From d68782cd38142be328e4df41e782654cebafc8b7 Mon Sep 17 00:00:00 2001 From: dom96 Date: Sat, 23 Oct 2010 22:30:56 +0100 Subject: [PATCH] Added an openssl wrapper, ssl module and smtp module. --- lib/impure/ssl.nim | 81 ++++++++ lib/pure/smtp.nim | 176 ++++++++++++++++++ lib/wrappers/openssl.nim | 386 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 643 insertions(+) create mode 100644 lib/impure/ssl.nim create mode 100644 lib/pure/smtp.nim create mode 100644 lib/wrappers/openssl.nim diff --git a/lib/impure/ssl.nim b/lib/impure/ssl.nim new file mode 100644 index 0000000000000..469446daff76b --- /dev/null +++ b/lib/impure/ssl.nim @@ -0,0 +1,81 @@ +# +# +# Nimrod's Runtime Library +# (c) Copyright 2010 Dominik Picheta +# +# See the file "copying.txt", included in this +# distribution, for details about the copyright. +# + +## This module provides an easy to use sockets-style nimrod interface to the OpenSSL library. + +import openssl, strutils, os + +type + TSecureSocket* = object + ssl: PSSL + bio: PBIO + +proc connect*(sock: var TSecureSocket, address: string, port: int, certResult: var Int) = + ## Connects to the specified `address` on the specified `port`. `certResult` will become the result of the certificate validation. + SslLoadErrorStrings() + ERR_load_BIO_strings() + + assert(SSL_library_init() == 1) + + var ctx = SSL_CTX_new(SSLv23_client_method()) + if ctx == nil: + ERR_print_errors_fp(stderr) + assert(False) + + #if SSL_CTX_load_verify_locations(ctx, "/tmp/openssl-0.9.8e/certs/vsign1.pem", NIL) == 0: + # echo("Failed load verify locations") + # ERR_print_errors_fp(stderr) + + sock.bio = BIO_new_ssl_connect(ctx) + assert(BIO_get_ssl(sock.bio, addr(sock.ssl)) != 0) + + assert(BIO_set_conn_hostname(sock.bio, address & ":" & $port) == 1) + + if BIO_do_connect(sock.bio) <= 0: + ERR_print_errors_fp(stderr) + OSError() + + certResult = SSL_get_verify_result(sock.ssl) + +proc recvLine*(sock: TSecureSocket, line: var String): bool = + ## Acts in a similar fashion to the `recvLine` in the sockets module. + ## Returns false when no data is available to be read. + ## `Line` must be initialized and not nil! + setLen(line, 0) + while True: + var c: array[0..0, char] + var n = BIO_read(sock.bio, c, c.len) + if n <= 0: return False + if c[0] == '\r': + n = BIO_read(sock.bio, c, c.len) + if n > 0 and c[0] == '\L': + return True + elif n <= 0: + return False + elif c[0] == '\L': return True + add(line, c) + + +proc send*(sock: TSecureSocket, data: string) = + ## Writes `data` to the socket. + if BIO_write(sock.bio, data, data.len()) <= 0: + OSError() + +when isMainModule: + var s: TSecureSocket + echo connect(s, "smtp.gmail.com", 465) + + #var buffer: array[0..255, char] + #echo BIO_read(bio, buffer, buffer.len) + var buffer: string = "" + + echo s.recvLine(buffer) + echo buffer + echo buffer.len + diff --git a/lib/pure/smtp.nim b/lib/pure/smtp.nim new file mode 100644 index 0000000000000..c5c14110cc694 --- /dev/null +++ b/lib/pure/smtp.nim @@ -0,0 +1,176 @@ +# +# +# Nimrod's Runtime Library +# (c) Copyright 2010 Dominik Picheta +# +# See the file "copying.txt", included in this +# distribution, for details about the copyright. +# + +## This module implements the SMTP client protocol as specified by RFC 5321, +## this can be used to send mail to any SMTP Server. +## +## This module also implements the protocol used to format messages, as specified by RFC 2822. +## +## Example gmail use: +## +## +## .. code-block:: Nimrod +## var msg = createMessage("Hello from Nimrod's SMTP", "Hello!.