diff options
| author | Manuel Schölling <[email protected]> | 2015-03-19 10:15:02 +0100 |
|---|---|---|
| committer | Manuel Schölling <[email protected]> | 2015-04-03 14:34:24 +0200 |
| commit | 632d8398cfd9a3ab146d3208200cbe69018fc4b1 (patch) | |
| tree | 6fd120ec844a1dcb2ee3c173c89a96542c9213b2 /openssl/src/ssl | |
| parent | Change SslVerifyMode to bitflags and add SSL_VERIFY_FAIL_IF_NO_PEER_CERT (diff) | |
| download | rust-openssl-632d8398cfd9a3ab146d3208200cbe69018fc4b1.tar.xz rust-openssl-632d8398cfd9a3ab146d3208200cbe69018fc4b1.zip | |
Add ability to load private keys from files and use raw keys and certificates for SslContext
Diffstat (limited to 'openssl/src/ssl')
| -rw-r--r-- | openssl/src/ssl/mod.rs | 25 | ||||
| -rw-r--r-- | openssl/src/ssl/tests.rs | 25 |
2 files changed, 49 insertions, 1 deletions
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index fd2b3345..578cfcd5 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -22,6 +22,7 @@ use bio::{MemBio}; use ffi; use ssl::error::{SslError, SslSessionClosed, StreamError, OpenSslErrors}; use x509::{X509StoreContext, X509FileType, X509}; +use crypto::pkey::PKey; pub mod error; #[cfg(test)] @@ -400,6 +401,14 @@ impl SslContext { }) } + /// Specifies the certificate + pub fn set_certificate(&mut self, cert: &X509) -> Option<SslError> { + wrap_ssl_result( + unsafe { + ffi::SSL_CTX_use_certificate(*self.ctx, cert.get_handle()) + }) + } + /// Specifies the file that contains private key pub fn set_private_key_file(&mut self, file: &Path, file_type: X509FileType) -> Option<SslError> { @@ -410,6 +419,22 @@ impl SslContext { }) } + /// Specifies the private key + pub fn set_private_key(&mut self, key: &PKey) -> Option<SslError> { + wrap_ssl_result( + unsafe { + ffi::SSL_CTX_use_PrivateKey(*self.ctx, key.get_handle()) + }) + } + + /// Check consistency of private key and certificate + pub fn check_private_key(&mut self) -> Option<SslError> { + wrap_ssl_result( + unsafe { + ffi::SSL_CTX_check_private_key(*self.ctx) + }) + } + pub fn set_cipher_list(&mut self, cipher_list: &str) -> Option<SslError> { wrap_ssl_result( unsafe { diff --git a/openssl/src/ssl/tests.rs b/openssl/src/ssl/tests.rs index cbf4ec62..d5859651 100644 --- a/openssl/src/ssl/tests.rs +++ b/openssl/src/ssl/tests.rs @@ -7,6 +7,7 @@ use std::path::Path; use std::net::TcpListener; #[cfg(feature = "npn")] use std::thread; +use std::fs::File; use crypto::hash::Type::{SHA256}; use ssl; @@ -16,7 +17,8 @@ use ssl::SSL_VERIFY_PEER; use x509::X509StoreContext; #[cfg(feature = "npn")] use x509::X509FileType; -use x509::{X509StoreContext}; +use x509::X509; +use crypto::pkey::PKey; #[test] fn test_new_ctx() { @@ -184,6 +186,27 @@ fn test_verify_callback_data() { } #[test] +fn test_set_certificate_and_private_key() { + let key_path = Path::new("test/key.pem"); + let cert_path = Path::new("test/cert.pem"); + let mut key_file = File::open(&key_path) + .ok() + .expect("Failed to open `test/key.pem`"); + let mut cert_file = File::open(&cert_path) + .ok() + .expect("Failed to open `test/cert.pem`"); + + let key = PKey::private_key_from_pem(&mut key_file).unwrap(); + let cert = X509::from_pem(&mut cert_file).unwrap(); + + let mut ctx = SslContext::new(Sslv23).unwrap(); + ctx.set_private_key(&key); + ctx.set_certificate(&cert); + + assert!(ctx.check_private_key().is_none()); +} + +#[test] fn test_get_ctx_options() { let mut ctx = SslContext::new(Sslv23).unwrap(); ctx.get_options(); |