diff options
| author | Steven Fackler <[email protected]> | 2017-12-25 20:24:24 -0800 |
|---|---|---|
| committer | GitHub <[email protected]> | 2017-12-25 20:24:24 -0800 |
| commit | 90d8a799fe331d4ec4a9c12e86d1d8f4e32c6f6e (patch) | |
| tree | 2f7496f93e3cb67b09b5cc58d085f3fc5accde3b /openssl/src/ocsp.rs | |
| parent | Merge pull request #795 from sfackler/host-overhaul (diff) | |
| parent | Tweak default ssl options (diff) | |
| download | rust-openssl-90d8a799fe331d4ec4a9c12e86d1d8f4e32c6f6e.tar.xz rust-openssl-90d8a799fe331d4ec4a9c12e86d1d8f4e32c6f6e.zip | |
Merge pull request #796 from sfackler/assoc-consts
Associated consts
Diffstat (limited to 'openssl/src/ocsp.rs')
| -rw-r--r-- | openssl/src/ocsp.rs | 105 |
1 files changed, 52 insertions, 53 deletions
diff --git a/openssl/src/ocsp.rs b/openssl/src/ocsp.rs index 65436a4c..edd51d8f 100644 --- a/openssl/src/ocsp.rs +++ b/openssl/src/ocsp.rs @@ -13,57 +13,21 @@ use x509::store::X509StoreRef; use x509::{X509, X509Ref}; bitflags! { - pub struct Flag: c_ulong { - const FLAG_NO_CERTS = ffi::OCSP_NOCERTS; - const FLAG_NO_INTERN = ffi::OCSP_NOINTERN; - const FLAG_NO_CHAIN = ffi::OCSP_NOCHAIN; - const FLAG_NO_VERIFY = ffi::OCSP_NOVERIFY; - const FLAG_NO_EXPLICIT = ffi::OCSP_NOEXPLICIT; - const FLAG_NO_CA_SIGN = ffi::OCSP_NOCASIGN; - const FLAG_NO_DELEGATED = ffi::OCSP_NODELEGATED; - const FLAG_NO_CHECKS = ffi::OCSP_NOCHECKS; - const FLAG_TRUST_OTHER = ffi::OCSP_TRUSTOTHER; - const FLAG_RESPID_KEY = ffi::OCSP_RESPID_KEY; - const FLAG_NO_TIME = ffi::OCSP_NOTIME; + pub struct OcspFlag: c_ulong { + const NO_CERTS = ffi::OCSP_NOCERTS; + const NO_INTERN = ffi::OCSP_NOINTERN; + const NO_CHAIN = ffi::OCSP_NOCHAIN; + const NO_VERIFY = ffi::OCSP_NOVERIFY; + const NO_EXPLICIT = ffi::OCSP_NOEXPLICIT; + const NO_CA_SIGN = ffi::OCSP_NOCASIGN; + const NO_DELEGATED = ffi::OCSP_NODELEGATED; + const NO_CHECKS = ffi::OCSP_NOCHECKS; + const TRUST_OTHER = ffi::OCSP_TRUSTOTHER; + const RESPID_KEY = ffi::OCSP_RESPID_KEY; + const NO_TIME = ffi::OCSP_NOTIME; } } -pub const RESPONSE_STATUS_SUCCESSFUL: OcspResponseStatus = - OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SUCCESSFUL); -pub const RESPONSE_STATUS_MALFORMED_REQUEST: OcspResponseStatus = - OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_MALFORMEDREQUEST); -pub const RESPONSE_STATUS_INTERNAL_ERROR: OcspResponseStatus = - OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_INTERNALERROR); -pub const RESPONSE_STATUS_TRY_LATER: OcspResponseStatus = - OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_TRYLATER); -pub const RESPONSE_STATUS_SIG_REQUIRED: OcspResponseStatus = - OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SIGREQUIRED); -pub const RESPONSE_STATUS_UNAUTHORIZED: OcspResponseStatus = - OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_UNAUTHORIZED); - -pub const CERT_STATUS_GOOD: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_GOOD); -pub const CERT_STATUS_REVOKED: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_REVOKED); -pub const CERT_STATUS_UNKNOWN: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_UNKNOWN); - -pub const REVOKED_STATUS_NO_STATUS: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_NOSTATUS); -pub const REVOKED_STATUS_UNSPECIFIED: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_UNSPECIFIED); -pub const REVOKED_STATUS_KEY_COMPROMISE: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_KEYCOMPROMISE); -pub const REVOKED_STATUS_CA_COMPROMISE: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CACOMPROMISE); -pub const REVOKED_STATUS_AFFILIATION_CHANGED: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_AFFILIATIONCHANGED); -pub const REVOKED_STATUS_SUPERSEDED: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_SUPERSEDED); -pub const REVOKED_STATUS_CESSATION_OF_OPERATION: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CESSATIONOFOPERATION); -pub const REVOKED_STATUS_CERTIFICATE_HOLD: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CERTIFICATEHOLD); -pub