\n Is this awesome or what?", @["foo@gmail.com"]) +## var smtp = connect("smtp.gmail.com", 465, True, True) +## smtp.auth("username", "password") +## smtp.sendmail("username@gmail.com", @["foo@gmail.com"], $msg) +## + +import sockets, strutils, strtabs, ssl, base64 + +type + TSMTP* = object + sock: TSocket + sslSock: TSecureSocket + ssl: Bool + debug: Bool + + TMessage* = object + msgTo: seq[String] + msgCc: seq[String] + msgSubject: String + msgOtherHeaders: PStringTable + msgBody: String + + EInvalidReply* = object of EBase + +proc debugSend(smtp: TSMTP, cmd: String) = + if smtp.debug: + echo("C:" & cmd) + if not smtp.ssl: + smtp.sock.send(cmd) + else: + smtp.sslSock.send(cmd) + +proc debugRecv(smtp: TSMTP): String = + var line = "" + var ret = False + if not smtp.ssl: + ret = smtp.sock.recvLine(line) + else: + ret = smtp.sslSock.recvLine(line) + if ret: + if smtp.debug: + echo("S:" & line) + return line + else: + echo("S-Warning: recvLine failed.") + return "" + +proc quitExcpt(smtp: TSMTP, msg: String) = + smtp.debugSend("QUIT") + raise newException(EInvalidReply, msg) + +proc checkReply(smtp: TSMTP, reply: string) = + var line = smtp.debugRecv() + if not line.startswith(reply): + quitExcpt(smtp, "Expected " & reply & " reply, got: " & line) + +proc connect*(address: String, port: int = 25, ssl: bool = False, debug: bool = False): TSMTP = + ## Establishes a connection with a SMTP server. + ## May fail with EInvalidReply or with a socket errors. + + if not ssl: + result.sock = socket() + result.sock.connect(address, TPort(port)) + else: + result.ssl = True + var certResult: int + result.sslSock.connect(address, port, certResult) + + result.debug = debug + + result.checkReply("220") + result.debugSend("HELO " & address & "\c\L") + result.checkReply("250") + +proc auth*(smtp: TSMTP, username, password: string) = + ## Sends an AUTH command to the server to login as the `username` using `password`. + ## May fail with EInvalidReply. + + smtp.debugSend("AUTH LOGIN\c\L") + smtp.checkReply("334") # TODO: Check whether it's asking for the "Username:" + # i.e "334 VXNlcm5hbWU6" + smtp.debugSend(encode(username) & "\c\L") + smtp.checkReply("334") # TODO: Same as above, only "Password:" (I think?) + + smtp.debugSend(encode(password) & "\c\L") + smtp.checkReply("235") # Check whether the authentification was successful. + +proc sendmail*(smtp: TSMTP, fromaddr: string, toaddrs: seq[string], msg: string) = + ## Sends `msg` from `fromaddr` to `toaddr`. + ## Messages may be formed using ``createMessage`` by converting the TMessage into a string. + + smtp.debugSend("MAIL FROM:<" & fromaddr & ">\c\L") + smtp.checkReply("250") + for address in items(toaddrs): + smtp.debugSend("RCPT TO:<" & address & ">\c\L") + smtp.checkReply("250") + + # Send the message + smtp.debugSend("DATA " & "\c\L") + smtp.checkReply("354") + smtp.debugSend(msg & "\c\L") + smtp.debugSend(".