diff options
| author | Steven Fackler <[email protected]> | 2017-07-15 21:46:11 -0700 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2017-07-15 21:46:11 -0700 |
| commit | bcd0dcafcba31b7239faf1d582871f8fa83d69e9 (patch) | |
| tree | f090be453d289f0f17ca4f6a3f458881e6f7091a /openssl/src/ssl | |
| parent | Init before creating ex indexes (diff) | |
| download | rust-openssl-bcd0dcafcba31b7239faf1d582871f8fa83d69e9.tar.xz rust-openssl-bcd0dcafcba31b7239faf1d582871f8fa83d69e9.zip | |
Rustfmt
Diffstat (limited to 'openssl/src/ssl')
| -rw-r--r-- | openssl/src/ssl/bio.rs | 21 | ||||
| -rw-r--r-- | openssl/src/ssl/connector.rs | 106 | ||||
| -rw-r--r-- | openssl/src/ssl/mod.rs | 472 | ||||
| -rw-r--r-- | openssl/src/ssl/tests/mod.rs | 162 | ||||
| -rw-r--r-- | openssl/src/ssl/tests/select.rs | 26 |
5 files changed, 481 insertions, 306 deletions
diff --git a/openssl/src/ssl/bio.rs b/openssl/src/ssl/bio.rs index 4dc7cbd4..86a055a5 100644 --- a/openssl/src/ssl/bio.rs +++ b/openssl/src/ssl/bio.rs @@ -71,7 +71,7 @@ unsafe fn state<'a, S: 'a>(bio: *mut BIO) -> &'a mut StreamState<S> { &mut *(compat::BIO_get_data(bio) as *mut _) } -unsafe extern fn bwrite<S: Write>(bio: *mut BIO, buf: *const c_char, len: c_int) -> c_int { +unsafe extern "C" fn bwrite<S: Write>(bio: *mut BIO, buf: *const c_char, len: c_int) -> c_int { BIO_clear_retry_flags(bio); let state = state::<S>(bio); @@ -93,7 +93,7 @@ unsafe extern fn bwrite<S: Write>(bio: *mut BIO, buf: *const c_char, len: c_int) } } -unsafe extern fn bread<S: Read>(bio: *mut BIO, buf: *mut c_char, len: c_int) -> c_int { +unsafe extern "C" fn bread<S: Read>(bio: *mut BIO, buf: *mut c_char, len: c_int) -> c_int { BIO_clear_retry_flags(bio); let state = state::<S>(bio); @@ -123,15 +123,16 @@ fn retriable_error(err: &io::Error) -> bool { } } -unsafe extern fn bputs<S: Write>(bio: *mut BIO, s: *const c_char) -> c_int { +unsafe extern "C" fn bputs<S: Write>(bio: *mut BIO, s: *const c_char) -> c_int { bwrite::<S>(bio, s, strlen(s) as c_int) } -unsafe extern fn ctrl<S: Write>(bio: *mut BIO, - cmd: c_int, - _num: c_long, - _ptr: *mut c_void) - -> c_long { +unsafe extern "C" fn ctrl<S: Write>( + bio: *mut BIO, + cmd: c_int, + _num: c_long, + _ptr: *mut c_void, +) -> c_long { if cmd == BIO_CTRL_FLUSH { let state = state::<S>(bio); @@ -151,7 +152,7 @@ unsafe extern fn ctrl<S: Write>(bio: *mut BIO, } } -unsafe extern fn create(bio: *mut BIO) -> c_int { +unsafe extern "C" fn create(bio: *mut BIO) -> c_int { compat::BIO_set_init(bio, 0); compat::BIO_set_num(bio, 0); compat::BIO_set_data(bio, ptr::null_mut()); @@ -159,7 +160,7 @@ unsafe extern fn create(bio: *mut BIO) -> c_int { 1 } -unsafe extern fn destroy<S>(bio: *mut BIO) -> c_int { +unsafe extern "C" fn destroy<S>(bio: *mut BIO) -> c_int { if bio.is_null() { return 0; } diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs index e4500c6e..969ad396 100644 --- a/openssl/src/ssl/connector.rs +++ b/openssl/src/ssl/connector.rs @@ -40,7 +40,7 @@ fn ctx(method: SslMethod) -> Result<SslContextBuilder, ErrorStack> { ctx.set_options(opts); let mode = ssl::SSL_MODE_AUTO_RETRY | ssl::SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | - ssl::SSL_MODE_ENABLE_PARTIAL_WRITE; + ssl::SSL_MODE_ENABLE_PARTIAL_WRITE; ctx.set_mode(mode); Ok(ctx) @@ -57,9 +57,11 @@ impl SslConnectorBuilder { let mut ctx = try!