Upgrade bitflags to 1.0

Closes #756
author: Steven Fackler <[email protected]> 2017-12-25 19:38:00 -0700
committer: Steven Fackler <[email protected]> 2017-12-25 19:38:11 -0700
commit: bbae793eb3ba06e5ad8813ce8182e52fb4a2abd3 (patch)
tree: ed619314cb51bc7597c3ac1a4ab3ea864f766d24 /openssl/src/ssl/connector.rs
parent: Make Nid values associated constants (diff)
download: rust-openssl-bbae793eb3ba06e5ad8813ce8182e52fb4a2abd3.tar.xz
rust-openssl-bbae793eb3ba06e5ad8813ce8182e52fb4a2abd3.zip
1 files changed, 22 insertions, 20 deletions
diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs
index cd02dc18..cf199d24 100644
--- a/openssl/src/ssl/connector.rs
+++ b/openssl/src/ssl/connector.rs
@@ -3,8 +3,8 @@ use std::ops::{Deref, DerefMut};
 
 use dh::Dh;
 use error::ErrorStack;
-use ssl::{self, HandshakeError, Ssl, SslRef, SslContext, SslContextBuilder, SslMethod, SslStream,
-          SSL_VERIFY_PEER};
+use ssl::{HandshakeError, Ssl, SslContext, SslContextBuilder, SslMethod, SslMode, SslOptions,
+          SslRef, SslStream, SslVerifyMode};
 use pkey::PKeyRef;
 use version;
 use x509::X509Ref;
@@ -29,26 +29,19 @@ ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
 fn ctx(method: SslMethod) -> Result<SslContextBuilder, ErrorStack> {
     let mut ctx = SslContextBuilder::new(method)?;
 
-    let mut opts = ssl::SSL_OP_ALL;
-    opts &= !ssl::SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
-    opts &= !ssl::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
-    opts |= ssl::SSL_OP_NO_TICKET;
-    opts |= ssl::SSL_OP_NO_COMPRESSION;
-    opts |= ssl::SSL_OP_NO_SSLV2;
-    opts |= ssl::SSL_OP_NO_SSLV3;
-    opts |= ssl::SSL_OP_SINGLE_DH_USE;
-    opts |= ssl::SSL_OP_SINGLE_ECDH_USE;
-    opts |= ssl::SSL_OP_CIPHER_SERVER_PREFERENCE;
+    let opts = SslOptions::ALL | SslOptions::NO_TICKET | SslOptions::NO_COMPRESSION
+        | SslOptions::NO_SSLV2 | SslOptions::NO_SSLV3 | SslOptions::SINGLE_DH_USE
+        | SslOptions::SINGLE_ECDH_USE | SslOptions::CIPHER_SERVER_PREFERENCE;
     ctx.set_options(opts);
 
-    let mut mode = ssl::SSL_MODE_AUTO_RETRY | ssl::SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
-        | ssl::SSL_MODE_ENABLE_PARTIAL_WRITE;
+    let mut mode =
+        SslMode::AUTO_RETRY | SslMode::ACCEPT_MOVING_WRITE_BUFFER | SslMode::ENABLE_PARTIAL_WRITE;
 
     // This is quite a useful optimization for saving memory, but historically
     // caused CVEs in OpenSSL pre-1.0.1h, according to
     // https://bugs.python.org/issue25672
     if version::number() >= 0x1000108f {
-        mode |= ssl::SSL_MODE_RELEASE_BUFFERS;
+        mode |= SslMode::RELEASE_BUFFERS;
     }
 
     ctx.set_mode(mode);
@@ -152,7 +145,11 @@ impl SslConnector {
 
     /// Returns a structure allowing for configuration of a single TLS session before connection.
     pub fn configure(&self) -> Result<ConnectConfiguration, ErrorStack> {
-        Ssl::new(&self.0).map(|ssl| ConnectConfiguration { ssl, sni: true, verify_hostname: true })
+        Ssl::new(&self.0).map(|ssl| ConnectConfiguration {
+            ssl,
+            sni: true,
+            verify_hostname: true,
+        })
     }
 }
 
@@ -228,7 +225,9 @@ impl ConnectConfiguration {
     where
         S: Read + Write,
     {
-        self.use_server_name_indication(false).verify_hostname(false).connect("", stream)
+        self.use_server_name_indication(false)
+            .verify_hostname(false)
+            .connect("", stream)
     }
 }
 
@@ -415,7 +414,7 @@ impl SslAcceptor {
 
 #[cfg(any(ossl102, ossl110))]
 fn setup_verify(ctx: &mut SslContextBuilder) {
-    ctx.set_verify(SSL_VERIFY_PEER);
+    ctx.set_verify(SslVerifyMode::PEER);
 }
 
 #[cfg(ossl101)]
@@ -435,7 +434,7 @@ fn setup_verify(ctx: &mut SslContextBuilder) {
 #[cfg(any(ossl102, ossl110))]
 fn setup_verify_hostname(ssl: &mut Ssl, domain: &str) -> Result<(), ErrorStack> {
     let param = ssl._param_mut();
-    param.set_hostflags(::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+    param.set_hostflags(::verify::X509CheckFlags::NO_PARTIAL_WILDCARDS);
     match domain.parse() {
         Ok(ip) => param.set_ip(ip),
         Err(_) => param.set_host(domain),
@@ -516,7 +515,10 @@ mod verify {
                 // Unlike SANs, IP addresses in the subject name don't have a
                 // different encoding.
                 match domain.parse::<IpAddr>() {
-                    Ok(ip) => pattern.parse::<IpAddr>().ok().map_or(false, |pattern| pattern == ip),
+                    Ok(ip) => pattern
+                        .parse::<IpAddr>()
+                        .ok()
+                        .map_or(false, |pattern| pattern == ip),
                     Err(_) => matches_dns(pattern, domain),
                 }
             }
author	Steven Fackler <[email protected]>	2017-12-25 19:38:00 -0700
committer	Steven Fackler <[email protected]>	2017-12-25 19:38:11 -0700
commit	bbae793eb3ba06e5ad8813ce8182e52fb4a2abd3 (patch)
tree	ed619314cb51bc7597c3ac1a4ab3ea864f766d24 /openssl/src/ssl/connector.rs
parent	Make Nid values associated constants (diff)
download	rust-openssl-bbae793eb3ba06e5ad8813ce8182e52fb4a2abd3.tar.xz rust-openssl-bbae793eb3ba06e5ad8813ce8182e52fb4a2abd3.zip