\c\L") + smtp.checkReply("250") + + # quit + smtp.debugSend("QUIT\c\L") + +proc createMessage*(mSubject, mBody: String, mTo, mCc: seq[String], + otherHeaders: openarray[tuple[name, value: String]]): TMessage = + ## Creates a new MIME compliant message. + result.msgTo = mTo + result.msgCc = mCc + result.msgSubject = mSubject + result.msgBody = mBody + result.msgOtherHeaders = newStringTable() + for n, v in items(otherHeaders): + result.msgOtherHeaders[n] = v + +proc createMessage*(mSubject, mBody: String, mTo, mCc: seq[String] = @[]): TMessage = + ## Alternate version of the above. + result.msgTo = mTo + result.msgCc = mCc + result.msgSubject = mSubject + result.msgBody = mBody + result.msgOtherHeaders = newStringTable() + +proc `$`*(msg: TMessage): String = + result = "" + if msg.msgTo.len() > 0: + result = "TO: " & msg.msgTo.join(", ") & "\c\L" + if msg.msgCc.len() > 0: + result.add("CC: " & msg.msgTo.join(", ") & "\c\L") + # TODO: Folding? i.e when a line is too long, shorten it... + result.add("Subject: " & msg.msgSubject & "\c\L") + for key, value in pairs(msg.msgOtherHeaders): + result.add(key & ": " & value & "\c\L") + + result.add("\c\L" & msg.msgBody) + + +when isMainModule: + #var msg = createMessage("Test subject!", "Hello, my name is dom96.\n What\'s yours?", @["dominik@localhost"]) + #echo(msg) + + #var smtp = connect("localhost", 25, False, True) + #smtp.sendmail("root@localhost", @["dominik@localhost"], $msg) + + #echo(decode("a17sm3701420wbe.12")) + + var msg = createMessage("Hello from Nimrod's SMTP!", "Hello!!!!.\n Is this awesome or what?", @["someone@yahoo.com", "someone@gmail.com"]) + echo(msg) + + var smtp = connect("smtp.gmail.com", 465, True, True) + smtp.auth("someone", "password") + smtp.sendmail("someone@gmail.com", @["someone@yahoo.com", "someone@gmail.com"], $msg) + + + diff --git a/lib/wrappers/openssl.nim b/lib/wrappers/openssl.nim new file mode 100644 index 0000000000000..3972980e879b8 --- /dev/null +++ b/lib/wrappers/openssl.nim @@ -0,0 +1,386 @@ +#==============================================================================# +# Project: Ararat Synapse | 003.004.001 # +#==============================================================================# +# Content: SSL support by OpenSSL # +#==============================================================================# +# Copyright (c)1999-2005, Lukas Gebauer # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are met: # +# # +# Redistributions of source code must retain the above copyright notice, this # +# list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright notice, # +# this list of conditions and the following disclaimer in the documentation # +# and/or other materials provided with the distribution. # +# # +# Neither the name of Lukas Gebauer nor the names of its contributors may # +# be used to endorse or promote products derived from this software without # +# specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # +# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR # +# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR # +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER # +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH # +# DAMAGE. # +#==============================================================================# +# The Initial Developer of the Original Code is Lukas Gebauer (Czech Republic).