package ssl

  1. Overview
  2. Docs
Bindings for OpenSSL

Install

Dune Dependency

Authors

Maintainers

Sources

ssl-0.5.12.tbz
sha256=e60c4dc60636516d82db785e5533ddbaabca5f96483f04a0d6aa6f43b5e9e79e
sha512=0ab2b491765d0405cd28b8479f4a03de9191ba87ba7d77ca013c48508c2bbfead21ff91202d5df978efedad767652476bbfc977243ca4190580dac6a2086e65d

CHANGES.md.html

Unreleased

  • Add a few verification functions (#71):

    • add_extra_chain_cert to send additional chain certificates to the peer.

    • add_cert_to_store: to allow verification of the peer certificate CA.

    • set_ip: sets the expected IP address to be verified on a SSL socket.

  • Improve use_certificate_from_string (#71) to read any type of key (rather than just RSA).

  • Fix a segmentation fault in the ALPN selection callback under OCaml 5 (#89).

  • Audit the C FFI and add CAMLparamX and CAMLreturn calls (#90).

0.5.11

  • Add digest function (#65, #66).

  • Restore compatibility with openssl < 1.1.0 (#73).

  • Improved compatibility with OCaml 5 (#79).

  • Fix client_verify_callback for NO_NAKED_POINTERS mode. A user-provided verification function in C remains an out-of-heap pointer for 4.x for compatibility, but is boxed for OCaml 5.x or 4.x when configured with --disable-naked-pointers. (#83)

0.5.10 (2021-02-01)

  • Add use_certificate_from_string (#54).

  • Add get_verify_error_string, get_start_date, get_expiration_date (#57).

  • Release master lock on ALPN failure (#58).

  • Add version (#60).

  • Switch to dune 2 (#61).

0.5.9 (2019-07-15)

  • Backward compatibility with OpenSSL 1.0.2 (#53).

0.5.8 (2019-07-03)

  • Better error reporting.

  • Add support for hostname validation (#49).

  • Add ALPN support (#37, #38, #48).

0.5.7 (2018-10-25)

  • Correctly set #defines (#40).

  • Correctly deal with non-existent directories for Homebrew (#42).

0.5.6 (2018-09-12)

  • Switch to the dune build system.

0.5.5 (2017-10-13)

  • Make sure that LDFLAGS is honored during build.

0.5.4 (2017-10-02)

  • Enable safe-string compatibility (#32).

  • Add -std=c99 to CFLAGS (#29).

0.5.3 (2016-11-08)

  • Remove -ansi flag to be compatible with OCaml 4.04 (thanks Mark Shinwell).

  • Use accessor functions for X509_STORE_CTX.

  • Change CLIBS order to allow static linking.

0.5.2 (2015-11-23)

  • Add OPENSSL_NO_SSL3 preprocessor flag to disable SSLv3 (thanks Jérémie Courrèges-Anglas).

0.5.1 (2015-05-27)

  • Fix META file for versions of OCaml older than 4.02.0 (thanks Anil Madhavapeddy, closes #20).

0.5.0 (2015-05-18)

  • Allow to honor server cipher preferences (thanks mfp, closes #18).

  • Add functions for reading into/writing from bigarrays, avoiding copy (thanks mfp, closes #15).

  • Support disabling SSL protocol versions (thanks Edwin Török, closes #13).

  • Use Bytes instead of String for read and write, changes the ABI thus the version bump (thanks Vincent Bernardoff, closes #16, and mfp, closes #19).

  • Make verbosity of client_verify_callback configurable (thanks Nicolas Trangez, closes #12).

  • Fix build with old versions of SSL (thanks Edwin Török, closes #10).

0.4.7 (2014-04-21)

  • Add support for TLS1.1 and TLS1.2 (thanks Thomas Calderon).

  • Add function to initialize Diffie-Hellman and elliptic curve parameters (thanks Thomas Calderon and Edwin Török).

  • Add set_client_SNI_hostname to specify client-side SNI hostname (thanks Mauricio Fernandez).

  • Fix double leave of blocking section in ocaml_ssl_accept (thanks Edwin Török).

