Swiftpack.co - Package - apple/swift-nio-ssl

SwiftNIO SSL

SwiftNIO SSL is a Swift package that contains an implementation of TLS based on BoringSSL. This package allows users of SwiftNIO to write protocol clients and servers that use TLS to secure data in flight.

The name is inspired primarily by the names of the library this package uses (BoringSSL), and not because we don't know the name of the protocol. We know the protocol is TLS!

To get started, check out the API docs.

Using SwiftNIO SSL

SwiftNIO SSL provides two ChannelHandlers to use to secure a data stream: the NIOSSLClientHandler and the NIOSSLServerHandler. Each of these can be added to a Channel to secure the communications on that channel.

Additionally, we provide a number of low-level primitives for configuring your TLS connections. These will be shown below.

To secure a server connection, you will need a X.509 certificate chain in a file (either PEM or DER, but PEM is far easier), and the associated private key for the leaf certificate. These objects can then be wrapped up in a TLSConfiguration object that is used to initialize the ChannelHandler.

For example:

let configuration = TLSConfiguration.forServer(certificateChain: try NIOSSLCertificate.fromPEMFile("cert.pem").map { .certificate($0) },
                                               privateKey: .file("key.pem"))
let sslContext = try NIOSSLContext(configuration: configuration)

let server = ServerBootstrap(group: group)
    .childChannelInitializer { channel in
        // important: The handler must be initialized _inside_ the `childChannelInitializer`
        let handler = try NIOSSLServerHandler(context: sslContext)

        [...]
        channel.pipeline.addHandler(handler)
        [...]
    }

For clients, it is a bit simpler as there is no need to have a certificate chain or private key (though clients may have these things). Setup for clients may be done like this:

let configuration = TLSConfiguration.forClient()
let sslContext = try NIOSSLContext(configuration: configuration)

let client = ClientBootstrap(group: group)
    .channelInitializer { channel in}
        // important: The handler must be initialized _inside_ the `channelInitializer`
        let handler = try NIOSSLClientHandler(context: sslContext)

        [...]
        channel.pipeline.addHandler(handler)
        [...]
    }

Github

link
Stars: 228

Dependencies

Used By

Total: 0

Releases

SwiftNIO SSL 2.6.0 - 2020-01-22 16:25:08

SemVer Minor

  • Provide better certificate verification callback (#171)
  • Add hashability to Certificate and PrivateKey (#169)

SemVer Patch

  • enable @_implementationOnly for Swift 5.3 (#174)
  • Add API for dumping certificate bytes. (#172)
  • Allow testing deprecated functions. (#170)
  • Update BoringSSL to 0deb91ab3f7e24307572497f0f7438684590bf92 (#167)

SwiftNIO SSL 2.5.0 - 2019-12-20 17:43:04

SemVer Minor

  • Remove unsafe code from hostname verification (#166)
  • Better errors when we fail hostname verification (#165)

SemVer Patch

  • Add missing cases to == for NIOSSLError and BoringSSLError (#163)
  • tests: remove unused varible (#162)
  • test lots of closes (#161)

SwiftNIO SSL 2.4.5 - 2019-12-09 14:43:58

SemVer Patch

  • Add regression limits for allocation tests. (#160)
  • Update BoringSSL to 134fb89c4f9da7903d9aa81c6bd1d3c466782de1 (#159)
  • Update Code of Conduct project maintainer email address (#157)
  • Refactor doUnbufferWrites reduce memory pressure (#155)
  • Add benchmarks. (#154)
  • add harness for performance tests (#156)
  • Add allocation counter tests. (#153)
  • Add regression test for executable stacks. (#152)

SwiftNIO SSL 2.4.4 - 2019-11-14 10:59:21

Semver Patch

  • Fixed an issue where some symbols were not correctly namespaced on Linux. (#150)
  • Updated testing. (#145)
  • Updated BoringSSL to 6ba98ff. (#149)

SwiftNIO SSL 2.4.3 - 2019-10-24 00:25:37

Semver Patch

  • Raised minimum dependency on SwiftNIO to 2.9.0 and removed build warnings. (#144)
  • Cleaned up internal use of the Swift pointer APIs to better reflect best practices. (#143)

SwiftNIO SSL 2.4.2 - 2019-10-11 14:55:31

Semver Patch

  • Fixed compilation on Linux aarch64. (#141)
  • Improved testing. (#138)
  • Updated BoringSSL. (#142)

SwiftNIO SSL 2.4.1 - 2019-10-04 14:48:05

Semver Patch

  • Fixed the namespacing of a number of BoringSSL functions. (#131)
  • Fix up some inline assembly. (#137)
  • CI and documentation fixes (#132, #133)

SwiftNIO SSL 2.4.0 - 2019-08-13 13:53:36

SemVer Minor

  • Use UInt8 instead of Int8 for buffer types (#127)

SemVer Patch

  • Avoid using a deprecated enum case in the README (#126)
  • Use CInt and CUnsignedInt when calling C APIs (#128)
  • Don't pass read-only bytes as mutable to BoringSSL (#129)

SwiftNIO SSL 2.3.1 - 2019-08-10 14:43:23

Semver Patch

  • Resolved an issue where compilation on 64-bit ARM platforms would fail due to missing compiler defines. (#125)

SwiftNIO SSL 2.3.0 - 2019-08-09 15:58:17

Semver Minor

  • Added support for loading multiple certificates from a single PEM file or buffer, deprecated the old mechanism for doing so. (#123)

