diff options
| author | Steven Fackler <[email protected]> | 2016-10-31 20:54:34 -0700 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2016-10-31 20:54:34 -0700 |
| commit | cd7fa9fca29296adebe37dfc20d3cebc96010534 (patch) | |
| tree | 7193bf2b06709e07f4adc4b08f7ec334121d89ab /openssl/src/ssl/connector.rs | |
| parent | Update ssl (diff) | |
| download | rust-openssl-cd7fa9fca29296adebe37dfc20d3cebc96010534.tar.xz rust-openssl-cd7fa9fca29296adebe37dfc20d3cebc96010534.zip | |
Update x509
Diffstat (limited to 'openssl/src/ssl/connector.rs')
| -rw-r--r-- | openssl/src/ssl/connector.rs | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs index 752126e0..a1bcfa77 100644 --- a/openssl/src/ssl/connector.rs +++ b/openssl/src/ssl/connector.rs @@ -5,7 +5,7 @@ use error::ErrorStack; use ssl::{self, SslMethod, SslContextBuilder, SslContext, Ssl, SSL_VERIFY_PEER, SslStream, HandshakeError}; use pkey::PKey; -use x509::X509Ref; +use x509::X509; use types::Ref; // apps/dh2048.pem @@ -118,11 +118,11 @@ impl SslAcceptorBuilder { /// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS pub fn mozilla_intermediate<I>(method: SslMethod, private_key: &Ref<PKey>, - certificate: &X509Ref, + certificate: &Ref<X509>, chain: I) -> Result<SslAcceptorBuilder, ErrorStack> where I: IntoIterator, - I::Item: AsRef<X509Ref> + I::Item: AsRef<Ref<X509>> { let mut ctx = try!(ctx(method)); let dh = try!(Dh::from_pem(DHPARAM_PEM.as_bytes())); @@ -153,11 +153,11 @@ impl SslAcceptorBuilder { /// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS pub fn mozilla_modern<I>(method: SslMethod, private_key: &Ref<PKey>, - certificate: &X509Ref, + certificate: &Ref<X509>, chain: I) -> Result<SslAcceptorBuilder, ErrorStack> where I: IntoIterator, - I::Item: AsRef<X509Ref> + I::Item: AsRef<Ref<X509>> { let mut ctx = try!(ctx(method)); try!(setup_curves(&mut ctx)); @@ -171,11 +171,11 @@ impl SslAcceptorBuilder { fn finish_setup<I>(mut ctx: SslContextBuilder, private_key: &Ref<PKey>, - certificate: &X509Ref, + certificate: &Ref<X509>, chain: I) -> Result<SslAcceptorBuilder, ErrorStack> where I: IntoIterator, - I::Item: AsRef<X509Ref> + I::Item: AsRef<Ref<X509>> { try!(ctx.set_private_key(private_key)); try!(ctx.set_certificate(certificate)); @@ -255,11 +255,12 @@ mod verify { use std::net::IpAddr; use nid; - use x509::{X509StoreContextRef, X509Ref, GeneralNames, X509NameRef}; + use x509::{X509StoreContext, X509, GeneralNames, X509Name}; + use types::Ref; pub fn verify_callback(domain: &str, preverify_ok: bool, - x509_ctx: &X509StoreContextRef) + x509_ctx: &Ref<X509StoreContext>) -> bool { if !preverify_ok || x509_ctx.error_depth() != 0 { return preverify_ok; @@ -271,7 +272,7 @@ mod verify { } } - fn verify_hostname(domain: &str, cert: &X509Ref) -> bool { + fn verify_hostname(domain: &str, cert: &Ref<X509>) -> bool { match cert.subject_alt_names() { Some(names) => verify_subject_alt_names(domain, &names), None => verify_subject_name(domain, &cert.subject_name()), @@ -303,7 +304,7 @@ mod verify { false } - fn verify_subject_name(domain: &str, subject_name: &X509NameRef) -> bool { + fn verify_subject_name(domain: &str, subject_name: &Ref<X509Name>) -> bool { if let Some(pattern) = subject_name.text_by_nid(nid::COMMONNAME) { // Unlike with SANs, IP addresses in the subject name don't have a // different encoding. We need to pass this down to matches_dns to |