# +# Portions created by Lukas Gebauer are Copyright (c)2002-2005. # +# All Rights Reserved. # +#==============================================================================# + +## OpenSSL support + +when defined(WINDOWS): + const + DLLSSLName = "(ssleay32|libssl32).dll" + DLLUtilName = "libeay32.dll" +else: + const + versions = "(|.0.9.9|.0.9.8|.0.9.7|.0.9.6|.0.9.5|.0.9.4|.0.9.3|.0.9.2)" + when defined(posix): + const + DLLSSLName = "libssl.so" & versions + DLLUtilName = "libcrypto.so" & versions + else: + const + DLLSSLName = "libssl.dylib" & versions + DLLUtilName = "libcrypto.dylib" & versions + +type + SslStruct {.final, pure.} = object + SslPtr* = ptr SslStruct + PSslPtr* = ptr SslPtr + PSSL_CTX* = SslPtr + PSSL* = SslPtr + PSSL_METHOD* = SslPtr + PX509* = SslPtr + PX509_NAME* = SslPtr + PEVP_MD* = SslPtr + PBIO_METHOD* = SslPtr + PBIO* = SslPtr + EVP_PKEY* = SslPtr + PRSA* = SslPtr + PASN1_UTCTIME* = SslPtr + PASN1_cInt* = SslPtr + PPasswdCb* = SslPtr + PFunction* = proc () + DES_cblock* = array[0..7, int8] + PDES_cblock* = ptr DES_cblock + des_ks_struct*{.final.} = object + ks*: DES_cblock + weak_key*: cInt + + des_key_schedule* = array[1..16, des_ks_struct] + +const + EVP_MAX_MD_SIZE* = 16 + 20 + SSL_ERROR_NONE* = 0 + SSL_ERROR_SSL* = 1 + SSL_ERROR_WANT_READ* = 2 + SSL_ERROR_WANT_WRITE* = 3 + SSL_ERROR_WANT_X509_LOOKUP* = 4 + SSL_ERROR_SYSCALL* = 5 #look at error stack/return value/errno + SSL_ERROR_ZERO_RETURN* = 6 + SSL_ERROR_WANT_CONNECT* = 7 + SSL_ERROR_WANT_ACCEPT* = 8 + SSL_CTRL_NEED_TMP_RSA* = 1 + SSL_CTRL_SET_TMP_RSA* = 2 + SSL_CTRL_SET_TMP_DH* = 3 + SSL_CTRL_SET_TMP_ECDH* = 4 + SSL_CTRL_SET_TMP_RSA_CB* = 5 + SSL_CTRL_SET_TMP_DH_CB* = 6 + SSL_CTRL_SET_TMP_ECDH_CB* = 7 + SSL_CTRL_GET_SESSION_REUSED* = 8 + SSL_CTRL_GET_CLIENT_CERT_REQUEST* = 9 + SSL_CTRL_GET_NUM_RENEGOTIATIONS* = 10 + SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS* = 11 + SSL_CTRL_GET_TOTAL_RENEGOTIATIONS* = 12 + SSL_CTRL_GET_FLAGS* = 13 + SSL_CTRL_EXTRA_CHAIN_CERT* = 14 + SSL_CTRL_SET_MSG_CALLBACK* = 15 + SSL_CTRL_SET_MSG_CALLBACK_ARG* = 16 # only applies to datagram connections + SSL_CTRL_SET_MTU* = 17 # Stats + SSL_CTRL_SESS_NUMBER* = 20 + SSL_CTRL_SESS_CONNECT* = 21 + SSL_CTRL_SESS_CONNECT_GOOD* = 22 + SSL_CTRL_SESS_CONNECT_RENEGOTIATE* = 23 + SSL_CTRL_SESS_ACCEPT* = 24 + SSL_CTRL_SESS_ACCEPT_GOOD* = 25 + SSL_CTRL_SESS_ACCEPT_RENEGOTIATE* = 26 + SSL_CTRL_SESS_HIT* = 27 + SSL_CTRL_SESS_CB_HIT* = 28 + SSL_CTRL_SESS_MISSES* = 29 + SSL_CTRL_SESS_TIMEOUTS* = 30 + SSL_CTRL_SESS_CACHE_FULL* = 31 + SSL_CTRL_OPTIONS* = 32 + SSL_CTRL_MODE* = 33 + SSL_CTRL_GET_READ_AHEAD* = 40 + SSL_CTRL_SET_READ_AHEAD* = 41 + SSL_CTRL_SET_SESS_CACHE_SIZE* = 42 + SSL_CTRL_GET_SESS_CACHE_SIZE* = 43 + SSL_CTRL_SET_SESS_CACHE_MODE* = 44 + SSL_CTRL_GET_SESS_CACHE_MODE* = 45 + SSL_CTRL_GET_MAX_CERT_LIST* = 50 + SSL_CTRL_SET_MAX_CERT_LIST* = 51 #* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success + # * when just a single record has been written): * + SSL_MODE_ENABLE_PARTIAL_WRITE* = 1 #* Make it possible to retry SSL_write() with changed buffer location + # * (buffer contents must stay the same!); this is