const REVOKED_STATUS_REMOVE_FROM_CRL: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_REMOVEFROMCRL); - #[derive(Copy, Clone, Debug, PartialEq, Eq)] pub struct OcspResponseStatus(c_int); @@ -75,6 +39,19 @@ impl OcspResponseStatus { pub fn as_raw(&self) -> c_int { self.0 } + + pub const SUCCESSFUL: OcspResponseStatus = + OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SUCCESSFUL); + pub const MALFORMED_REQUEST: OcspResponseStatus = + OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_MALFORMEDREQUEST); + pub const INTERNAL_ERROR: OcspResponseStatus = + OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_INTERNALERROR); + pub const TRY_LATER: OcspResponseStatus = + OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_TRYLATER); + pub const SIG_REQUIRED: OcspResponseStatus = + OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SIGREQUIRED); + pub const UNAUTHORIZED: OcspResponseStatus = + OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_UNAUTHORIZED); } #[derive(Copy, Clone, Debug, PartialEq, Eq)] @@ -88,6 +65,10 @@ impl OcspCertStatus { pub fn as_raw(&self) -> c_int { self.0 } + + pub const GOOD: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_GOOD); + pub const REVOKED: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_REVOKED); + pub const UNKNOWN: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_UNKNOWN); } #[derive(Copy, Clone, Debug, PartialEq, Eq)] @@ -101,9 +82,27 @@ impl OcspRevokedStatus { pub fn as_raw(&self) -> c_int { self.0 } + + pub const NO_STATUS: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_NOSTATUS); + pub const UNSPECIFIED: OcspRevokedStatus = + OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_UNSPECIFIED); + pub const KEY_COMPROMISE: OcspRevokedStatus = + OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_KEYCOMPROMISE); + pub const CA_COMPROMISE: OcspRevokedStatus = + OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CACOMPROMISE); + pub const AFFILIATION_CHANGED: OcspRevokedStatus = + OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_AFFILIATIONCHANGED); + pub const STATUS_SUPERSEDED: OcspRevokedStatus = + OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_SUPERSEDED); + pub const STATUS_CESSATION_OF_OPERATION: OcspRevokedStatus = + OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CESSATIONOFOPERATION); + pub const STATUS_CERTIFICATE_HOLD: OcspRevokedStatus = + OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CERTIFICATEHOLD); + pub const REMOVE_FROM_CRL: OcspRevokedStatus = + OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_REMOVEFROMCRL); } -pub struct Status<'a> { +pub struct OcspStatus<'a> { /// The overall status of the response. pub status: OcspCertStatus, /// If `status` is `CERT_STATUS_REVOKED`, the reason for the revocation. @@ -116,7 +115,7 @@ pub struct Status<'a> { pub next_update: &'a Asn1GeneralizedTimeRef, } -impl<'a> Status<'a> { +impl<'a> OcspStatus<'a> { /// Checks validity of the `this_update` and `next_update` fields. /// /// The `nsec` parameter specifies an amount of slack time that will be used when comparing @@ -153,7 +152,7 @@ impl OcspBasicResponseRef { &self, certs: &StackRef<X509>, store: &X509StoreRef, - flags: Flag, + flags: OcspFlag, ) -> Result<(), ErrorStack> { unsafe { cvt(ffi::OCSP_basic_verify( @@ -166,7 +165,7 @@ impl OcspBasicResponseRef { } /// Looks up the status for the specified certificate ID. - pub fn find_status<'a>(&'a self, id: &OcspCertIdRef) -> Option<Status<'a>> { + pub fn find_status<'a>(&'a self, id: &OcspCertIdRef) -> Option<OcspStatus<'a>> { unsafe { let mut status = ffi::V_OCSP_CERTSTATUS_UNKNOWN; let mut reason = ffi::OCSP_REVOKED_STATUS_NOSTATUS; @@ -189,7 +188,7 @@ impl OcspBasicResponseRef { } else { Some(Asn1GeneralizedTimeRef::from_ptr(revocation_time)) }; - Some(Status { + Some(OcspStatus { status: OcspCertStatus(status), reason: OcspRevokedStatus(status), revocation_time: revocation_time, |