(ctx(method)); try!(ctx.set_default_verify_paths()); // From https://github.com/python/cpython/blob/c30098c8c6014f3340a369a31df9c74bdbacc269/Lib/ssl.py#L191 - try!(ctx.set_cipher_list("ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:\ + try!(ctx.set_cipher_list( + "ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:\ DH+AES256:ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:\ - RSA+AES:RSA+HIGH:!aNULL:!eNULL:!MD5:!3DES")); + RSA+AES:RSA+HIGH:!aNULL:!eNULL:!MD5:!3DES", + )); setup_verify(&mut ctx); Ok(SslConnectorBuilder(ctx)) @@ -96,7 +98,8 @@ impl SslConnector { /// /// The domain is used for SNI and hostname verification. pub fn connect<S>(&self, domain: &str, stream: S) -> Result<SslStream<S>, HandshakeError<S>> - where S: Read + Write + where + S: Read + Write, { try!(self.configure()).connect(domain, stream) } @@ -140,7 +143,8 @@ impl ConnectConfiguration { /// /// The domain is used for SNI and hostname verification. pub fn connect<S>(mut self, domain: &str, stream: S) -> Result<SslStream<S>, HandshakeError<S>> - where S: Read + Write + where + S: Read + Write, { try!(self.0.set_hostname(domain)); try!(setup_verify_hostname(&mut self.0, domain)); @@ -176,13 +180,15 @@ impl SslAcceptorBuilder { /// recommendations. See its [documentation][docs] for more details on specifics. /// /// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS - pub fn mozilla_intermediate<I>(method: SslMethod, - private_key: &PKeyRef, - certificate: &X509Ref, - chain: I) - -> Result<SslAcceptorBuilder, ErrorStack> - where I: IntoIterator, - I::Item: AsRef<X509Ref> + pub fn mozilla_intermediate<I>( + method: SslMethod, + private_key: &PKeyRef, + certificate: &X509Ref, + chain: I, + ) -> Result<SslAcceptorBuilder, ErrorStack> + where + I: IntoIterator, + I::Item: AsRef<X509Ref>, { let builder = try!(SslAcceptorBuilder::mozilla_intermediate_raw(method)); builder.finish_setup(private_key, certificate, chain) @@ -194,13 +200,15 @@ impl SslAcceptorBuilder { /// See its [documentation][docs] for more details on specifics. /// /// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS - pub fn mozilla_modern<I>(method: SslMethod, - private_key: &PKeyRef, - certificate: &X509Ref, - chain: I) - -> Result<SslAcceptorBuilder, ErrorStack> - where I: IntoIterator, - I::Item: AsRef<X509Ref> + pub fn mozilla_modern<I>( + method: SslMethod, + private_key: &PKeyRef, + certificate: &X509Ref, + chain: I, + ) -> Result<SslAcceptorBuilder, ErrorStack> + where + I: IntoIterator, + I::Item: AsRef<X509Ref>, { let builder = try!(SslAcceptorBuilder::mozilla_modern_raw(method)); builder.finish_setup(private_key, certificate, chain) @@ -212,7 +220,8 @@ impl SslAcceptorBuilder { let dh = try!(Dh::from_pem(DHPARAM_PEM.as_bytes())); try!(ctx.set_tmp_dh(&dh)); try!(setup_curves(&mut ctx)); - try!(ctx.set_cipher_list("ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:\ + try!