not the default to avoid + # * the misconception that non-blocking SSL_write() behaves like + # * non-blocking write(): * + SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER* = 2 #* Never bother the application with retries if the transport + # * is blocking: * + SSL_MODE_AUTO_RETRY* = 4 #* Don't attempt to automatically build certificate chain * + SSL_MODE_NO_AUTO_CHAIN* = 8 + SSL_OP_NO_SSLv2* = 0x01000000 + SSL_OP_NO_SSLv3* = 0x02000000 + SSL_OP_NO_TLSv1* = 0x04000000 + SSL_OP_ALL* = 0x000FFFFF + SSL_VERIFY_NONE* = 0x00000000 + SSL_VERIFY_PEER* = 0x00000001 + OPENSSL_DES_DECRYPT* = 0 + OPENSSL_DES_ENCRYPT* = 1 + X509_V_OK* = 0 + X509_V_ILLEGAL* = 1 + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT* = 2 + X509_V_ERR_UNABLE_TO_GET_CRL* = 3 + X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE* = 4 + X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE* = 5 + X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY* = 6 + X509_V_ERR_CERT_SIGNATURE_FAILURE* = 7 + X509_V_ERR_CRL_SIGNATURE_FAILURE* = 8 + X509_V_ERR_CERT_NOT_YET_VALID* = 9 + X509_V_ERR_CERT_HAS_EXPIRED* = 10 + X509_V_ERR_CRL_NOT_YET_VALID* = 11 + X509_V_ERR_CRL_HAS_EXPIRED* = 12 + X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD* = 13 + X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD* = 14 + X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD* = 15 + X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD* = 16 + X509_V_ERR_OUT_OF_MEM* = 17 + X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT* = 18 + X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN* = 19 + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY* = 20 + X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE* = 21 + X509_V_ERR_CERT_CHAIN_TOO_LONG* = 22 + X509_V_ERR_CERT_REVOKED* = 23 + X509_V_ERR_INVALID_CA* = 24 + X509_V_ERR_PATH_LENGTH_EXCEEDED* = 25 + X509_V_ERR_INVALID_PURPOSE* = 26 + X509_V_ERR_CERT_UNTRUSTED* = 27 + X509_V_ERR_CERT_REJECTED* = 28 #These are 'informational' when looking for issuer cert + X509_V_ERR_SUBJECT_ISSUER_MISMATCH* = 29 + X509_V_ERR_AKID_SKID_MISMATCH* = 30 + X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH* = 31 + X509_V_ERR_KEYUSAGE_NO_CERTSIGN* = 32 + X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER* = 33 + X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION* = 34 #The application is not happy + X509_V_ERR_APPLICATION_VERIFICATION* = 50 + SSL_FILETYPE_ASN1* = 2 + SSL_FILETYPE_PEM* = 1 + EVP_PKEY_RSA* = 6 # libssl.dll + + BIO_C_SET_CONNECT = 100 + BIO_C_DO_STATE_MACHINE = 101 + BIO_C_GET_SSL = 110 + +proc SSL_library_init*(): cInt{.cdecl, dynlib: DLLSSLName, importc.} +proc SSL_load_error_strings*(){.cdecl, dynlib: DLLSSLName, importc.} +proc ERR_load_BIO_strings*(){.cdecl, dynlib: DLLSSLName, importc.} + +proc SSLv23_client_method*(): PSSL_METHOD{.cdecl, dynlib: DLLSSLName, importc.} + +proc SSL_CTX_new*(meth: PSSL_METHOD): PSSL_CTX{.cdecl, dynlib: DLLSSLName, importc.} +proc SSL_CTX_load_verify_locations*(ctx: PSSL_CTX, CAfile: cstring, CApath: cstring): cInt{. + cdecl, dynlib: DLLSSLName, importc.} +proc SSL_get_verify_result*(ssl: PSSL): int{.cdecl, dynlib: DLLSSLName, importc.} + +proc BIO_new_ssl_connect*(ctx: PSSL_CTX): PBIO{.cdecl, dynlib: DLLSSLName, importc.