  • Check for errors in SSL_connect/SSL_accept (thanks Jérôme Vouillon).

  • Clear the error queue before calling SSL_read and similar functions; SSL_get_error does not work reliably otherwise (thanks Jérôme Vouillon).

  • Allow static linking on Mingw64 (thanks schadinger).

0.4.6 (2011-10-16)

  • Added write_certificate function.

  • Remove support for SSLv2, which was dropped upstream (thanks Dario Teixeira).

  • Added support for compiling under Win32 (thanks David Allsopp), see README.win32.

  • Check for pthreads in configure.

0.4.5 (2011-03-01)

  • Use pthread mutexes for locking thread-safe version of ssl.

0.4.4 (2010-01-06)

  • Use SSL_CTX_use_certificate_chain_file instead of SSL_CTX_use_certificate_file.

  • Added support for --enable-debugging configure option.

  • Don't link with unix library and don't build in custom mode.

0.4.3 (2008-12-18)

  • Don't use blocking sections in finalizers since it causes segfaults (thanks Grégoire Henry and Stéphane Glondu).

0.4.2 (2007-03-29)

  • Added some missing blocking sections (reported by Oscar Hellström).

0.4.1 (2007-02-21)

  • file_descr_of_socket is not marked as deprecated anymore.

  • Patched the Makefile to be compatible with FreeBSD (thanks Jaap Boender).

  • Explicitely link with libcrypto since we use it. Compilation should now work on Mac OS X too (thanks Janne Hellsten).

0.4.0 (2006-09-09)

  • Using caml_alloc_custom and Data_custom_val to access custom blocks.

  • Added set_password_callback function.

  • Integrated a big patch from Chris Waterson:

  • Added get_error_string function.

  • Read and write are not blocking anymore, use Unix.select and file_descr_of_socket if you want blocking functions.

  • Fix SSL_CTX initialization to call SSL_CTX_set_mode(3) with SSL_MODE_AUTO_RETRY flag. This causes SSL_read and SSL_write to "hide" the SSL_ERROR_WANT_(READ|WRITE) errors that may occur during renegotiation on a blocking socket.

  • Fix SSL_CTX initialization to call SSL_CTX_set_mode(3) with SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag. This allows for a different buffer address to be passed to a restarted non-blocking write operation, which is useful since the OCaml garbage collector may move buffers around between calls.

  • We do not need to store explicitely the file descriptor for SSL sockets.

  • Corrected checking of errors in ocaml_ssl_read (thanks Vincent Balat and Nataliya Guts).

  • input_char now raises End_of_file when no byte could be read (thanks Nataliya Guts).

0.3.1 (2005-07-21)

  • The library is now under the LGPL licence + linking exception + linking with openssl exception (see COPYING for more details).

0.3.0 (2005-06-01)

  • Added Ssl_threads.init function to make the library thread-safe.

  • Put connect, accept and flush (and all other functions) in blocking_section to allow other threads to run in the meantime.

  • Unified the three context creation functions in create_context, the certificate to use should now be sepcified with use_certificate (sorry for the API-breakage).

  • Added the get_verify_result function.

  • Using Store_field instead of Field(...) = ...

  • Using caml namespace functions.

0.2.0 (2004-12-18)

  • Many thanks to Thomas Fischbacher for his patches:

  • Corrected int / val bugs when raising exceptions from C (those where found by Mike Furr too, thanks).

  • Added many fonctions (but in Caml instead of C).

  • Context creation functions now take the protocol as argument.

  • Added the create_context function (for client and server connections).

  • Added functions for verifying certificates: client_verify_callback, set_verify, set_verify_depth, verify.

  • The cipher now has its own type.

  • Added functions to handle ciphers: get_current_cipher, get_cipher_description, get_cipher_name, get_cipher_version, set_cipher_list.

  • Added the read_certificate and load_verify_locations functions.

  • Added the open_connection_with_context and flush functions.

  • read and write functions are now thread-safe.

  • Cleaned the stubs (function prototypes, comments, etc.).

  • Updated OCamlMakefile and improved build system.

0.1.0 (2004-02-05)

  • Initial release.

OCaml

Innovation. Community. Security.