Swiftpack.co - Package - apple/swift-nio-ssl

SwiftNIO SSL

SwiftNIO SSL is a Swift package that contains an implementation of TLS based on BoringSSL. This package allows users of SwiftNIO to write protocol clients and servers that use TLS to secure data in flight.

The name is inspired primarily by the names of the library this package uses (BoringSSL), and not because we don't know the name of the protocol. We know the protocol is TLS!

To get started, check out the API docs.

Using SwiftNIO SSL

SwiftNIO SSL provides two ChannelHandlers to use to secure a data stream: the NIOSSLClientHandler and the NIOSSLServerHandler. Each of these can be added to a Channel to secure the communications on that channel.

Additionally, we provide a number of low-level primitives for configuring your TLS connections. These will be shown below.

To secure a server connection, you will need a X.509 certificate chain in a file (either PEM or DER, but PEM is far easier), and the associated private key for the leaf certificate. These objects can then be wrapped up in a TLSConfiguration object that is used to initialize the ChannelHandler.

For example:

let configuration = TLSConfiguration.forServer(certificateChain: try NIOSSLCertificate.fromPEMFile("cert.pem").map { .certificate($0) },
                                               privateKey: .file("key.pem"))
let sslContext = try NIOSSLContext(configuration: configuration)

let server = ServerBootstrap(group: group)
    .childChannelInitializer { channel in
        // important: The handler must be initialized _inside_ the `childChannelInitializer`
        let handler = try NIOSSLServerHandler(context: sslContext)

        [...]
        channel.pipeline.addHandler(handler)
        [...]
    }

For clients, it is a bit simpler as there is no need to have a certificate chain or private key (though clients may have these things). Setup for clients may be done like this:

let configuration = TLSConfiguration.forClient()
let sslContext = try NIOSSLContext(configuration: configuration)

let client = ClientBootstrap(group: group)
    .channelInitializer { channel in}
        // important: The handler must be initialized _inside_ the `channelInitializer`
        let handler = try NIOSSLClientHandler(context: sslContext)

        [...]
        channel.pipeline.addHandler(handler)
        [...]
    }

Github

link
Stars: 221
Help us keep the lights on

Dependencies

Releases

2.4.5 - Dec 9, 2019

SemVer Patch

  • Add regression limits for allocation tests. (#160)
  • Update BoringSSL to 134fb89c4f9da7903d9aa81c6bd1d3c466782de1 (#159)
  • Update Code of Conduct project maintainer email address (#157)
  • Refactor doUnbufferWrites reduce memory pressure (#155)
  • Add benchmarks. (#154)
  • add harness for performance tests (#156)
  • Add allocation counter tests. (#153)
  • Add regression test for executable stacks. (#152)

2.4.4 - Nov 14, 2019

Semver Patch

  • Fixed an issue where some symbols were not correctly namespaced on Linux. (#150)
  • Updated testing. (#145)
  • Updated BoringSSL to 6ba98ff. (#149)

2.4.3 - Oct 24, 2019

Semver Patch

  • Raised minimum dependency on SwiftNIO to 2.9.0 and removed build warnings. (#144)
  • Cleaned up internal use of the Swift pointer APIs to better reflect best practices. (#143)

2.4.2 - Oct 11, 2019

Semver Patch

  • Fixed compilation on Linux aarch64. (#141)
  • Improved testing. (#138)
  • Updated BoringSSL. (#142)

2.4.1 - Oct 4, 2019

Semver Patch

  • Fixed the namespacing of a number of BoringSSL functions. (#131)
  • Fix up some inline assembly. (#137)
  • CI and documentation fixes (#132, #133)