diff options
| author | Steven Fackler <[email protected]> | 2016-11-06 12:16:44 -0800 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2016-11-06 12:17:14 -0800 |
| commit | 1edb6f682eaa728871e39aa41735a668fcc7447c (patch) | |
| tree | e58e5412091483a332c6552290d8fbf2076e532d /openssl/src/ssl | |
| parent | Fix build on 1.0.1 (diff) | |
| download | rust-openssl-1edb6f682eaa728871e39aa41735a668fcc7447c.tar.xz rust-openssl-1edb6f682eaa728871e39aa41735a668fcc7447c.zip | |
Support client CA advertisement
Diffstat (limited to 'openssl/src/ssl')
| -rw-r--r-- | openssl/src/ssl/connector.rs | 1 | ||||
| -rw-r--r-- | openssl/src/ssl/mod.rs | 13 | ||||
| -rw-r--r-- | openssl/src/ssl/tests/mod.rs | 11 |
3 files changed, 22 insertions, 3 deletions
diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs index 0d92529d..55177767 100644 --- a/openssl/src/ssl/connector.rs +++ b/openssl/src/ssl/connector.rs @@ -277,7 +277,6 @@ mod verify { use nid; use x509::{X509StoreContextRef, X509Ref, X509NameRef, GeneralName}; use stack::Stack; - use types::OpenSslTypeRef; pub fn verify_callback(domain: &str, preverify_ok: bool, diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 5c41f6ea..1e7efc63 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -93,13 +93,14 @@ use std::sync::Mutex; use {init, cvt, cvt_p}; use dh::DhRef; use ec_key::EcKeyRef; -use x509::{X509StoreContextRef, X509FileType, X509, X509Ref, X509VerifyError}; +use x509::{X509StoreContextRef, X509FileType, X509, X509Ref, X509VerifyError, X509Name}; #[cfg(any(ossl102, ossl110))] use verify::X509VerifyParamRef; use pkey::PKeyRef; use error::ErrorStack; use types::{OpenSslType, OpenSslTypeRef}; use util::Opaque; +use stack::Stack; mod error; mod connector; @@ -542,6 +543,16 @@ impl SslContextBuilder { } } + /// Sets the list of CAs sent to the client. + /// + /// The CA certificates must still be added to the trust root. + pub fn set_client_ca_list(&mut self, list: Stack<X509Name>) { + unsafe { + ffi::SSL_CTX_set_client_CA_list(self.as_ptr(), list.as_ptr()); + mem::forget(list); + } + } + /// Set the context identifier for sessions /// /// This value identifies the server's session cache to a clients, telling them when they're diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index a84f6b25..146d0806 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -20,7 +20,7 @@ use ssl::SSL_VERIFY_PEER; use ssl::{SslMethod, HandshakeError}; use ssl::{SslContext, SslStream, Ssl, ShutdownResult, SslConnectorBuilder, SslAcceptorBuilder, Error}; -use x509::{X509StoreContext, X509, X509_FILETYPE_PEM}; +use x509::{X509StoreContext, X509, X509Name, X509_FILETYPE_PEM}; #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] use x509::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS; use pkey::PKey; @@ -1184,6 +1184,15 @@ fn shutdown() { assert_eq!(stream.shutdown().unwrap(), ShutdownResult::Received); } +#[test] +fn client_ca_list() { + let names = X509Name::load_client_ca_file("test/root-ca.pem").unwrap(); + assert_eq!(names.len(), 1); + + let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); + ctx.set_client_ca_list(names); +} + fn _check_kinds() { fn is_send<T: Send>() {} fn is_sync<T: Sync>() {} |