(ctx.set_cipher_list( + "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:\ ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:\ ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:\ DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:\ @@ -225,7 +234,8 @@ impl SslAcceptorBuilder { ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:\ EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:\ AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:\ - DES-CBC3-SHA:!DSS")); + DES-CBC3-SHA:!DSS", + )); Ok(SslAcceptorBuilder(ctx)) } @@ -233,21 +243,25 @@ impl SslAcceptorBuilder { pub fn mozilla_modern_raw(method: SslMethod) -> Result<SslAcceptorBuilder, ErrorStack> { let mut ctx = try!(ctx(method)); try!(setup_curves(&mut ctx)); - try!(ctx.set_cipher_list("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:\ + try!(ctx.set_cipher_list( + "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:\ ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:\ ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:\ ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:\ - ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256")); + ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256", + )); Ok(SslAcceptorBuilder(ctx)) } - fn finish_setup<I>(mut self, - private_key: &PKeyRef, - certificate: &X509Ref, - chain: I) - -> Result<SslAcceptorBuilder, ErrorStack> - where I: IntoIterator, - I::Item: AsRef<X509Ref> + fn finish_setup<I>( + mut self, + private_key: &PKeyRef, + certificate: &X509Ref, + chain: I, + ) -> Result<SslAcceptorBuilder, ErrorStack> + where + I: IntoIterator, + I::Item: AsRef<X509Ref>, { try!(self.0.set_private_key(private_key)); try!(self.0.set_certificate(certificate)); @@ -303,7 +317,8 @@ pub struct SslAcceptor(SslContext); impl SslAcceptor { /// Initiates a server-side TLS session on a stream. pub fn accept<S>(&self, stream: S) -> Result<SslStream<S>, HandshakeError<S>> - where S: Read + Write + where + S: Read + Write, { let ssl = try!(Ssl::new(&self.0)); ssl.accept(stream) @@ -320,7 +335,7 @@ fn setup_verify(ctx: &mut SslContextBuilder) { ctx.set_verify_callback(SSL_VERIFY_PEER, |p, x509| { let hostname = match x509.ssl() { Ok(Some(ssl)) => ssl.ex_data(*HOSTNAME_IDX), - _ => None + _ => None, }; match hostname { Some(hostname) => verify::verify_callback(hostname, p, x509), @@ -352,10 +367,11 @@ mod verify { use x509::{X509StoreContextRef, X509Ref, X509NameRef, GeneralName}; use stack::Stack; - pub fn verify_callback(domain: &str, - preverify_ok: bool, - x509_ctx: &X509StoreContextRef) - -> bool { + pub fn verify_callback( + domain: &str, + preverify_ok: bool, + x509_ctx: &X509StoreContextRef, + ) -> bool { if !preverify_ok || x509_ctx.error_depth() != 0 { return preverify_ok; } @@ -497,14 +513,16 @@ mod verify { match (expected, actual.len()) { (&IpAddr::V4(ref addr), 4) => actual == addr.octets(), (&IpAddr::V6(ref addr), 16) => { - let segments = [((actual[0] as u16) << 8) | actual[1] as u16, - ((actual[2] as u16) << 8) | actual[3] as u16, - ((actual[4] as u16) << 8) | actual[5] as u16, - ((actual[6] as u16) << 8) | actual[7] as u16, - ((actual[8] as