Semver Patch

  • Changed the BoringSSL header namespacing strategy to work better with swift package generate-xcodeproj-based Xcode projects. (#122)
  • Fix a crash when attempting to load a private key that is password protected without providing a password. (#119)
  • Clean up documentation. (#120)

SwiftNIO SSL 2.2.0 - 2019-07-22 16:46:44

Semver Minor

  • Added support for TLS client authentication via renegotiation on the client side. (#111)
  • Hid BoringSSL properly from users. (#117)

Semver Patch

  • Updated BoringSSL to a86c69888b9a416f5249aacb4690a765be064969. (#118)
  • Miscellaneous testing improvements. (#114)

SwiftNIO SSL 2.1.1 - 2019-06-19 17:20:55

Semver Patch

  • Removed assembly helpers for 32-bit Apple platforms, fixing compile issues. (#109)
  • Updated BoringSSL to cef9d3f38d72f13412c79157c25753e22cb05f7e. (#109)

SwiftNIO SSL 2.1.0 - 2019-05-22 17:22:04

Semver Minor

  • Add a timeout to TLS shutdown, ensuring that channels don't get stuck open. (#100)
  • Add a callback that enables SSLKEYLOGFILE support. (#98)

Semver Patch

  • Correctly set SSL_VERIFY_FAIL_IF_NO_PEER_CERT when turning on cert verification. (#107)
  • Fix an issue where we use non-thread-safe buffers to print error strings. (#102)
  • Update BoringSSL. (#108)
  • Improve API docs. (#103)

SwiftNIO SSL 2.0.2 - 2019-04-12 15:47:57

Semver Patch

  • Fixed an error when working on both SwiftNIO and SwiftNIO SSL in package edit mode. (#99)
  • Updated BoringSSL to ad9eee16. (#97)
  • Docs improvements. (#94, #95)

SwiftNIO 2.0.0 - 2019-03-27 18:31:22

This is a major breaking release. SwiftNIO SSL 2.0.0 transitions SwiftNIO to use a vendored copy of BoringSSL instead of relying on the system copy of libssl.

Semver Major

  • Substantially renamed a number of types to remove the phrase "OpenSSL" from them. (#75)
  • NIOSSLClientHandler now requires a serverHostname, though it may still be nil. (#82)
  • uncleanShutdown was previously on OpenSSLError, is now on NIOSSLError. (#76)
  • Renamed SSLContext to NIOSSLContext. (#73)
  • Changed the type of TLSConfiguration.applicationProtocols to [String]. (#70)

SwiftNIO SSL 2.0.1 - 2019-03-27 18:27:33

This release contains no function changes, and exists purely for administrative reasons.

SwiftNIO SSL 1.4.0 - 2019-01-18 09:47:30

Semver Minor

  • Added support for removing TLS handlers from live connections without tearing those connections down ("unwrapping" TLS from a connection) (#54)
  • Made TLSConfiguration structures mutable. (#58)
  • Fixed crashes when issuing a certain pattern of repeated calls to Channel.close() while a TLS handler is in the pipeline. (#52)
  • Added support for extracting the public keys of TLS certificates during handshakes.

Semver Patch

  • Warnings and test cleanup. (#53, #61)

SwiftNIO SSL 1.3.2 - 2018-10-29 15:22:05

Semver Patch

  • Added Android support. This is not currently under CI, so may regress. (#45)
  • Improved .gitignore. (#42)
  • Improved documentation. (#43)

SwiftNIO SSL 1.3.1 - 2018-09-18 13:49:36

Semver Patch

  • Fixed a bug where receiving a CLOSE_NOTIFY in the same read call as application data would cause us to fail to emit that application data, leading to data loss. (#40)
  • Fixed an issue where release mode builds would fail due to duplicate symbol definitions. (#41)

SwiftNIO SSL 1.3.0 - 2018-09-17 15:58:55

Semver Minor

  • Added support for OpenSSL 1.1 on all platforms. This is the first release that supports the OpenSSL 1.1 series of libraries. (#20)
  • Added support for OpenSSL 1.1.1. (#36, #37)
  • Added support for configuring TLS 1.3 ciphers explicitly (#38)

Semver Patch

  • Added custom ByteBufferBIO object to reduce the overhead of application data processing in OpenSSL. This leads to faster throughput. (#27)
  • Fixed some performance problems in the sample TLS echo server. (#28)
  • Testing improvements (#33).

SwiftNIO SSL 1.2.1 - 2018-09-12 11:48:01

This release contains no code changes, and is exists purely for administrative purposes.

SwiftNIO SSL 1.2.0 - 2018-07-24 08:31:16

Semver Minor

  • Support users supplying a passphrase callback for private keys with passphrases on both the OpenSSLPrivateKey and to the SSLContext. (#21)
  • Added OpenSSLPKCS12Bundle structure for accessing the contents of a PKCS#12 bundle. (#23)

Semver Patch

  • Fixed a bug where the initializer for OpenSSLPrivateKey and OpenSSLCertificate that used a buffer of memory could accidentally escape a pointer from a withUnsafeBytes callback. (#22)
  • Improved syscall handling, reducing the risk of errors from return codes like EINTR. (#24)

SwiftNIO SSL 1.1.1 - 2018-05-22 15:43:22

Semver Patch

  • Flush EmbeddedChannel in tests to ensure that write promises are succeeded. (#15)

SwiftNIO SSL 1.1.0 - 2018-04-30 10:26:49

Semver Minor

  • Expose the OpenSSL MD5 header file in CNioOpenSSL. (#13)

SwiftNIO SSL 1.0.1 - 2018-03-26 14:34:52

Semver Patch

  • Stopped performing @testable imports of NIO. (#11)