diff options
| author | Steven Fackler <[email protected]> | 2015-12-15 21:51:20 -0800 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2015-12-15 21:51:20 -0800 |
| commit | 157e6aa961a7f21b522fa4e282737e8a3ba67d7f (patch) | |
| tree | 0b4e3ebd2138ea83532055da3517da8b2ed665ff /openssl/src/ssl | |
| parent | Fix bounds on ssl_read and ssl_write (diff) | |
| download | rust-openssl-157e6aa961a7f21b522fa4e282737e8a3ba67d7f.tar.xz rust-openssl-157e6aa961a7f21b522fa4e282737e8a3ba67d7f.zip | |
Rustfmt
Diffstat (limited to 'openssl/src/ssl')
| -rw-r--r-- | openssl/src/ssl/error.rs | 32 | ||||
| -rw-r--r-- | openssl/src/ssl/mod.rs | 396 | ||||
| -rw-r--r-- | openssl/src/ssl/tests/mod.rs | 205 |
3 files changed, 327 insertions, 306 deletions
diff --git a/openssl/src/ssl/error.rs b/openssl/src/ssl/error.rs index 126747d8..2459a473 100644 --- a/openssl/src/ssl/error.rs +++ b/openssl/src/ssl/error.rs @@ -50,7 +50,7 @@ impl fmt::Display for Error { } Ok(()) } - _ => Ok(()) + _ => Ok(()), } } } @@ -72,7 +72,7 @@ impl error::Error for Error { Error::WantRead(ref err) => Some(err), Error::WantWrite(ref err) => Some(err), Error::Stream(ref err) => Some(err), - _ => None + _ => None, } } } @@ -85,11 +85,11 @@ impl OpenSslError { pub fn get_stack() -> Vec<OpenSslError> { ffi::init(); - let mut errs = vec!(); + let mut errs = vec![]; loop { match unsafe { ffi::ERR_get_error() } { 0 => break, - err => errs.push(OpenSslError(err)) + err => errs.push(OpenSslError(err)), } } errs @@ -196,7 +196,7 @@ impl error::Error for SslError { fn cause(&self) -> Option<&error::Error> { match *self { StreamError(ref err) => Some(err as &error::Error), - _ => None + _ => None, } } } @@ -211,15 +211,19 @@ impl error::Error for NonblockingSslError { fn description(&self) -> &str { match *self { NonblockingSslError::SslError(ref e) => e.description(), - NonblockingSslError::WantRead => "The OpenSSL library wants data from the remote socket", - NonblockingSslError::WantWrite => "The OpenSSL library want to send data to the remote socket", + NonblockingSslError::WantRead => { + "The OpenSSL library wants data from the remote socket" + } + NonblockingSslError::WantWrite => { + "The OpenSSL library want to send data to the remote socket" + } } } fn cause(&self) -> Option<&error::Error> { match *self { NonblockingSslError::SslError(ref e) => e.cause(), - _ => None + _ => None, } } } @@ -240,8 +244,8 @@ pub enum OpensslError { /// The function reporting the error function: String, /// The reason for the error - reason: String - } + reason: String, + }, } impl OpensslError { @@ -250,7 +254,7 @@ impl OpensslError { UnknownError { library: get_lib(err).to_owned(), function: get_func(err).to_owned(), - reason: get_reason(err).to_owned() + reason: get_reason(err).to_owned(), } } } @@ -283,11 +287,11 @@ impl SslError { /// Creates a new `OpenSslErrors` with the current contents of the error /// stack. pub fn get() -> SslError { - let mut errs = vec!(); + let mut errs = vec![]; loop { match unsafe { ffi::ERR_get_error() } { 0 => break, - err => errs.push(OpensslError::from_error_code(err)) + err => errs.push(OpensslError::from_error_code(err)), } } OpenSslErrors(errs) @@ -303,7 +307,7 @@ impl SslError { fn test_uknown_error_should_have_correct_messages() { let errs = match SslError::from_error(336032784) { OpenSslErrors(errs) => errs, - _ => panic!("This should always be an `OpenSslErrors` variant.") + _ => panic!("This should always be an `OpenSslErrors` variant."), }; let UnknownError { ref library, ref function, ref reason } = errs[0]; diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index fa44eda3..981b3bcd 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -45,7 +45,7 @@ extern "C" { } static mut VERIFY_IDX: c_int = -1; -static mut SNI_IDX: c_int = -1; +static mut SNI_IDX: c_int = -1; /// Manually initialize SSL. /// It is optional to call this function and safe to do so more than once. @@ -56,13 +56,11 @@ pub fn init() { INIT.call_once(|| { ffi::init(); - let verify_idx = ffi::SSL_CTX_get_ex_new_index(0, ptr::null(), None, - None, None); + let verify_idx = ffi::SSL_CTX_get_ex_new_index(0, ptr::null(), None, None, None); assert!(verify_idx >= 0); VERIFY_IDX = verify_idx; - let sni_idx = ffi::SSL_CTX_get_ex_new_index(0, ptr::null(), None, - None, None); + let sni_idx = ffi::SSL_CTX_get_ex_new_index(0, ptr::null(), None, None, None); assert!(sni_idx >= 0); SNI_IDX = sni_idx; }); @@ -234,9 +232,7 @@ lazy_static! { // Registers a destructor for the data which will be called // when context is freed fn get_verify_data_idx<T: Any + 'static>() -> c_int { - *INDEXES.lock().unwrap().entry(TypeId::of::<T>()).or_insert_with(|| { - get_new_idx::<T>() - }) + *INDEXES.lock().unwrap().entry(TypeId::of::<T>()).or_insert_with(|| get_new_idx::<T>()) } #[cfg(feature = "npn")] @@ -251,9 +247,12 @@ lazy_static! { /// Determine a new index to use for SSL CTX ex data. /// Registers a destruct for the data which will be called by openssl when the context is freed. fn get_new_idx<T>() -> c_int { - extern fn free_data_box<T>(_parent: *mut c_void, ptr: *mut c_void, - _ad: *mut ffi::CRYPTO_EX_DATA, _idx: c_int, - _argl: c_long, _argp: *mut c_void) { + extern "C" fn free_data_box<T>(_parent: *mut c_void, + ptr: *mut c_void, + _ad: *mut ffi::CRYPTO_EX_DATA, + _idx: c_int, + _argl: c_long, + _argp: *mut c_void) { if !ptr.is_null() { let _: Box<T> = unsafe { mem::transmute(ptr) }; } @@ -261,15 +260,13 @@ fn get_new_idx<T>() -> c_int { unsafe { let f: ffi::CRYPTO_EX_free = free_data_box::<T>; - let idx = ffi::SSL_CTX_get_ex_new_index(0, ptr::null(), None, - None, Some(f)); + let idx = ffi::SSL_CTX_get_ex_new_index(0, ptr::null(), None, None, Some(f)); assert!