diff options
| author | Steven Fackler <[email protected]> | 2016-11-12 00:24:12 +0000 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2016-11-12 00:24:12 +0000 |
| commit | 26a3358a2b70b46bf06403b2810c379f5299a551 (patch) | |
| tree | 40efb4305948a67660bd6bcdbdf12d25d3871945 /openssl/src/ssl | |
| parent | Consistently support both PEM and DER encodings (diff) | |
| download | rust-openssl-26a3358a2b70b46bf06403b2810c379f5299a551.tar.xz rust-openssl-26a3358a2b70b46bf06403b2810c379f5299a551.zip | |
Add basic X509_STORE access
There's more to do here, but this enabled addition of trusted CAs from
X509 objects.
Closes #394
Diffstat (limited to 'openssl/src/ssl')
| -rw-r--r-- | openssl/src/ssl/mod.rs | 11 | ||||
| -rw-r--r-- | openssl/src/ssl/tests/mod.rs | 14 |
2 files changed, 25 insertions, 0 deletions
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index c92bf56b..1e0d2e66 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -94,6 +94,7 @@ use {init, cvt, cvt_p}; use dh::DhRef; use ec_key::EcKeyRef; use x509::{X509StoreContextRef, X509FileType, X509, X509Ref, X509VerifyError, X509Name}; +use x509::store::X509StoreBuilderRef; #[cfg(any(ossl102, ossl110))] use verify::X509VerifyParamRef; use pkey::PKeyRef; @@ -739,6 +740,16 @@ impl SslContextBuilder { unsafe { cvt(ffi::SSL_CTX_check_private_key(self.as_ptr())).map(|_| ()) } } + /// Returns a shared reference to the context's certificate store. + pub fn cert_store(&self) -> &X509StoreBuilderRef { + unsafe { X509StoreBuilderRef::from_ptr(ffi::SSL_CTX_get_cert_store(self.as_ptr())) } + } + + /// Returns a mutable reference to the context's certificate store. + pub fn cert_store_mut(&mut self) -> &mut X509StoreBuilderRef { + unsafe { X509StoreBuilderRef::from_ptr_mut(ffi::SSL_CTX_get_cert_store(self.as_ptr())) } + } + pub fn build(self) -> SslContext { let ctx = SslContext(self.0); mem::forget(self); diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index 96c0d585..fa7c6024 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -28,6 +28,7 @@ use std::net::UdpSocket; mod select; +static ROOT_CERT: &'static [u8] = include_bytes!("../../../test/root-ca.pem"); static CERT: &'static [u8] = include_bytes!("../../../test/cert.pem"); static KEY: &'static [u8] = include_bytes!("../../../test/key.pem"); @@ -1192,6 +1193,19 @@ fn client_ca_list() { ctx.set_client_ca_list(names); } +#[test] +fn cert_store() { + let (_s, tcp) = Server::new(); + + let cert = X509::from_pem(ROOT_CERT).unwrap(); + + let mut ctx = SslConnectorBuilder::new(SslMethod::tls()).unwrap(); + ctx.builder_mut().cert_store_mut().add_cert(cert).unwrap(); + let ctx = ctx.build(); + + ctx.connect("foobar.com", tcp).unwrap(); +} + fn _check_kinds() { fn is_send<T: Send>() {} fn is_sync<T: Sync>() {} |