} +proc BIO_ctrl*(bio: PBIO, cmd: cint, larg: int, arg: cstring): int{.cdecl, dynlib: DLLSSLName, importc.} +proc BIO_get_ssl*(bio: PBIO, ssl: ptr PSSL): int = + return BIO_ctrl(bio, BIO_C_GET_SSL, 0, cast[cstring](ssl)) +proc BIO_set_conn_hostname*(bio: PBIO, name: cstring): int = + return BIO_ctrl(bio, BIO_C_SET_CONNECT, 0, name) +proc BIO_do_handshake*(bio: PBIO): int = + return BIO_ctrl(bio, BIO_C_DO_STATE_MACHINE, 0, NIL) +proc BIO_do_connect*(bio: PBIO): int = + return BIO_do_handshake(bio) + +proc BIO_read*(b: PBIO, data: cstring, length: cInt): cInt{.cdecl, + dynlib: DLLUtilName, importc.} +proc BIO_write*(b: PBIO, data: cstring, length: cInt): cInt{.cdecl, + dynlib: DLLUtilName, importc.} + +proc ERR_print_errors_fp*(fp: TFile){.cdecl, dynlib: DLLSSLName, importc.} + +when True: + nil +else: + proc SslGetError*(s: PSSL, ret_code: cInt): cInt{.cdecl, dynlib: DLLSSLName, + importc.} + proc SslCtxSetCipherList*(arg0: PSSL_CTX, str: cstring): cInt{.cdecl, + dynlib: DLLSSLName, importc.} + proc SslCtxNew*(meth: PSSL_METHOD): PSSL_CTX{.cdecl, dynlib: DLLSSLName, importc.} + proc SslCtxFree*(arg0: PSSL_CTX){.cdecl, dynlib: DLLSSLName, importc.} + proc SslSetFd*(s: PSSL, fd: cInt): cInt{.cdecl, dynlib: DLLSSLName, importc.} + proc SslCtrl*(ssl: PSSL, cmd: cInt, larg: int, parg: Pointer): int{.cdecl, + dynlib: DLLSSLName, importc.} + proc SslCTXCtrl*(ctx: PSSL_CTX, cmd: cInt, larg: int, parg: Pointer): int{. + cdecl, dynlib: DLLSSLName, importc.} + + proc SSLCTXSetMode*(ctx: PSSL_CTX, mode: int): int + proc SSLSetMode*(s: PSSL, mode: int): int + proc SSLCTXGetMode*(ctx: PSSL_CTX): int + proc SSLGetMode*(s: PSSL): int + proc SslMethodV2*(): PSSL_METHOD{.cdecl, dynlib: DLLSSLName, importc.} + proc SslMethodV3*(): PSSL_METHOD{.cdecl, dynlib: DLLSSLName, importc.} + proc SslMethodTLSV1*(): PSSL_METHOD{.cdecl, dynlib: DLLSSLName, importc.} + proc SslMethodV23*(): PSSL_METHOD{.cdecl, dynlib: DLLSSLName, importc.} + proc SslCtxUsePrivateKey*(ctx: PSSL_CTX, pkey: SslPtr): cInt{.cdecl, + dynlib: DLLSSLName, importc.} + proc SslCtxUsePrivateKeyASN1*(pk: cInt, ctx: PSSL_CTX, d: cstring, length: int): cInt{. + cdecl, dynlib: DLLSSLName, importc.} + proc SslCtxUsePrivateKeyFile*(ctx: PSSL_CTX, filename: cstring, typ: cInt): cInt{. + cdecl, dynlib: DLLSSLName, importc.} + proc SslCtxUseCertificate*(ctx: PSSL_CTX, x: SslPtr): cInt{.cdecl, + dynlib: DLLSSLName, importc.} + proc SslCtxUseCertificateASN1*(ctx: PSSL_CTX, length: int, d: cstring): cInt{. + cdecl, dynlib: DLLSSLName, importc.} + proc SslCtxUseCertificateFile*(ctx: PSSL_CTX, filename: cstring, typ: cInt): cInt{. + cdecl, dynlib: DLLSSLName, importc.} + # function SslCtxUseCertificateChainFile(ctx: PSSL_CTX; const filename: PChar):cInt; + proc SslCtxUseCertificateChainFile*(ctx: PSSL_CTX, filename: cstring): cInt{. + cdecl, dynlib: DLLSSLName, importc.} + proc SslCtxCheckPrivateKeyFile*(ctx: PSSL_CTX): cInt{.cdecl, dynlib: DLLSSLName, + importc.} + proc SslCtxSetDefaultPasswdCb*(ctx: PSSL_CTX, cb: PPasswdCb){.cdecl, + dynlib: DLLSSLName, importc.} + proc SslCtxSetDefaultPasswdCbUserdata*(ctx: PSSL_CTX, u: SslPtr){.cdecl, + dynlib: DLLSSLName, importc.