(idx >= 0); idx } } -extern fn raw_verify(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) - -> c_int { +extern "C" fn raw_verify(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int { unsafe { let idx = ffi::SSL_get_ex_data_X509_STORE_CTX_idx(); let ssl = ffi::X509_STORE_CTX_get_ex_data(x509_ctx, idx); @@ -281,14 +278,16 @@ extern fn raw_verify(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) match verify { None => preverify_ok, - Some(verify) => verify(preverify_ok != 0, &ctx) as c_int + Some(verify) => verify(preverify_ok != 0, &ctx) as c_int, } } } -extern fn raw_verify_with_data<T>(preverify_ok: c_int, - x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int - where T: Any + 'static { +extern "C" fn raw_verify_with_data<T>(preverify_ok: c_int, + x509_ctx: *mut ffi::X509_STORE_CTX) + -> c_int + where T: Any + 'static +{ unsafe { let idx = ffi::SSL_get_ex_data_X509_STORE_CTX_idx(); let ssl = ffi::X509_STORE_CTX_get_ex_data(x509_ctx, idx); @@ -304,15 +303,14 @@ extern fn raw_verify_with_data<T>(preverify_ok: c_int, let res = match verify { None => preverify_ok, - Some(verify) => verify(preverify_ok != 0, &ctx, data) as c_int + Some(verify) => verify(preverify_ok != 0, &ctx, data) as c_int, }; res } } -extern fn raw_sni(ssl: *mut ffi::SSL, ad: &mut c_int, _arg: *mut c_void) - -> c_int { +extern "C" fn raw_sni(ssl: *mut ffi::SSL, ad: &mut c_int, _arg: *mut c_void) -> c_int { unsafe { let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl); let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, SNI_IDX); @@ -322,15 +320,16 @@ extern fn raw_sni(ssl: *mut ffi::SSL, ad: &mut c_int, _arg: *mut c_void) let res = match callback { None => ffi::SSL_TLSEXT_ERR_ALERT_FATAL, - Some(callback) => callback(&mut s, ad) + Some(callback) => callback(&mut s, ad), }; res } } -extern fn raw_sni_with_data<T>(ssl: *mut ffi::SSL, ad: &mut c_int, arg: *mut c_void) -> c_int - where T: Any + 'static { +extern "C" fn raw_sni_with_data<T>(ssl: *mut ffi::SSL, ad: &mut c_int, arg: *mut c_void) -> c_int + where T: Any + 'static +{ unsafe { let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl); @@ -343,7 +342,7 @@ extern fn raw_sni_with_data<T>(ssl: *mut ffi::SSL, ad: &mut c_int, arg: *mut c_v let res = match callback { None => ffi::SSL_TLSEXT_ERR_ALERT_FATAL, - Some(callback) => callback(&mut s, ad, &*data) + Some(callback) => callback(&mut s, ad, &*data), }; // Since data might be required on the next verification @@ -357,25 +356,29 @@ extern fn raw_sni_with_data<T>(ssl: *mut ffi::SSL, ad: &mut c_int, arg: *mut c_v #[cfg(any(feature = "npn", feature = "alpn"))] unsafe fn select_proto_using(ssl: *mut ffi::SSL, - out: *mut *mut c_uchar, outlen: *mut c_uchar, - inbuf: *const c_uchar, inlen: c_uint, - ex_data: c_int) -> c_int { - - // First, get the list of protocols (that the client should support) saved in the context - // extra data. - let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl); - let protocols = ffi::SSL_CTX_get_ex_data(ssl_ctx, ex_data); - let protocols: &Vec<u8> = mem::transmute(protocols); - // Prepare the client list parameters to be passed to the OpenSSL function... - let client = protocols.as_ptr(); - let client_len = protocols.len() as c_uint; - // Finally, let OpenSSL find a protocol to be used, by matching the given server and - // client lists. - if ffi::SSL_select_next_proto(out, outlen, inbuf, inlen, client, client_len) != ffi::OPENSSL_NPN_NEGOTIATED { - ffi::SSL_TLSEXT_ERR_NOACK - } else { - ffi::SSL_TLSEXT_ERR_OK - } + out: *mut *mut c_uchar, + outlen: *mut c_uchar, + inbuf: *const c_uchar, + inlen: c_uint, + ex_data: c_int) + -> c_int { + + // First, get the list of protocols (that the client should support) saved in the context + // extra data. + let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl); + let protocols = ffi::SSL_CTX_get_ex_data(ssl_ctx, ex_data); + let protocols: &Vec<u8> = mem::transmute(protocols); + // Prepare the client list parameters to be passed to the OpenSSL function... + let client = protocols.as_ptr(); + let client_len = protocols.len() as c_uint; + // Finally, let OpenSSL find a protocol to be used, by matching the given server and + // client lists. + if ffi::SSL_select_next_proto(out, outlen, inbuf, inlen, client, client_len) != + ffi::OPENSSL_NPN_NEGOTIATED { + ffi::SSL_TLSEXT_ERR_NOACK + } else { + ffi::SSL_TLSEXT_ERR_OK + } } /// The function is given as the callback to `SSL_CTX_set_next_proto_select_cb`. @@ -385,23 +388,25 @@ unsafe fn select_proto_using(ssl: *mut ffi::SSL, /// function. The list of protocols supported by the client is found in the extra data of the /// OpenSSL context. #[cfg(feature = "npn")] -extern fn raw_next_proto_select_cb(ssl: *mut ffi::SSL, - out: *mut *mut c_uchar, outlen: *mut c_uchar, - inbuf: *const c_uchar, inlen: c_uint, - _arg: *mut c_void) -> c_int { - unsafe { - select_proto_using(ssl, out, outlen, inbuf, inlen, *NPN_PROTOS_IDX) - } +extern "C" fn raw_next_proto_select_cb(ssl: *mut ffi::SSL, + out: *mut *mut c_uchar, + outlen: *mut c_uchar, + inbuf: *const c_uchar, + inlen: c_uint, + _arg: *mut c_void) + -> c_int { + unsafe { select_proto_using(ssl, out, outlen, inbuf, inlen, *NPN_PROTOS_IDX) } } #[cfg(feature = "alpn")] -extern fn raw_alpn_select_cb(ssl: *mut ffi::SSL, - out: *mut *mut c_uchar, outlen: *mut c_uchar, - inbuf: *const c_uchar, inlen: c_uint, - _arg: *mut c_void) -> c_int { - unsafe { - select_proto_using(ssl, out, outlen, inbuf, inlen, *ALPN_PROTOS_IDX) - } +extern "C" fn raw_alpn_select_cb(ssl: *mut ffi::SSL, + out: *mut *mut c_uchar, + outlen: *mut c_uchar, + inbuf: *const c_uchar, + inlen: c_uint, + _arg: *mut c_void) + -> c_int { + unsafe { select_proto_using(ssl, out, outlen, inbuf, inlen, *ALPN_PROTOS_IDX) } } /// The function is given as the callback to `SSL_CTX_set_next_protos_advertised_cb`. @@ -412,9 +417,11 @@ extern fn raw_alpn_select_cb(ssl: *mut ffi::SSL, /// The list of supported protocols is found in the extra data of the OpenSSL /// context. #[cfg(feature = "npn")] -extern fn raw_next_protos_advertise_cb(ssl: *mut ffi::SSL, - out: *mut *const c_uchar, outlen: *mut c_uint, - _arg: *mut c_void) -> c_int { +extern "C" fn raw_next_protos_advertise_cb(ssl: *mut ffi::SSL, + out: *mut *const c_uchar, + outlen: *mut c_uint, + _arg: *mut c_void) + -> c_int { unsafe { // First, get the list of (supported) protocols saved in the context extra data. let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl); @@ -437,8 +444,7 @@ extern fn raw_next_protos_advertise_cb(ssl: *mut ffi::SSL, /// Convert a set of byte slices into a series of byte strings encoded for SSL. Encoding is a byte /// containing the length followed by the string. #[cfg(any(feature = "npn", feature = "alpn"))] -fn ssl_encode_byte_strings(strings: &[&[u8]]) -> Vec<u8> -{ +fn ssl_encode_byte_strings(strings: &[&[u8]]) -> Vec<u8> { let mut enc = Vec::new(); for string in strings { let len = string.len() as u8; @@ -453,14 +459,12 @@ fn ssl_encode_byte_strings(strings: &[&[u8]]) -> Vec<u8> } /// The signature of functions that can be used to manually verify certificates -pub type VerifyCallback = fn(preverify_ok: bool, - x509_ctx: &X509StoreContext) -> bool; +pub type VerifyCallback = fn(preverify_ok: bool, x509_ctx: &X509StoreContext) -> bool; /// The signature of functions that can be used to manually verify certificates /// when user-data should be carried for all verification process -pub type VerifyCallbackData<T> = fn(preverify_ok: bool, - x509_ctx: &X509StoreContext, - data: &T) -> bool; +pub type VerifyCallbackData<T> = fn(preverify_ok: bool, x509_ctx: &X509StoreContext, data: &T) + -> bool; /// The signature of functions that can be used to choose the context depending on the server name pub type ServerNameCallback = fn(ssl: &mut Ssl, ad: &mut i32) -> i32; @@ -469,7 +473,7 @@ pub type ServerNameCallbackData<T> = fn(ssl: &mut Ssl, ad: &mut i32, data: &T) - // FIXME: macro may be instead of inlining? #[inline] -fn wrap_ssl_result(res: c_int) -> Result<(),SslError> { +fn wrap_ssl_result(res: c_int) -> Result<(), SslError> { if res == 0 { Err(SslError::get()) } else { @@ -479,7 +483,7 @@ fn wrap_ssl_result(res: c_int) -> Result<(),SslError> { /// An SSL context object pub struct SslContext { - ctx: *mut ffi::SSL_CTX + ctx: *mut ffi::SSL_CTX, } unsafe impl Send for SslContext {} @@ -515,13 +519,10 @@ impl SslContext { } /// Configures the certificate verification method for new connections. - pub fn set_verify(&mut self, mode: SslVerifyMode, - verify: Option<VerifyCallback>) { + pub fn set_verify(&mut self, mode: SslVerifyMode, verify: Option<VerifyCallback>) { unsafe { - ffi::SSL_CTX_set_ex_data(self.ctx, VERIFY_IDX, - mem::transmute(verify)); - let f: extern fn(c_int, *mut ffi::X509_STORE_CTX) -> c_int = - raw_verify; + ffi::SSL_CTX_set_ex_data(self.ctx, VERIFY_IDX, mem::transmute(verify)); + let f: extern "C" fn(c_int, *mut ffi::X509_STORE_CTX) -> c_int = raw_verify; ffi::SSL_CTX_set_verify(self.ctx, mode.bits as c_int, Some(f)); } @@ -531,18 +532,18 @@ impl SslContext { /// carrying supplied data. // Note: no option because there is no point to set data without providing // a function handling it - pub fn set_verify_with_data<T>(&mut self, mode: SslVerifyMode, + pub fn set_verify_with_data<T>(&mut self, + mode: SslVerifyMode, verify: VerifyCallbackData<T>, data: T) - where T: Any + 'static { + where T: Any + 'static + { let data = Box::new(data); unsafe { - ffi::SSL_CTX_set_ex_data(self.ctx, VERIFY_IDX, - mem::transmute(Some(verify))); - ffi::SSL_CTX_set_ex_data(self.ctx, get_verify_data_idx::<T>(), - mem::transmute(data)); - let f: extern fn(c_int, *mut ffi::X509_STORE_CTX) -> c_int = - raw_verify_with_data::<T>; + ffi::SSL_CTX_set_ex_data(self.ctx, VERIFY_IDX, mem::transmute(Some(verify))); + ffi::SSL_CTX_set_ex_data(self.ctx, get_verify_data_idx::<T>(), mem::transmute(data)); + let f: extern "C" fn(c_int, *mut ffi::X509_STORE_CTX) -> c_int = + raw_verify_with_data::<T>; ffi::SSL_CTX_set_verify(self.ctx, mode.bits as c_int, Some(f)); } @@ -554,25 +555,25 @@ impl SslContext { /// with `set_ssl_context` pub fn set_servername_callback(&mut self, callback: Option<ServerNameCallback>) { unsafe { - ffi::SSL_CTX_set_ex_data(self.ctx, SNI_IDX, - mem::transmute(callback)); - let f: extern fn() = mem::transmute(raw_sni); + ffi::SSL_CTX_set_ex_data(self.ctx, SNI_IDX, mem::transmute(callback)); + let f: extern "C" fn() = mem::transmute(raw_sni); ffi_extras::SSL_CTX_set_tlsext_servername_callback(self.ctx, Some(f)); } } /// Configures the server name indication (SNI) callback for new connections /// carrying supplied data - pub fn set_servername_callback_with_data<T>(&mut self, callback: ServerNameCallbackData<T>, - data: T) - where T: Any + 'static { + pub fn set_servername_callback_with_data<T>(&mut self, + callback: ServerNameCallbackData<T>, + data: T) + where T: Any + 'static + { let data = Box::new(data); unsafe { - ffi::SSL_CTX_set_ex_data(self.ctx, SNI_IDX, - mem::transmute(Some(callback))); + ffi::SSL_CTX_set_ex_data(self.ctx, SNI_IDX, mem::transmute(Some(callback))); ffi_extras::SSL_CTX_set_tlsext_servername_arg(self.ctx, mem::transmute(data)); - let