diff options
| author | Steven Fackler <[email protected]> | 2016-04-16 20:47:32 -0700 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2016-04-16 20:47:32 -0700 |
| commit | c2e72f6641b27c9227c43690ee39b772d0edea2a (patch) | |
| tree | 5876844f22e8f43b98ad3c76b3bc82da0a901a8b | |
| parent | Update for nightly changes (diff) | |
| download | rust-openssl-c2e72f6641b27c9227c43690ee39b772d0edea2a.tar.xz rust-openssl-c2e72f6641b27c9227c43690ee39b772d0edea2a.zip | |
Add SslContext::set_default_verify_paths
| -rw-r--r-- | openssl-sys/src/lib.rs | 1 | ||||
| -rw-r--r-- | openssl/src/ssl/mod.rs | 4 | ||||
| -rw-r--r-- | openssl/src/ssl/tests/mod.rs | 17 |
3 files changed, 22 insertions, 0 deletions
diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index e9a99274..3f857121 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -673,6 +673,7 @@ extern "C" { pub fn SSL_CTX_set_verify_depth(ctx: *mut SSL_CTX, depth: c_int); pub fn SSL_CTX_load_verify_locations(ctx: *mut SSL_CTX, CAfile: *const c_char, CApath: *const c_char) -> c_int; + pub fn SSL_CTX_set_default_verify_paths(ctx: *mut SSL_CTX) -> c_int; pub fn SSL_CTX_get_ex_new_index(argl: c_long, argp: *const c_void, new_func: Option<CRYPTO_EX_new>, dup_func: Option<CRYPTO_EX_dup>, diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index e21cc3dd..4f1504aa 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -612,6 +612,10 @@ impl SslContext { wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as i32 }) } + pub fn set_default_verify_paths(&mut self) -> Result<(), SslError> { + wrap_ssl_result(unsafe { ffi::SSL_CTX_set_default_verify_paths(self.ctx) }) + } + #[allow(non_snake_case)] /// Specifies the file that contains trusted CA certificates. pub fn set_CA_file<P: AsRef<Path>>(&mut self, file: P) -> Result<(), SslError> { diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index be35d7ef..15811d99 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -1059,3 +1059,20 @@ fn refcount_ssl_context() { let _new_ctx_b = ssl.set_ssl_context(&new_ctx_a); } } + +#[test] +fn default_verify_paths() { + let mut ctx = SslContext::new(SslMethod::Sslv23).unwrap(); + ctx.set_default_verify_paths().unwrap(); + ctx.set_verify(SSL_VERIFY_PEER, None); + let s = TcpStream::connect("google.com:443").unwrap(); + let mut socket = SslStream::connect(&ctx, s).unwrap(); + + socket.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap(); + let mut result = vec![]; + socket.read_to_end(&mut result).unwrap(); + + println!("{}", String::from_utf8_lossy(&result)); + assert!(result.starts_with(b"HTTP/1.0")); + assert!(result.ends_with(b"</HTML>\r\n") || result.ends_with(b"</html>")); +} |