u16) << 8) | actual[9] as u16, - ((actual[10] as u16) << 8) | actual[11] as u16, - ((actual[12] as u16) << 8) | actual[13] as u16, - ((actual[14] as u16) << 8) | actual[15] as u16]; + let segments = [ + ((actual[0] as u16) << 8) | actual[1] as u16, + ((actual[2] as u16) << 8) | actual[3] as u16, + ((actual[4] as u16) << 8) | actual[5] as u16, + ((actual[6] as u16) << 8) | actual[7] as u16, + ((actual[8] as u16) << 8) | actual[9] as u16, + ((actual[10] as u16) << 8) | actual[11] as u16, + ((actual[12] as u16) << 8) | actual[13] as u16, + ((actual[14] as u16) << 8) | actual[15] as u16, + ]; segments == addr.segments() } _ => false, diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index c5bd4021..ef1a26d5 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -251,18 +251,18 @@ lazy_static! { // when context is freed fn get_callback_idx<T: Any + 'static>() -> c_int { *INDEXES - .lock() - .unwrap() - .entry(TypeId::of::<T>()) - .or_insert_with(|| get_new_idx::<T>()) + .lock() + .unwrap() + .entry(TypeId::of::<T>()) + .or_insert_with(|| get_new_idx::<T>()) } fn get_ssl_callback_idx<T: Any + 'static>() -> c_int { *SSL_INDEXES - .lock() - .unwrap() - .entry(TypeId::of::<T>()) - .or_insert_with(|| get_new_ssl_idx::<T>()) + .lock() + .unwrap() + .entry(TypeId::of::<T>()) + .or_insert_with(|| get_new_ssl_idx::<T>()) } lazy_static! { @@ -274,12 +274,14 @@ lazy_static! { static ref ALPN_PROTOS_IDX: c_int = get_new_idx::<Vec<u8>>(); } -unsafe extern "C" fn free_data_box<T>(_parent: *mut c_void, - ptr: *mut c_void, - _ad: *mut ffi::CRYPTO_EX_DATA, - _idx: c_int, - _argl: c_long, - _argp: *mut c_void) { +unsafe extern "C" fn free_data_box<T>( + _parent: *mut c_void, + ptr: *mut c_void, + _ad: *mut ffi::CRYPTO_EX_DATA, + _idx: c_int, + _argl: c_long, + _argp: *mut c_void, +) { if !ptr.is_null() { Box::<T>::from_raw(ptr as *mut T); } @@ -366,13 +368,16 @@ impl SslContextBuilder { /// Configures the certificate verification method for new connections and /// registers a verification callback. pub fn set_verify_callback<F>(&mut self, mode: SslVerifyMode, verify: F) - where F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send + where + F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send, { unsafe { let verify = Box::new(verify); - ffi::SSL_CTX_set_ex_data(self.as_ptr(), - get_callback_idx::<F>(), - mem::transmute(verify)); + ffi::SSL_CTX_set_ex_data( + self.as_ptr(), + get_callback_idx::<F>(), + mem::transmute(verify), + ); ffi::SSL_CTX_set_verify(self.as_ptr(), mode.bits as c_int, Some(raw_verify::<F>)); } } @@ -382,13 +387,16 @@ impl SslContextBuilder { /// Obtain the server name with `servername` then set the corresponding context /// with `set_ssl_context` pub fn set_servername_callback<F>(&mut self, callback: F) - where F: Fn(&mut SslRef) -> Result<(), SniError> + Any + 'static + Sync + Send + where + F: Fn(&mut SslRef) -> Result<(), SniError> + Any + 'static + Sync + Send, { unsafe { let callback = Box::new(callback); - ffi::SSL_CTX_set_ex_data(self.as_ptr(), - get_callback_idx::<F>(), - mem::transmute(callback)); + ffi::SSL_CTX_set_ex_data( + self.as_ptr(), + get_callback_idx::<F>(), + mem::transmute(callback), + ); let f: extern "C" fn(_, _, _) -> _ = raw_sni::<F>; let f: extern "C" fn() = mem::transmute(f); ffi::SSL_CTX_set_tlsext_servername_callback(self.as_ptr(), Some(f)); @@ -409,7 +417,10 @@ impl SslContextBuilder { pub fn set_verify_cert_store(&mut self, cert_store: X509Store) -> Result<(), ErrorStack> { unsafe { let ptr = cert_store.as_ptr(); - try!