f: extern fn() = mem::transmute(raw_sni_with_data::<T>); + let f: extern "C" fn() = mem::transmute(raw_sni_with_data::<T>); ffi_extras::SSL_CTX_set_tlsext_servername_callback(self.ctx, Some(f)); } } @@ -590,91 +591,86 @@ impl SslContext { } } - pub fn set_tmp_dh(&self, dh: DH) -> Result<(),SslError> { - wrap_ssl_result(unsafe { - ffi_extras::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as i32 - }) + pub fn set_tmp_dh(&self, dh: DH) -> Result<(), SslError> { + wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as i32 }) } #[allow(non_snake_case)] /// Specifies the file that contains trusted CA certificates. - pub fn set_CA_file<P: AsRef<Path>>(&mut self, file: P) -> Result<(),SslError> { + pub fn set_CA_file<P: AsRef<Path>>(&mut self, file: P) -> Result<(), SslError> { let file = CString::new(file.as_ref().as_os_str().to_str().expect("invalid utf8")).unwrap(); - wrap_ssl_result( - unsafe { - ffi::SSL_CTX_load_verify_locations(self.ctx, file.as_ptr() as *const _, ptr::null()) - }) + wrap_ssl_result(unsafe { + ffi::SSL_CTX_load_verify_locations(self.ctx, file.as_ptr() as *const _, ptr::null()) + }) } /// Specifies the file that contains certificate - pub fn set_certificate_file<P: AsRef<Path>>(&mut self, file: P, file_type: X509FileType) - -> Result<(),SslError> { + pub fn set_certificate_file<P: AsRef<Path>>(&mut self, + file: P, + file_type: X509FileType) + -> Result<(), SslError> { let file = CString::new(file.as_ref().as_os_str().to_str().expect("invalid utf8")).unwrap(); - wrap_ssl_result( - unsafe { - ffi::SSL_CTX_use_certificate_file(self.ctx, file.as_ptr() as *const _, file_type as c_int) - }) + wrap_ssl_result(unsafe { + ffi::SSL_CTX_use_certificate_file(self.ctx, + file.as_ptr() as *const _, + file_type as c_int) + }) } /// Specifies the file that contains certificate chain - pub fn set_certificate_chain_file<P: AsRef<Path>>(&mut self, file: P, file_type: X509FileType) - -> Result<(),SslError> { + pub fn set_certificate_chain_file<P: AsRef<Path>>(&mut self, + file: P, + file_type: X509FileType) + -> Result<(), SslError> { let file = CString::new(file.as_ref().as_os_str().to_str().expect("invalid utf8")).unwrap(); - wrap_ssl_result( - unsafe { - ffi::SSL_CTX_use_certificate_chain_file(self.ctx, file.as_ptr() as *const _, file_type as c_int) - }) + wrap_ssl_result(unsafe { + ffi::SSL_CTX_use_certificate_chain_file(self.ctx, + file.as_ptr() as *const _, + file_type as c_int) + }) } /// Specifies the certificate - pub fn set_certificate(&mut self, cert: &X509) -> Result<(),SslError> { - wrap_ssl_result( - unsafe { - ffi::SSL_CTX_use_certificate(self.ctx, cert.get_handle()) - }) + pub fn set_certificate(&mut self, cert: &X509) -> Result<(), SslError> { + wrap_ssl_result(unsafe { ffi::SSL_CTX_use_certificate(self.ctx, cert.get_handle()) }) } /// Adds a certificate to the certificate chain presented together with the /// certificate specified using set_certificate() - pub fn add_extra_chain_cert(&mut self, cert: &X509) -> Result<(),SslError> { - wrap_ssl_result( - unsafe { - ffi_extras::SSL_CTX_add_extra_chain_cert(self.ctx, cert.get_handle()) as c_int - }) + pub fn add_extra_chain_cert(&mut self, cert: &X509) -> Result<(), SslError> { + wrap_ssl_result(unsafe { + ffi_extras::SSL_CTX_add_extra_chain_cert(self.ctx, cert.get_handle()) as c_int + }) } /// Specifies the file that contains private key - pub fn set_private_key_file<P: AsRef<Path>>(&mut self, file: P, - file_type: X509FileType) -> Result<(),SslError> { + pub fn set_private_key_file<P: AsRef<Path>>(&mut self, + file: P, + file_type: X509FileType) + -> Result<(), SslError> { let file = CString::new(file.as_ref().as_os_str().to_str().expect("invalid utf8")).unwrap(); - wrap_ssl_result( - unsafe { - ffi::SSL_CTX_use_PrivateKey_file(self.ctx, file.as_ptr() as *const _, file_type as c_int) - }) + wrap_ssl_result(unsafe { + ffi::SSL_CTX_use_PrivateKey_file(self.ctx, + file.as_ptr() as *const _, + file_type as c_int) + }) } /// Specifies the private key - pub fn set_private_key(&mut self, key: &PKey) -> Result<(),SslError> { - wrap_ssl_result( - unsafe { - ffi::SSL_CTX_use_PrivateKey(self.ctx, key.get_handle()) - }) + pub fn set_private_key(&mut self, key: &PKey) -> Result<(), SslError> { + wrap_ssl_result(unsafe { ffi::SSL_CTX_use_PrivateKey(self.ctx, key.get_handle()) }) } /// Check consistency of private key and certificate - pub fn check_private_key(&mut self) -> Result<(),SslError> { - wrap_ssl_result( - unsafe { - ffi::SSL_CTX_check_private_key(self.ctx) - }) + pub fn check_private_key(&mut self) -> Result<(), SslError> { + wrap_ssl_result(unsafe { ffi::SSL_CTX_check_private_key(self.ctx) }) } - pub fn set_cipher_list(&mut self, cipher_list: &str) -> Result<(),SslError> { - wrap_ssl_result( - unsafe { - let cipher_list = CString::new(cipher_list).unwrap(); - ffi::SSL_CTX_set_cipher_list(self.ctx, cipher_list.as_ptr() as *const _) - }) + pub fn set_cipher_list(&mut self, cipher_list: &str) -> Result<(), SslError> { + wrap_ssl_result(unsafe { + let cipher_list = CString::new(cipher_list).unwrap(); + ffi::SSL_CTX_set_cipher_list(self.ctx, cipher_list.as_ptr() as *const _) + }) } /// If `onoff` is set to `true`, enable ECDHE for key exchange with compatible @@ -682,33 +678,24 @@ impl SslContext { /// /// This method requires OpenSSL >= 1.0.2 or LibreSSL and the `ecdh_auto` feature. #[cfg(feature = "ecdh_auto")] - pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(),SslError> { - wrap_ssl_result( - unsafe { - ffi_extras::SSL_CTX_set_ecdh_auto(self.ctx, onoff as c_int) - }) + pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), SslError> { + wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_ecdh_auto(self.ctx, onoff as c_int) }) } pub fn set_options(&mut self, option: SslContextOptions) -> SslContextOptions { let raw_bits = option.bits(); - let ret = unsafe { - ffi_extras::SSL_CTX_set_options(self.ctx, raw_bits) - }; + let ret = unsafe { ffi_extras::SSL_CTX_set_options(self.ctx, raw_bits) }; SslContextOptions::from_bits(ret).unwrap() } pub fn get_options(&mut self) -> SslContextOptions { - let ret = unsafe { - ffi_extras::SSL_CTX_get_options(self.ctx) - }; + let ret = unsafe { ffi_extras::SSL_CTX_get_options(self.ctx) }; SslContextOptions::from_bits(ret).unwrap() } pub fn clear_options(&mut self, option: SslContextOptions) -> SslContextOptions { let raw_bits = option.bits(); - let ret = unsafe { - ffi_extras::SSL_CTX_clear_options(self.ctx, raw_bits) - }; + let ret = unsafe { ffi_extras::SSL_CTX_clear_options(self.ctx, raw_bits) }; SslContextOptions::from_bits(ret).unwrap() } @@ -725,15 +712,18 @@ impl SslContext { unsafe { // Attach the protocol list to the OpenSSL context structure, // so that we can refer to it within the callback. - ffi::SSL_CTX_set_ex_data(self.ctx, *NPN_PROTOS_IDX, - mem::transmute(protocols)); + ffi::SSL_CTX_set_ex_data(self.ctx, *NPN_PROTOS_IDX, mem::transmute(protocols)); // Now register the callback that performs the default protocol // matching based on the client-supported list of protocols that // has been saved. - ffi::SSL_CTX_set_next_proto_select_cb(self.ctx, raw_next_proto_select_cb, ptr::null_mut()); + ffi::SSL_CTX_set_next_proto_select_cb(self.ctx, + raw_next_proto_select_cb, + ptr::null_mut()); // Also register the callback to advertise these protocols, if a server socket is // created with the context. - ffi::SSL_CTX_set_next_protos_advertised_cb(self.ctx, raw_next_protos_advertise_cb, ptr::null_mut()); + ffi::SSL_CTX_set_next_protos_advertised_cb(self.ctx, + raw_next_protos_advertise_cb, + ptr::null_mut()); } } @@ -756,8 +746,7 @@ impl SslContext { // ssl ctx's ex_data so that we can configure a function to free it later. In the // future, it might make sense to pull this into our internal struct Ssl instead of // leaning on openssl and using function pointers. - ffi::SSL_CTX_set_ex_data(self.ctx, *ALPN_PROTOS_IDX, - mem::transmute(protocols)); + ffi::SSL_CTX_set_ex_data(self.ctx, *ALPN_PROTOS_IDX, mem::transmute(protocols)); // Now register the callback that performs the default protocol // matching based on the client-supported list of protocols that @@ -765,11 +754,10 @@ impl SslContext { ffi::SSL_CTX_set_alpn_select_cb(self.ctx, raw_alpn_select_cb, ptr::null_mut()); } } - } pub struct Ssl { - ssl: *mut ffi::SSL + ssl: *mut ffi::SSL, } unsafe impl Send for Ssl {} @@ -778,8 +766,8 @@ unsafe impl Sync for Ssl {} impl fmt::Debug for Ssl { fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result { fmt.debug_struct("Ssl") - .field("state", &self.state_string_long()) - .finish() + .field("state", &self.state_string_long()) + .finish() } } @@ -830,7 +818,7 @@ impl Ssl { let err = unsafe { ffi::SSL_get_error(self.ssl, ret) }; match LibSslError::from_i32(err as i32) { Some(err) => err, - None => unreachable!() + None => unreachable!(), } } @@ -855,7 +843,9 @@ impl Ssl { /// Sets the host name to be used with SNI (Server Name Indication). pub fn set_hostname(&self, hostname: &str) -> Result<(), SslError> { let cstr = CString::new(hostname).unwrap(); - let ret = unsafe { ffi_extras::SSL_set_tlsext_host_name(self.ssl, cstr.as_ptr() as *const _) }; + let ret = unsafe { + ffi_extras::SSL_set_tlsext_host_name(self.ssl, cstr.as_ptr() as *const _) + }; // For this case, 0 indicates failure. if ret == 0 { @@ -926,9 +916,7 @@ impl Ssl { /// Returns the number of bytes remaining in the currently processed TLS /// record. pub fn pending(&self) -> usize { - unsafe { - ffi::SSL_pending(self.ssl) as usize - } + unsafe { ffi::SSL_pending(self.ssl) as usize } } /// Returns the compression currently in use. @@ -963,9 +951,7 @@ impl Ssl { return None; } - unsafe { - String::from_utf8(CStr::from_ptr(name).to_bytes().to_vec()).ok() - } + unsafe { String::from_utf8(CStr::from_ptr(name).to_bytes().to_vec()).ok() } } /// change the context corresponding to the current connection @@ -1038,12 +1024,13 @@ impl<S> Drop for SslStream<S> { } } -impl<S> fmt::Debug for SslStream<S> where S: fmt::Debug { +impl<S> fmt::Debug for SslStream<S> where S: fmt::Debug +{ fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result { fmt.debug_struct("SslStream") - .field("stream", &self.get_ref()) - .field("ssl", &self.ssl()) - .finish() + .field("stream", &self.get_ref()) + .field("ssl", &self.ssl()) + .finish() } } @@ -1061,7 +1048,7 @@ impl<S: AsRawSocket> AsRawSocket for SslStream<S> { } } -impl<S: Read+Write> SslStream<S> { +impl<S: Read + Write> SslStream<S> { fn new_base(ssl: Ssl, stream: S) -> Self { unsafe { let (bio, method) = bio::new(stream).unwrap(); @@ -1092,7 +1079,7 @@ impl<S: Read+Write> SslStream<S> { Err(SslError::StreamError(e)) } } - e => Err(e) + e => Err(e), } } } @@ -1114,7 +1101,7 @@ impl<S: Read+Write> SslStream<S> { Err(SslError::StreamError(e)) } } - e => Err(e) + e => Err(e), } } } @@ -1180,8 +1167,10 @@ impl<S> SslStream<S> { LibSslError::ErrorZeroReturn => Error::ZeroReturn, LibSslError::ErrorWantWrite => Error::WantWrite(self.get_bio_error()), LibSslError::ErrorWantRead => Error::WantRead(self.get_bio_error()), - err => Error::Stream(io::Error::new(io::ErrorKind::Other, - format!