10-26 12:58:52 +02:00
Guenter Obiltschnig
9bc12df4a2 style fix 2016-09-26 17:00:42 +02:00
Guenter Obiltschnig
7c37f18f84 fixed some warnings and minor issues detected by clang-analyzer 2016-09-13 11:37:12 +02:00
Guenter Obiltschnig
0b30bacb41 fixed GH #1303: HTTPSClientSession::sendRequest() fails if server has wildcard cert 2016-07-03 12:48:15 +02:00
Guenter Obiltschnig
d0e268fcbb use TLS_*_method() instead of deprecated SSLv23_*_method() if OpenSSL version is >= 1.1; initialize default/fallback client context to support all TLS protocols, not just TLSv1 2016-03-12 12:18:18 +01:00
Guenter Obiltschnig
ee9477afd3 fixed GH# 1184: Attempting to connect via a proxy throws a DNS error "Host not found" 2016-03-10 09:54:08 +01:00
Guenter Obiltschnig
f7ba58c80f fix for GH #1160: Poco::Net::NetException "SSL Exception: error:1409F07F:SSL routines:ssl3_write_pending:bad write retry 2016-02-26 20:15:58 +01:00
Guenter Obiltschnig
dee1efd56a added Context::preferServerCiphers() 2016-01-19 16:01:17 +01:00
Guenter Obiltschnig
82c6c5f149 added support for ECDH, new Context ctor 2016-01-19 15:19:14 +01:00
Guenter Obiltschnig
e9b2b3bcdd NetSSL: add support for disabling certain protocols 2016-01-19 11:36:02 +01:00
Guenter Obiltschnig
b124d5b392 merged doc fixes from develop branch 2015-10-10 17:32:31 +02:00
Guenter Obiltschnig
ef3946786a improved SSLManager to automatically set-up a reasonable client Context if none is configured 2015-10-06 09:41:31 +02:00
Guenter Obiltschnig
89816c0ea2 HTTPSessionInstantiator: respect global proxy config 2015-09-17 11:56:28 +02:00
Guenter Obiltschnig
3b31772717 fixed comments 2014-11-21 09:05:25 +01:00
Guenter Obiltschnig
781acfa0bd added nonProxyHosts to ProxyConfig to allow bypassing proxy for certain hosts 2014-11-11 22:54:44 +01:00
Guenter Obiltschnig
420c3b55a7 added support for global HTTP proxy configuration 2014-11-09 17:22:10 +01:00
Guenter Obiltschnig
558091d53f fixed a memory leak if the CA file was not found while creating the Context (the OpenSSL context would leak) 2014-10-18 17:22:07 +02:00