diff options
| author | Steven Fackler <[email protected]> | 2013-10-13 22:46:47 -0700 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2013-10-13 22:46:47 -0700 |
| commit | cf8f82036661b5b3816bd2307d4af668bdce3897 (patch) | |
| tree | 663d715927ff750f1e1e43052aca91866c0ae489 | |
| parent | Clean up SslError conversion (diff) | |
| download | rust-openssl-cf8f82036661b5b3816bd2307d4af668bdce3897.tar.xz rust-openssl-cf8f82036661b5b3816bd2307d4af668bdce3897.zip | |
Support for loading a trusted CA file
| -rw-r--r-- | src/ssl/ffi.rs | 2 | ||||
| -rw-r--r-- | src/ssl/lib.rs | 7 | ||||
| -rw-r--r-- | src/ssl/test.rs | 19 |
3 files changed, 24 insertions, 4 deletions
diff --git a/src/ssl/ffi.rs b/src/ssl/ffi.rs index b8ac3968..6c8d5bb1 100644 --- a/src/ssl/ffi.rs +++ b/src/ssl/ffi.rs @@ -35,6 +35,8 @@ externfn!(fn SSL_CTX_new(method: *SSL_METHOD) -> *SSL_CTX) externfn!(fn SSL_CTX_free(ctx: *SSL_CTX)) externfn!(fn SSL_CTX_set_verify(ctx: *SSL_CTX, mode: c_int, verify_callback: Option<extern "C" fn(int, *X509_STORE_CTX) -> c_int>)) +externfn!(fn SSL_CTX_load_verify_locations(ctx: *SSL_CTX, CAfile: *c_char, + CApath: *c_char) -> c_int) externfn!(fn SSL_new(ctx: *SSL_CTX) -> *SSL) externfn!(fn SSL_free(ssl: *SSL)) diff --git a/src/ssl/lib.rs b/src/ssl/lib.rs index 50565602..8acf5940 100644 --- a/src/ssl/lib.rs +++ b/src/ssl/lib.rs @@ -63,6 +63,13 @@ impl SslCtx { pub fn set_verify(&mut self, mode: SslVerifyMode) { unsafe { ffi::SSL_CTX_set_verify(self.ctx, mode as c_int, None) } } + + pub fn set_verify_locations(&mut self, CAfile: &str) { + do CAfile.with_c_str |CAfile| { + unsafe { ffi::SSL_CTX_load_verify_locations(self.ctx, CAfile, + ptr::null()); } + } + } } pub enum SslVerifyMode { diff --git a/src/ssl/test.rs b/src/ssl/test.rs index b97e6b00..557f6dec 100644 --- a/src/ssl/test.rs +++ b/src/ssl/test.rs @@ -1,9 +1,8 @@ extern mod ssl; -use std::rt::io::{Writer, Reader}; -use std::rt::io::extensions::{ReaderUtil}; +use std::rt::io::Writer; +use std::rt::io::extensions::ReaderUtil; use std::rt::io::net::tcp::TcpStream; -use std::vec; use std::str; use ssl::{Sslv23, SslCtx, SslStream, SslVerifyPeer}; @@ -20,7 +19,7 @@ fn test_new_sslstream() { } #[test] -fn test_verify() { +fn test_verify_untrusted() { let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap(); let mut ctx = SslCtx::new(Sslv23); ctx.set_verify(SslVerifyPeer); @@ -31,6 +30,18 @@ fn test_verify() { } #[test] +fn test_verify_trusted() { + let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap(); + let mut ctx = SslCtx::new(Sslv23); + ctx.set_verify(SslVerifyPeer); + ctx.set_verify_locations("cert.pem"); + match SslStream::new(ctx, stream) { + Ok(_) => (), + Err(err) => fail2!("Expected success, got {:?}", err) + } +} + +#[test] fn test_write() { let stream = TcpStream::connect(FromStr::from_str("127.0.0.1:15418").unwrap()).unwrap(); let mut stream = SslStream::new(SslCtx::new(Sslv23), stream).unwrap(); |