("unexpected error {:?}", err))), + err => { + Error::Stream(io::Error::new(io::ErrorKind::Other, + format!("unexpected error {:?}", err))) + } } } @@ -1209,8 +1198,10 @@ impl<S> SslStream<S> { LibSslError::ErrorWantWrite | LibSslError::ErrorWantRead => { SslError::StreamError(self.get_bio_error()) } - err => SslError::StreamError(io::Error::new(io::ErrorKind::Other, - format!("unexpected error {:?}", err))), + err => { + SslError::StreamError(io::Error::new(io::ErrorKind::Other, + format!("unexpected error {:?}", err))) + } } } @@ -1218,8 +1209,10 @@ impl<S> SslStream<S> { let error = unsafe { bio::take_error::<S>(self.ssl.get_raw_rbio()) }; match error { Some(error) => error, - None => io::Error::new(io::ErrorKind::Other, - "BUG: got an ErrorSyscall without an error in the BIO?") + None => { + io::Error::new(io::ErrorKind::Other, + "BUG: got an ErrorSyscall without an error in the BIO?") + } } } @@ -1306,14 +1299,17 @@ impl<'a> IntoSsl for &'a SslContext { /// A utility type to help in cases where the use of SSL is decided at runtime. #[derive(Debug)] -pub enum MaybeSslStream<S> where S: Read+Write { +pub enum MaybeSslStream<S> + where S: Read + Write +{ /// A connection using SSL Ssl(SslStream<S>), /// A connection not using SSL Normal(S), } -impl<S> Read for MaybeSslStream<S> where S: Read+Write { +impl<S> Read for MaybeSslStream<S> where S: Read + Write +{ fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> { match *self { MaybeSslStream::Ssl(ref mut s) => s.read(buf), @@ -1322,7 +1318,8 @@ impl<S> Read for MaybeSslStream<S> where S: Read+Write { } } -impl<S> Write for MaybeSslStream<S> where S: Read+Write { +impl<S> Write for MaybeSslStream<S> where S: Read + Write +{ fn write(&mut self, buf: &[u8]) -> io::Result<usize> { match *self { MaybeSslStream::Ssl(ref mut s) => s.write(buf), @@ -1338,7 +1335,8 @@ impl<S> Write for MaybeSslStream<S> where S: Read+Write { } } -impl<S> MaybeSslStream<S> where S: Read+Write { +impl<S> MaybeSslStream<S> where S: Read + Write +{ /// Returns a reference to the underlying stream. pub fn get_ref(&self) -> &S { match *self { @@ -1423,7 +1421,7 @@ impl<S> NonblockingSslStream<S> { } } -impl<S: Read+Write> NonblockingSslStream<S> { +impl<S: Read + Write> NonblockingSslStream<S> { /// Create a new nonblocking client ssl connection on wrapped `stream`. /// /// Note that this method will most likely not actually complete the SSL @@ -1453,7 +1451,7 @@ impl<S: Read+Write> NonblockingSslStream<S> { SslError::OpenSslErrors(e.iter() .map(|e| OpensslError::from_error_code(e.error_code())) .collect()) - .into() + .into() } } } @@ -1477,7 +1475,7 @@ impl<S: Read+Write> NonblockingSslStream<S> { match self.0.ssl_read(buf) { Ok(n) => Ok(n), Err(Error::ZeroReturn) => Ok(0), - Err(e) => Err(self.convert_err(e)) + Err(e) => Err(self.convert_err(e)), } } diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index 025a45a8..7fdbb750 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -12,7 +12,7 @@ use std::thread; use net2::TcpStreamExt; -use crypto::hash::Type::{SHA256}; +use crypto::hash::Type::SHA256; use ssl; use ssl::SSL_VERIFY_PEER; use ssl::SslMethod::Sslv23; @@ -48,20 +48,24 @@ struct Server { } impl Server { - fn spawn(args: &[&str], input: Option<Box<FnMut(ChildStdin) + Send>>) - -> (Server, SocketAddr) { + fn spawn(args: &[&str], input: Option<Box<FnMut(ChildStdin) + Send>>) -> (Server, SocketAddr) { let addr = next_addr(); - let mut child = Command::new("openssl").arg("s_server") - .arg("-accept").arg(addr.port().to_string()) - .args(args) - .arg("-cert").arg("cert.pem") - .arg("-key").arg("key.pem") - .arg("-no_dhe") - .current_dir("test") - .stdout(Stdio::null()) - .stderr(Stdio::null()) - .stdin(Stdio::piped()) - .spawn().unwrap(); + let mut child = Command::new("openssl") + .arg("s_server") + .arg("-accept") + .arg(addr.port().to_string()) + .args(args) + .arg("-cert") + .arg("cert.pem") + .arg("-key") + .arg("key.pem") + .arg("-no_dhe") + .current_dir("test") + .stdout(Stdio::null()) + .stderr(Stdio::null()) + .stdin(Stdio::piped()) + .spawn() + .unwrap(); let stdin = child.stdin.take().unwrap(); if let Some(mut input) = input { thread::spawn(move || input(stdin)); @@ -88,23 +92,27 @@ impl Server { #[cfg(any(feature = "alpn", feature = "npn"))] fn new_alpn() -> (Server, TcpStream) { - Server::new_tcp(&["-www", "-nextprotoneg", "http/1.1,spdy/3.1", - "-alpn", "http/1.1,spdy/3.1"]) + Server::new_tcp(&["-www", + "-nextprotoneg", + "http/1.1,spdy/3.1", + "-alpn", + "http/1.1,spdy/3.1"]) } #[cfg(feature = "dtlsv1")] fn new_dtlsv1<I>(input: I) -> (Server, UdpConnected) - where I: IntoIterator<Item=&'static str>, + where I: IntoIterator<Item = &'static str>, I::IntoIter: Send + 'static { let mut input = input.into_iter(); - let (s, addr) = Server::spawn(&["-dtls1"], Some(Box::new(move |mut io| { - for s in input.by_ref() { - if io.write_all(s.as_bytes()).is_err() { - break - } - } - }))); + let (s, addr) = Server::spawn(&["-dtls1"], + Some(Box::new(move |mut io| { + for s in input.by_ref() { + if io.write_all(s.as_bytes()).is_err() { + break; + } + } + }))); // Need to wait for the UDP socket to get bound in our child process, // but don't currently have a great way to do that so just wait for a // bit. @@ -139,8 +147,10 @@ impl Write for UdpConnected { use std::os::unix::prelude::*; use libc; let n = unsafe { - libc::send(self.0.as_raw_fd(), buf.as_ptr() as *const _, - buf.len() as libc::size_t, 0) + libc::send(self.0.as_raw_fd(), + buf.as_ptr() as *const _, + buf.len() as libc::size_t, + 