(cvt(ffi::SSL_CTX_set0_verify_cert_store(self.as_ptr(), ptr) as c_int)); + try!(cvt( + ffi::SSL_CTX_set0_verify_cert_store(self.as_ptr(), ptr) as + c_int, + )); mem::forget(cert_store); Ok(()) @@ -434,32 +445,41 @@ impl SslContextBuilder { } pub fn set_tmp_dh_callback<F>(&mut self, callback: F) - where F: Fn(&mut SslRef, bool, u32) -> Result<Dh, ErrorStack> + Any + 'static + Sync + Send + where + F: Fn(&mut SslRef, bool, u32) -> Result<Dh, ErrorStack> + Any + 'static + Sync + Send, { unsafe { let callback = Box::new(callback); - ffi::SSL_CTX_set_ex_data(self.as_ptr(), - get_callback_idx::<F>(), - Box::into_raw(callback) as *mut c_void); + ffi::SSL_CTX_set_ex_data( + self.as_ptr(), + get_callback_idx::<F>(), + Box::into_raw(callback) as *mut c_void, + ); let f: unsafe extern "C" fn(_, _, _) -> _ = raw_tmp_dh::<F>; ffi::SSL_CTX_set_tmp_dh_callback(self.as_ptr(), f); } } pub fn set_tmp_ecdh(&mut self, key: &EcKeyRef) -> Result<(), ErrorStack> { - unsafe { cvt(ffi::SSL_CTX_set_tmp_ecdh(self.as_ptr(), key.as_ptr()) as c_int).map(|_| ()) } + unsafe { + cvt(ffi::SSL_CTX_set_tmp_ecdh(self.as_ptr(), key.as_ptr()) as + c_int).map(|_| ()) + } } /// Requires the `v101` feature and OpenSSL 1.0.1, or the `v102` feature and OpenSSL 1.0.2. #[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))] pub fn set_tmp_ecdh_callback<F>(&mut self, callback: F) - where F: Fn(&mut SslRef, bool, u32) -> Result<EcKey, ErrorStack> + Any + 'static + Sync + Send + where + F: Fn(&mut SslRef, bool, u32) -> Result<EcKey, ErrorStack> + Any + 'static + Sync + Send, { unsafe { let callback = Box::new(callback); - ffi::SSL_CTX_set_ex_data(self.as_ptr(), - get_callback_idx::<F>(), - Box::into_raw(callback) as *mut c_void); + ffi::SSL_CTX_set_ex_data( + self.as_ptr(), + get_callback_idx::<F>(), + Box::into_raw(callback) as *mut c_void, + ); let f: unsafe extern "C" fn(_, _, _) -> _ = raw_tmp_ecdh::<F>; ffi::SSL_CTX_set_tmp_ecdh_callback(self.as_ptr(), f); } @@ -478,10 +498,11 @@ impl SslContextBuilder { pub fn set_ca_file<P: AsRef<Path>>(&mut self, file: P) -> Result<(), ErrorStack> { let file = CString::new(file.as_ref().as_os_str().to_str().unwrap()).unwrap(); unsafe { - cvt(ffi::SSL_CTX_load_verify_locations(self.as_ptr(), - file.as_ptr() as *const _, - ptr::null())) - .map(|_| ()) + cvt(ffi::SSL_CTX_load_verify_locations( + self.as_ptr(), + file.as_ptr() as *const _, + ptr::null(), + )).map(|_| ()) } } @@ -506,24 +527,27 @@ impl SslContextBuilder { pub fn set_session_id_context(&mut self, sid_ctx: &[u8]) -> Result<(), ErrorStack> { unsafe { assert!