| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
| |
This is easier and agnostic about the underlying L3 protocol.
We plan to remove direct NNG_OPT_LOCADDR support from listeners
(and probably both NNG_OPT_LOCADDR and NNG_OPT_REMADDR have numbered
days left in their lifetime. They will be replaced with more direct
typed access functions as has been done for pipes already.)
While here fixed some include for IWYU in the POSIX platform.
|
| |
|
|
|
|
| |
Also, some instances nni_aio are changed to nng_aio. We think we want to harmonize
some of these types going forward as it will reduce the need to include headers
hopefully letting us get away with just "defs.h" in more places.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An explicit call to `mbedtls_ssl_set_hostname(NULL)` is now required if the hostname should not be verified in handshake. From the mbedtls changelog:
```
= Mbed TLS 3.6.3 branch released 2025-03-24
Default behavior changes
* In TLS clients, if mbedtls_ssl_set_hostname() has not been called,
mbedtls_ssl_handshake() now fails with MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME if certificate-based authentication of the server is attempted.
This is because authenticating a server without knowing what name
to expect is usually insecure. To restore the old behavior, either
call mbedtls_ssl_set_hostname() with NULL as the hostname, or
enable the new compile-time option MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
```
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This allows us to explicitly stop streams, dialers, and listeners,
before we start tearing down things. This hopefully will be useful
in resolving use-after-free bugs in http, tls, and websockets.
The new functions are not yet documented, but they are
nng_stream_stop, nng_stream_dialer_stop, and nng_stream_listener_stop.
They should be called after close, and before free. The close
functions now close without blocking, but the stop function is
allowed to block.
|
| | |
|
| |
|
|
|
| |
Those old algorithms are not used anywhere, and are not recommended.
TLS 1.2 support has been prevalent for over a decade.
|
| |
|
|
| |
This is simpler, and more reliable than using socket options.
|
| |
|
|
|
| |
This requires using a supporting version of Mbed TLS.
We have to use PSA crypto for TLS 1.3.
|
| |
|
|
| |
This is in preparation for the wolfSSL integration.
|
| |
|
|
|
|
| |
This also adds an SP layer transport test for TLS, based on the TCP
test but with some additions; this test does not cover all the edge
cases for TLS, but it does at least show how to use it.
|
| |
|
|
|
| |
This isn't complete, but it should go much further in assisting
debugging TLS related errors.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is based on testutil/acutest, but is cleaner and fixes some
short-comings. We will be adding more support for additional
common paradigms to better facilitate transport tests.
While here we added some more test cases, and fixed a possible
symbol collision in the the stats framework (due to Linux use
of a macro definition of "si_value" in a standard OS header).
Test coverage may regress slightly as we are no longer using
some of the legacy APIs.
|
| |
|
|
|
| |
This also starts the test framework NNG streams, so that we can
test those more directly.
|
|
|
This introduces support for an external wolfSSL plugin, and generally
creates the framework for pluggable TLS implementations.
The wolfSSL engine is provided via an external module (git submodule),
available either under a GPLv3 license or a commercial license.
|