} + # function SslCtxLoadVerifyLocations(ctx: PSSL_CTX; const CAfile: PChar; const CApath: PChar):cInt; + proc SslCtxLoadVerifyLocations*(ctx: PSSL_CTX, CAfile: cstring, CApath: cstring): cInt{. + cdecl, dynlib: DLLSSLName, importc.} + proc SslNew*(ctx: PSSL_CTX): PSSL{.cdecl, dynlib: DLLSSLName, importc.} + proc SslFree*(ssl: PSSL){.cdecl, dynlib: DLLSSLName, importc.} + proc SslAccept*(ssl: PSSL): cInt{.cdecl, dynlib: DLLSSLName, importc.} + proc SslConnect*(ssl: PSSL): cInt{.cdecl, dynlib: DLLSSLName, importc.} + proc SslShutdown*(ssl: PSSL): cInt{.cdecl, dynlib: DLLSSLName, importc.} + proc SslRead*(ssl: PSSL, buf: SslPtr, num: cInt): cInt{.cdecl, + dynlib: DLLSSLName, importc.} + proc SslPeek*(ssl: PSSL, buf: SslPtr, num: cInt): cInt{.cdecl, + dynlib: DLLSSLName, importc.} + proc SslWrite*(ssl: PSSL, buf: SslPtr, num: cInt): cInt{.cdecl, + dynlib: DLLSSLName, importc.} + proc SslPending*(ssl: PSSL): cInt{.cdecl, dynlib: DLLSSLName, importc.} + proc SslGetVersion*(ssl: PSSL): cstring{.cdecl, dynlib: DLLSSLName, importc.} + proc SslGetPeerCertificate*(ssl: PSSL): PX509{.cdecl, dynlib: DLLSSLName, + importc.} + proc SslCtxSetVerify*(ctx: PSSL_CTX, mode: cInt, arg2: PFunction){.cdecl, + dynlib: DLLSSLName, importc.} + proc SSLGetCurrentCipher*(s: PSSL): SslPtr{.cdecl, dynlib: DLLSSLName, importc.} + proc SSLCipherGetName*(c: SslPtr): cstring{.cdecl, dynlib: DLLSSLName, importc.} + proc SSLCipherGetBits*(c: SslPtr, alg_bits: var cInt): cInt{.cdecl, + dynlib: DLLSSLName, importc.} + proc SSLGetVerifyResult*(ssl: PSSL): int{.cdecl, dynlib: DLLSSLName, importc.} + # libeay.dll + proc X509New*(): PX509{.cdecl, dynlib: DLLUtilName, importc.} + proc X509Free*(x: PX509){.cdecl, dynlib: DLLUtilName, importc.} + proc X509NameOneline*(a: PX509_NAME, buf: cstring, size: cInt): cstring{. + cdecl, dynlib: DLLUtilName, importc.} + proc X509GetSubjectName*(a: PX509): PX509_NAME{.cdecl, dynlib: DLLUtilName, + importc.} + proc X509GetIssuerName*(a: PX509): PX509_NAME{.cdecl, dynlib: DLLUtilName, + importc.} + proc X509NameHash*(x: PX509_NAME): int{.cdecl, dynlib: DLLUtilName, importc.} + # function SslX509Digest(data: PX509; typ: PEVP_MD; md: PChar; len: PcInt):cInt; + proc X509Digest*(data: PX509, typ: PEVP_MD, md: cstring, length: var cInt): cInt{. + cdecl, dynlib: DLLUtilName, importc.} + proc X509print*(b: PBIO, a: PX509): cInt{.cdecl, dynlib: DLLUtilName, importc.} + proc X509SetVersion*(x: PX509, version: cInt): cInt{.cdecl, dynlib: DLLUtilName, + importc.} + proc X509SetPubkey*(x: PX509, pkey: EVP_PKEY): cInt{.cdecl, dynlib: DLLUtilName, + importc.} + proc X509SetIssuerName*(x: PX509, name: PX509_NAME): cInt{.cdecl, + dynlib: DLLUtilName, importc.} + proc X509NameAddEntryByTxt*(name: PX509_NAME, field: cstring, typ: cInt, + bytes: cstring, length, loc, theSet: cInt): cInt{. + cdecl, dynlib: DLLUtilName, importc.} + proc X509Sign*(x: PX509, pkey: EVP_PKEY, md: PEVP_MD): cInt{.cdecl, + dynlib: DLLUtilName, importc.} + proc X509GmtimeAdj*(s: PASN1_UTCTIME, adj: cInt): PASN1_UTCTIME{.cdecl, + dynlib: DLLUtilName, importc.} + proc X509SetNotBefore*(x: PX509, tm: PASN1_UTCTIME): cInt{.cdecl, + dynlib: DLLUtilName, importc.} + proc X509SetNotAfter*(x: PX509, tm: PASN1_UTCTIME): cInt{.cdecl, + dynlib: DLLUtilName, importc.} + proc X509GetSerialNumber*(x: PX509): PASN1_cInt{.cdecl, dynlib: DLLUtilName, + importc.