(sid_ctx.len() <= c_uint::max_value() as usize); - cvt(ffi::SSL_CTX_set_session_id_context(self.as_ptr(), - sid_ctx.as_ptr(), - sid_ctx.len() as c_uint)) - .map(|_| ()) + cvt(ffi::SSL_CTX_set_session_id_context( + self.as_ptr(), + sid_ctx.as_ptr(), + sid_ctx.len() as c_uint, + )).map(|_| ()) } } /// Loads a certificate from a file. - pub fn set_certificate_file<P: AsRef<Path>>(&mut self, - file: P, - file_type: X509FileType) - -> Result<(), ErrorStack> { + pub fn set_certificate_file<P: AsRef<Path>>( + &mut self, + file: P, + file_type: X509FileType, + ) -> Result<(), ErrorStack> { let file = CString::new(file.as_ref().as_os_str().to_str().unwrap()).unwrap(); unsafe { - cvt(ffi::SSL_CTX_use_certificate_file(self.as_ptr(), - file.as_ptr() as *const _, - file_type.as_raw())) - .map(|_| ()) + cvt(ffi::SSL_CTX_use_certificate_file( + self.as_ptr(), + file.as_ptr() as *const _, + file_type.as_raw(), + )).map(|_| ()) } } @@ -532,13 +556,16 @@ impl SslContextBuilder { /// The file should contain a sequence of PEM-formatted certificates, the first being the leaf /// certificate, and the remainder forming the chain of certificates up to and including the /// trusted root certificate. - pub fn set_certificate_chain_file<P: AsRef<Path>>(&mut self, - file: P) - -> Result<(), ErrorStack> { + pub fn set_certificate_chain_file<P: AsRef<Path>>( + &mut self, + file: P, + ) -> Result<(), ErrorStack> { let file = CString::new(file.as_ref().as_os_str().to_str().unwrap()).unwrap(); unsafe { - cvt(ffi::SSL_CTX_use_certificate_chain_file(self.as_ptr(), file.as_ptr() as *const _)) - .map(|_| ()) + cvt(ffi::SSL_CTX_use_certificate_chain_file( + self.as_ptr(), + file.as_ptr() as *const _, + )).map(|_| ()) } } @@ -553,23 +580,28 @@ impl SslContextBuilder { /// `set_certificate` to a trusted root. pub fn add_extra_chain_cert(&mut self, cert: X509) -> Result<(), ErrorStack> { unsafe { - try!(cvt(ffi::SSL_CTX_add_extra_chain_cert(self.as_ptr(), cert.as_ptr()) as c_int)); + try!(cvt(ffi::SSL_CTX_add_extra_chain_cert( + self.as_ptr(), + cert.as_ptr(), + ) as c_int)); mem::forget(cert); Ok(()) } } /// Loads the private key from a file. - pub fn set_private_key_file<P: AsRef<Path>>(&mut self, - file: P, - file_type: X509FileType) - -> Result<(), ErrorStack> { + pub fn set_private_key_file<P: AsRef<Path>>( + &mut self, + file: P, + file_type: X509FileType, + ) -> Result<(), ErrorStack> { let file = CString::new(file.as_ref().as_os_str().to_str().unwrap()).unwrap(); unsafe { - cvt(ffi::SSL_CTX_use_PrivateKey_file(self.as_ptr(), - file.as_ptr() as *const _, - file_type.as_raw())) - .map(|_| ()) + cvt(ffi::SSL_CTX_use_PrivateKey_file( + self.as_ptr(), + file.as_ptr() as *const _, + file_type.as_raw(), + )).map(|_| ()) } } @@ -584,8 +616,10 @@ impl SslContextBuilder { pub fn set_cipher_list(&mut self, cipher_list: &str) -> Result<(), ErrorStack> { let cipher_list = CString::new(cipher_list).unwrap(); unsafe { - cvt(ffi::SSL_CTX_set_cipher_list(self.as_ptr(), cipher_list.as_ptr() as *const _)) - .map(|_| ()) + cvt(ffi::SSL_CTX_set_cipher_list( + self.as_ptr(), + cipher_list.as_ptr() as *const _, + )).map(|_| ()) } } @@ -597,7 +631,7 @@ impl SslContextBuilder { self._set_ecdh_auto(onoff) } - #[cfg(any(ossl102,libressl))] + #[cfg(any(ossl102, libressl))] fn _set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> { unsafe { cvt(ffi::SSL_CTX_set_ecdh_auto(self.as_ptr(), onoff as c_int)).map(|_| ()) } } @@ -627,20 +661,26 @@ impl SslContextBuilder { unsafe { // Attach the protocol list to the OpenSSL context structure, // so that we can refer to it within the callback. - try!