Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API for OpenSSL #3865

Merged
merged 8 commits into from Jan 16, 2017
Merged

API for OpenSSL #3865

Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
e1b1314
api for openssl
Jan 10, 2017
c6b6002
added full cipher string list link
Jan 10, 2017
4b5d006
Changes to ciphers
Jan 10, 2017
fb91626
Added more info regarding defaults
Jan 10, 2017
51d5217
Changed wording and removed cipher usage
Jan 10, 2017
072de90
removed cli example
Jan 10, 2017
262dbd2
newlines
Jan 11, 2017
c97eab0
removed crystal suffix from markdown
Jan 14, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
54 changes: 54 additions & 0 deletions src/openssl.cr
View file
Open in desktop
@@ -1,5 +1,59 @@
require "./openssl/lib_ssl"

# # OpenSSL Integration
#
# - TLS sockets need a context, potentially with keys (required for servers) and configuration.
# - TLS sockets will wrap the underlying TCP socket, and any further communication must happen through the OpenSSL::SSL::Socket only.
#
# ## Usage Example
# - Note: for the below "server" example to work, a key pair should be attained
#
# Recommended ciphers can be taken from
# - https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Rule_-_Only_Support_Strong_Cryptographic_Ciphers
# - https://cipherli.st/
# - Full list is available at: https://wiki.openssl.org/index.php/Manual:Ciphers(1)#CIPHER_STRINGS
#
# Do note that
# - Crystal does its best to provide sane configuration defaults (see [Mozilla-Intermediate](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29))
# - Linked version of OpenSSL need to be checked for supporting specific protocols and ciphers
# - If any configurations or choices in Crystal regarding SSL settings and security are found to be lacking or need
# improvement please open an issue and let us know
#
# ### Server side
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a newline before and after the heading ###.

#
# ```
# require "socket"
# require "openssl"
#
# def server
# socket = TCPServer.new(5555) # Bind new TCPSocket to port 5555
# context = OpenSSL::SSL::Context::Server.new
# context.private_key = "/path/to/private.key"
# context.certificate_chain = "/path/to/public.cert"
# puts "server is up"
# socket.accept do |client|
# puts "got client"
# ssl_socket = OpenSSL::SSL::Socket::Server.new(client, context)
# slice = Slice(UInt8).new(20)
# ssl_socket.read(slice)
# puts String.new(slice)
# end
# end
# ```
#
# ### Client side
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ditto

#
# ```
# require "socket"
# require "openssl"
#
# def client
# socket = TCPSocket.new("127.0.0.1", 5555)
# context = OpenSSL::SSL::Context::Client.new
# ssl_socket = OpenSSL::SSL::Socket::Client.new(socket, context)
# ssl_socket.write("Testing".to_slice)
# end
# ```
module OpenSSL
class Error < Exception
getter! code : LibCrypto::ULong?
Expand Down