} + proc EvpPkeyNew*(): EVP_PKEY{.cdecl, dynlib: DLLUtilName, importc.} + proc EvpPkeyFree*(pk: EVP_PKEY){.cdecl, dynlib: DLLUtilName, importc.} + proc EvpPkeyAssign*(pkey: EVP_PKEY, typ: cInt, key: Prsa): cInt{.cdecl, + dynlib: DLLUtilName, importc.} + proc EvpGetDigestByName*(Name: cstring): PEVP_MD{.cdecl, dynlib: DLLUtilName, + importc.} + proc EVPcleanup*(){.cdecl, dynlib: DLLUtilName, importc.} + # function ErrErrorString(e: cInt; buf: PChar): PChar; + proc SSLeayversion*(t: cInt): cstring{.cdecl, dynlib: DLLUtilName, importc.} + proc ErrErrorString*(e: cInt, buf: cstring, length: cInt){.cdecl, + dynlib: DLLUtilName, importc.} + proc ErrGetError*(): cInt{.cdecl, dynlib: DLLUtilName, importc.} + proc ErrClearError*(){.cdecl, dynlib: DLLUtilName, importc.} + proc ErrFreeStrings*(){.cdecl, dynlib: DLLUtilName, importc.} + proc ErrRemoveState*(pid: cInt){.cdecl, dynlib: DLLUtilName, importc.} + proc OPENSSLaddallalgorithms*(){.cdecl, dynlib: DLLUtilName, importc.} + proc CRYPTOcleanupAllExData*(){.cdecl, dynlib: DLLUtilName, importc.} + proc RandScreen*(){.cdecl, dynlib: DLLUtilName, importc.} + proc BioNew*(b: PBIO_METHOD): PBIO{.cdecl, dynlib: DLLUtilName, importc.} + proc BioFreeAll*(b: PBIO){.cdecl, dynlib: DLLUtilName, importc.} + proc BioSMem*(): PBIO_METHOD{.cdecl, dynlib: DLLUtilName, importc.} + proc BioCtrlPending*(b: PBIO): cInt{.cdecl, dynlib: DLLUtilName, importc.} + proc BioRead*(b: PBIO, Buf: cstring, length: cInt): cInt{.cdecl, + dynlib: DLLUtilName, importc.} + proc BioWrite*(b: PBIO, Buf: cstring, length: cInt): cInt{.cdecl, + dynlib: DLLUtilName, importc.} + proc d2iPKCS12bio*(b: PBIO, Pkcs12: SslPtr): SslPtr{.cdecl, dynlib: DLLUtilName, + importc.} + proc PKCS12parse*(p12: SslPtr, pass: cstring, pkey, cert, ca: var SslPtr): cint{. + dynlib: DLLUtilName, importc, cdecl.} + + proc PKCS12free*(p12: SslPtr){.cdecl, dynlib: DLLUtilName, importc.} + proc RsaGenerateKey*(bits, e: cInt, callback: PFunction, cb_arg: SslPtr): PRSA{. + cdecl, dynlib: DLLUtilName, importc.} + proc Asn1UtctimeNew*(): PASN1_UTCTIME{.cdecl, dynlib: DLLUtilName, importc.} + proc Asn1UtctimeFree*(a: PASN1_UTCTIME){.cdecl, dynlib: DLLUtilName, importc.} + proc Asn1cIntSet*(a: PASN1_cInt, v: cInt): cInt{.cdecl, dynlib: DLLUtilName, + importc.} + proc i2dX509bio*(b: PBIO, x: PX509): cInt{.cdecl, dynlib: DLLUtilName, importc.} + proc i2dPrivateKeyBio*(b: PBIO, pkey: EVP_PKEY): cInt{.cdecl, + dynlib: DLLUtilName, importc.} + # 3DES functions + proc DESsetoddparity*(Key: des_cblock){.cdecl, dynlib: DLLUtilName, importc.} + proc DESsetkeychecked*(key: des_cblock, schedule: des_key_schedule): cInt{. + cdecl, dynlib: DLLUtilName, importc.} + proc DESecbencrypt*(Input: des_cblock, output: des_cblock, ks: des_key_schedule, + enc: cInt){.cdecl, dynlib: DLLUtilName, importc.} + # implementation + + proc SSLCTXSetMode(ctx: PSSL_CTX, mode: int): int = + Result = SslCTXCtrl(ctx, SSL_CTRL_MODE, mode, nil) + + proc SSLSetMode(s: PSSL, mode: int): int = + Result = SSLctrl(s, SSL_CTRL_MODE, mode, nil) + + proc SSLCTXGetMode(ctx: PSSL_CTX): int = + Result = SSLCTXctrl(ctx, SSL_CTRL_MODE, 0, nil) + + proc SSLGetMode(s: PSSL): int = + Result = SSLctrl(s, SSL_CTRL_MODE, 0, nil) +