dnrops
/
swift-nio-ssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
297 Commits 4 Branches 71 Tags 8.7 MiB
C 52.4%
Assembly 32%
C++ 9.5%
Swift 5.7%
Shell 0.3%
Go to file
David Benjamin 11a85b6542
Use EVP_PKEY_assign_RSA instead of EVP_PKEY_assign (#434) 
EVP_PKEY_assign_RSA, at least in C, is more type-safe. It also is
compatible with an upcoming BoringSSL change to make the RSA struct
opaque. For some Swift reasons I don't fully understand (but relating to
the OpaquePointer mess), when RSA becomes opaque, EVP_PKEY_assign no
longer works.

I assume it could be made to work with some appropriate cast, but
since EVP_PKEY_assign_RSA already exists (and will, in the future, be
more binary-size-friendly), just use that.
 		2023-06-09 10:12:15 +01:00
IntegrationTests Clean up imports and dependencies (#319) 2021-09-14 14:55:25 +01:00
Sources Use underscore version of `NIOPreconcurrencySendable` to silence warning (#427) 2023-04-25 15:04:47 +02:00
Tests/NIOSSLTests Use EVP_PKEY_assign_RSA instead of EVP_PKEY_assign (#434) 2023-06-09 10:12:15 +01:00
dev Add our preferred commit template to the repository. (#5) 2018-02-22 16:21:14 +01:00
docker Drop Swift 5.5 (#425) 2023-04-13 16:48:55 +01:00
scripts Drop Swift 5.5 (#425) 2023-04-13 16:48:55 +01:00
.gitattributes tell github that Sources/CNIOBoringSSL is vendored (#180) 2020-02-05 15:05:43 +00:00
.gitignore universal bootstrap support (#185) 2020-03-23 16:26:05 +00:00
.spi.yml Add .spi.yml for Swift Package Index DocC support (#410) 2022-12-03 07:53:49 +00:00
CODE_OF_CONDUCT.md Adopt the Swift CoC (#433) 2023-06-06 09:06:58 -07:00
CONTRIBUTING.md initial commit 2018-01-24 12:13:14 +00:00
CONTRIBUTORS.txt initial commit 2018-01-24 12:13:14 +00:00
LICENSE.txt initial commit 2018-01-24 12:13:14 +00:00
NOTICE.txt Use BoringSSL for TLS. (#59) 2019-02-25 16:52:26 +00:00
Package.swift Use underscore version of `NIOPreconcurrencySendable` to silence warning (#427) 2023-04-25 15:04:47 +02:00
README.md Drop Swift 5.5 (#425) 2023-04-13 16:48:55 +01:00
SECURITY.md Add SECURITY.md (#278) 2021-03-09 11:14:07 +00:00

README.md

SwiftNIO SSL

SwiftNIO SSL is a Swift package that contains an implementation of TLS based on BoringSSL. This package allows users of SwiftNIO to write protocol clients and servers that use TLS to secure data in flight.

The name is inspired primarily by the names of the library this package uses (BoringSSL), and not because we don't know the name of the protocol. We know the protocol is TLS!

To get started, check out the API docs.

Using SwiftNIO SSL

SwiftNIO SSL provides two ChannelHandlers to use to secure a data stream: the NIOSSLClientHandler and the NIOSSLServerHandler. Each of these can be added to a Channel to secure the communications on that channel.

Additionally, we provide a number of low-level primitives for configuring your TLS connections. These will be shown below.

To secure a server connection, you will need a X.509 certificate chain in a file (either PEM or DER, but PEM is far easier), and the associated private key for the leaf certificate. These objects can then be wrapped up in a TLSConfiguration object that is used to initialize the ChannelHandler.

For example:

let configuration = TLSConfiguration.makeServerConfiguration(
    certificateChain: try NIOSSLCertificate.fromPEMFile("cert.pem").map { .certificate($0) },
    privateKey: .file("key.pem")
)
let sslContext = try NIOSSLContext(configuration: configuration)

let server = ServerBootstrap(group: group)
    .childChannelInitializer { channel in
        // important: The handler must be initialized _inside_ the `childChannelInitializer`
        let handler = NIOSSLServerHandler(context: sslContext)

        [...]
        channel.pipeline.addHandler(handler)
        [...]
    }

For clients, it is a bit simpler as there is no need to have a certificate chain or private key (though clients may have these things). Setup for clients may be done like this:

let configuration = TLSConfiguration.makeClientConfiguration()
let sslContext = try NIOSSLContext(configuration: configuration)

let client = ClientBootstrap(group: group)
    .channelInitializer { channel in
        // important: The handler must be initialized _inside_ the `channelInitializer`
        let handler = try NIOSSLClientHandler(context: sslContext)

        [...]
        channel.pipeline.addHandler(handler)
        [...]
    }

The most recent versions of SwiftNIO SSL support Swift 5.6 and newer. The minimum Swift version supported by SwiftNIO SSL releases are detailed below:

SwiftNIO SSL Minimum Swift Version
2.0.0 ..< 2.14.0 5.0
2.14.0 ..< 2.19.0 5.2
2.19.0 ..< 2.23.0 5.4
2.23.0 ..< 2.23.2 5.5.2
2.23.2 ... 5.6