0) }; if n < 0 { Err(io::Error::last_os_error()) @@ -154,8 +164,10 @@ impl Write for UdpConnected { use std::os::windows::prelude::*; use libc; let n = unsafe { - libc::send(self.0.as_raw_socket(), buf.as_ptr() as *const _, - buf.len() as libc::c_int, 0) + libc::send(self.0.as_raw_socket(), + buf.as_ptr() as *const _, + buf.len() as libc::c_int, + 0) }; if n < 0 { Err(io::Error::last_os_error()) @@ -164,7 +176,9 @@ impl Write for UdpConnected { } } - fn flush(&mut self) -> io::Result<()> { Ok(()) } + fn flush(&mut self) -> io::Result<()> { + Ok(()) + } } macro_rules! run_test( @@ -398,11 +412,11 @@ fn test_set_certificate_and_private_key() { let key_path = Path::new("test/key.pem"); let cert_path = Path::new("test/cert.pem"); let mut key_file = File::open(&key_path) - .ok() - .expect("Failed to open `test/key.pem`"); + .ok() + .expect("Failed to open `test/key.pem`"); let mut cert_file = File::open(&cert_path) - .ok() - .expect("Failed to open `test/cert.pem`"); + .ok() + .expect("Failed to open `test/cert.pem`"); let key = PKey::private_key_from_pem(&mut key_file).unwrap(); let cert = X509::from_pem(&mut cert_file).unwrap(); @@ -467,8 +481,7 @@ run_test!(get_peer_certificate, |method, stream| { fn test_write_dtlsv1() { let (_s, stream) = Server::new_dtlsv1(iter::repeat("y\n")); - let mut stream = SslStream::connect_generic(&SslContext::new(Dtlsv1).unwrap(), - stream).unwrap(); + let mut stream = SslStream::connect_generic(&SslContext::new(Dtlsv1).unwrap(), stream).unwrap(); stream.write_all(b"hello").unwrap(); stream.flush().unwrap(); stream.write_all(b" there").unwrap(); @@ -501,7 +514,7 @@ fn test_pending() { stream.flush().unwrap(); // wait for the response and read first byte... - let mut buf = [0u8; 16*1024]; + let mut buf = [0u8; 16 * 1024]; stream.read(&mut buf[..1]).unwrap(); let pending = stream.ssl().pending(); @@ -521,7 +534,8 @@ fn test_state() { let (_s, tcp) = Server::new(); let stream = SslStream::connect_generic(&SslContext::new(Sslv23).unwrap(), tcp).unwrap(); assert_eq!(stream.ssl().state_string(), "SSLOK "); - assert_eq!(stream.ssl().state_string_long(), "SSL negotiation finished successfully"); + assert_eq!(stream.ssl().state_string_long(), + "SSL negotiation finished successfully"); } /// Tests that connecting with the client using ALPN, but the server not does not @@ -535,11 +549,11 @@ fn test_connect_with_unilateral_alpn() { ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect(&ctx, stream) { Ok(stream) => stream, - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), }; // Since the socket to which we connected is not configured to use ALPN, // there should be no selected protocol... @@ -557,11 +571,11 @@ fn test_connect_with_unilateral_npn() { ctx.set_npn_protocols(&[b"http/1.1", b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect_generic(&ctx, stream) { Ok(stream) => stream, - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), }; // Since the socket to which we connected is not configured to use NPN, // there should be no selected protocol... @@ -579,11 +593,11 @@ fn test_connect_with_alpn_successful_multiple_matching() { ctx.set_alpn_protocols(&[b"spdy/3.1", b"http/1.1"]); match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect(&ctx, stream) { Ok(stream) => stream, - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), }; // The server prefers "http/1.1", so that is chosen, even though the client // would prefer "spdy/3.1" @@ -601,11 +615,11 @@ fn test_connect_with_npn_successful_multiple_matching() { ctx.set_npn_protocols(&[b"spdy/3.1", b"http/1.1"]); match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect_generic(&ctx, stream) { Ok(stream) => stream, - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), }; // The server prefers "http/1.1", so that is chosen, even though the client // would prefer "spdy/3.1" @@ -624,11 +638,11 @@ fn test_connect_with_alpn_successful_single_match() { ctx.set_alpn_protocols(&[b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect(&ctx, stream) { Ok(stream) => stream, - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), }; // The client now only supports one of the server's protocols, so that one // is used. @@ -648,11 +662,11 @@ fn test_connect_with_npn_successful_single_match() { ctx.set_npn_protocols(&[b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect_generic(&ctx, stream) { Ok(stream) => stream, - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), }; // The client now only supports one of the server's protocols, so that one // is used. @@ -671,10 +685,10 @@ fn test_npn_server_advertise_multiple() { let mut ctx = SslContext::new(Sslv23).unwrap(); ctx.set_verify(SSL_VERIFY_PEER, None); ctx.set_npn_protocols(&[b"http/1.1", b"spdy/3.1"]); - assert!(ctx.set_certificate_file( - &Path::new("test/cert.pem"), X509FileType::PEM).is_ok()); - ctx.set_private_key_file( - &Path::new("test/key.pem"), X509FileType::PEM).unwrap(); + assert!(ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) + .is_ok()); + ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM) + .unwrap(); ctx }; // Have the listener wait on the connection in a different thread. @@ -688,13 +702,13 @@ fn test_npn_server_advertise_multiple() { ctx.set_npn_protocols(&[b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } // Now connect to the socket and make sure the protocol negotiation works... let stream = TcpStream::connect(localhost).unwrap(); let stream = match SslStream::connect_generic(&ctx, stream) { Ok(stream) => stream, - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), }; // SPDY is selected since that's the only thing the client supports. assert_eq!(b"spdy/3.1", stream.ssl().selected_npn_protocol().unwrap()); @@ -712,10 +726,10 @@ fn test_alpn_server_advertise_multiple() { let mut ctx = SslContext::new(Sslv23).unwrap(); ctx.set_verify(SSL_VERIFY_PEER, None); ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]); - assert!(ctx.set_certificate_file( - &Path::new("test/cert.pem"), X509FileType::PEM).is_ok()); - ctx.set_private_key_file( - &Path::new("test/key.pem"), X509FileType::PEM).unwrap(); + assert!(ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) + .is_ok()); + ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM) + .unwrap(); ctx }; // Have the listener wait on the connection in a different thread. @@ -729,13 +743,13 @@ fn test_alpn_server_advertise_multiple() { ctx.set_alpn_protocols(&[b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } // Now connect to the socket and make sure the protocol negotiation works... let stream = TcpStream::connect(localhost).unwrap(); let stream = match SslStream::connect(&ctx, stream) { Ok(stream) => stream, - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), }; // SPDY is selected since that's the only thing the client supports. assert_eq!(b"spdy/3.1", stream.ssl().selected_alpn_protocol().unwrap()); @@ -753,10 +767,10 @@ fn test_alpn_server_select_none() { let mut ctx = SslContext::new(Sslv23).unwrap(); ctx.set_verify(SSL_VERIFY_PEER, None); ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]); - assert!(ctx.set_certificate_file( - &Path::new("test/cert.pem"), X509FileType::PEM).is_ok()); - ctx.set_private_key_file( - &Path::new("test/key.pem"), X509FileType::PEM).unwrap(); + assert!(ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) + .is_ok()); + ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM) + .unwrap(); ctx }; // Have the listener wait on the connection in a different thread. @@ -770,13 +784,13 @@ fn test_alpn_server_select_none() { ctx.set_alpn_protocols(&[b"http/2"]); match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } // Now connect to the socket and make sure the protocol negotiation works... let stream = TcpStream::connect(localhost).unwrap(); let stream = match SslStream::connect(&ctx, stream) { Ok(stream) => stream, - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), }; // Since the protocols from the server and client don't overlap at all, no protocol is selected @@ -791,14 +805,14 @@ mod dtlsv1 { use std::net::TcpStream; use std::thread; - use crypto::hash::Type::{SHA256}; + use crypto::hash::Type::SHA256; use ssl::SslMethod; use ssl::SslMethod::Dtlsv1; use ssl::{SslContext, SslStream, VerifyCallback}; use ssl::SSL_VERIFY_PEER; - use x509::{X509StoreContext}; + use x509::X509StoreContext; - const PROTOCOL:SslMethod = Dtlsv1; + const PROTOCOL: SslMethod = Dtlsv1; #[test] fn test_new_ctx() { @@ -811,9 +825,8 @@ mod dtlsv1 { fn test_read_dtlsv1() { let (_s, stream) = Server::new_dtlsv1(Some("hello")); - let mut stream = SslStream::connect_generic(&SslContext::new(Dtlsv1).unwrap(), - stream).unwrap(); - let mut buf = [0u8;100]; + let mut stream = SslStream::connect_generic(&SslContext::new(Dtlsv1).unwrap(), stream).unwrap(); + let mut buf = [0u8; 100]; assert!(stream.read(&mut buf).is_ok()); } @@ -821,21 +834,27 @@ fn test_read_dtlsv1() { #[cfg(feature = "sslv2")] fn test_sslv2_connect_failure() { let (_s, tcp) = Server::new_tcp(&["-no_ssl2", "-www"]); - SslStream::connect_generic(&SslContext::new(Sslv2).unwrap(), - tcp).err().unwrap(); + SslStream::connect_generic(&SslContext::new(Sslv2).unwrap(), tcp) + .err() + .unwrap(); } -fn wait_io(stream: &NonblockingSslStream<TcpStream>, - read: bool, - timeout_ms: u32) -> bool { +fn wait_io(stream: &NonblockingSslStream<TcpStream>, read: bool, timeout_ms: u32) -> bool { unsafe { let mut set: select::fd_set = mem::zeroed(); select::fd_set(&mut set, stream.get_ref()); - let write = if read {0 as *mut _} else {&mut set as *mut _}; - let read = if !read {0 as *mut _} else {&mut set as *mut _}; - select::select(stream.get_ref(), read, write, 0 as *mut _, timeout_ms) - .unwrap() + let write = if read { + 0 as *mut _ + } else { + &mut set as *mut _ + }; + let read = if !read { + 0 as *mut _ + } else { + &mut set as *mut _ + }; + select::select(stream.get_ref(), read, write, 0 as *mut _, timeout_ms).unwrap() } } @@ -858,16 +877,16 @@ fn test_write_nonblocking() { match result { Ok(_) => { break; - }, + } Err(NonblockingSslError::WantRead) => { assert!(wait_io(&stream, true, 1000)); - }, + } Err(NonblockingSslError::WantWrite) => { assert!(wait_io(&stream, false, 1000)); - }, + } Err(other) => { panic!("Unexpected SSL Error: {:?}", other); - }, + } } } @@ -896,16 +915,16 @@ fn test_read_nonblocking() { Ok(n) => { assert_eq!(n, 9); break; - }, + } Err(NonblockingSslError::WantRead) => { assert!(wait_io(&stream, true, 1000)); - }, + } Err(NonblockingSslError::WantWrite) => { assert!(wait_io(&stream, false, 1000)); - }, + } Err(other) => { panic!("Unexpected SSL Error: {:?}", other); - }, + } } } let mut input_buffer = [0u8; 1500]; @@ -916,15 +935,15 @@ fn test_read_nonblocking() { // unlucky context switching, the response could actually // be in the receive buffer before we issue the read() syscall... n - }, + } Err(NonblockingSslError::WantRead) => { assert!(wait_io(&stream, true, 3000)); // Second read should return application data. stream.read(&mut input_buffer).unwrap() - }, + } Err(other) => { panic!("Unexpected SSL Error: {:?}", other); - }, + } }; assert!(bytes_read >= 5); assert_eq!(&input_buffer[..5], b"HTTP/"); |