(cvt(ffi::SSL_CTX_set_ex_data(self.as_ptr(), - *NPN_PROTOS_IDX, - Box::into_raw(protocols) as *mut c_void))); + try!(cvt(ffi::SSL_CTX_set_ex_data( + self.as_ptr(), + *NPN_PROTOS_IDX, + Box::into_raw(protocols) as *mut c_void, + ))); // Now register the callback that performs the default protocol // matching based on the client-supported list of protocols that // has been saved. - ffi::SSL_CTX_set_next_proto_select_cb(self.as_ptr(), - raw_next_proto_select_cb, - ptr::null_mut()); + ffi::SSL_CTX_set_next_proto_select_cb( + self.as_ptr(), + raw_next_proto_select_cb, + ptr::null_mut(), + ); // Also register the callback to advertise these protocols, if a server socket is // created with the context. - ffi::SSL_CTX_set_next_protos_advertised_cb(self.as_ptr(), - raw_next_protos_advertise_cb, - ptr::null_mut()); + ffi::SSL_CTX_set_next_protos_advertised_cb( + self.as_ptr(), + raw_next_protos_advertise_cb, + ptr::null_mut(), + ); Ok(()) } } @@ -658,9 +698,11 @@ impl SslContextBuilder { let protocols: Box<Vec<u8>> = Box::new(ssl_encode_byte_strings(protocols)); unsafe { // Set the context's internal protocol list for use if we are a server - let r = ffi::SSL_CTX_set_alpn_protos(self.as_ptr(), - protocols.as_ptr(), - protocols.len() as c_uint); + let r = ffi::SSL_CTX_set_alpn_protos( + self.as_ptr(), + protocols.as_ptr(), + protocols.len() as c_uint, + ); // fun fact, SSL_CTX_set_alpn_protos has a reversed return code D: if r != 0 { return Err(ErrorStack::get()); @@ -670,9 +712,11 @@ impl SslContextBuilder { // ssl ctx's ex_data so that we can configure a function to free it later. In the // future, it might make sense to pull this into our internal struct Ssl instead of // leaning on openssl and using function pointers. - try!(cvt(ffi::SSL_CTX_set_ex_data(self.as_ptr(), - *ALPN_PROTOS_IDX, - Box::into_raw(protocols) as *mut c_void))); + try!(cvt(ffi::SSL_CTX_set_ex_data( + self.as_ptr(), + *ALPN_PROTOS_IDX, + Box::into_raw(protocols) as *mut c_void, + ))); // Now register the callback that performs the default protocol // matching based on the client-supported list of protocols that @@ -711,15 +755,21 @@ impl SslContextBuilder { /// response of `Ok(true)` indicates that the OCSP status should be returned to the client, and /// `Ok(false)` indicates that the status should not be returned to the client. pub fn set_status_callback<F>(&mut self, callback: F) -> Result<(), ErrorStack> - where F: Fn(&mut SslRef) -> Result<bool, ErrorStack> + Any + 'static + Sync + Send + where + F: Fn(&mut SslRef) -> Result<bool, ErrorStack> + Any + 'static + Sync + Send, { unsafe { let callback = Box::new(callback); - ffi::SSL_CTX_set_ex_data(self.as_ptr(), - get_callback_idx::<F>(), - Box::into_raw(callback) as *mut c_void); + ffi::SSL_CTX_set_ex_data( + self.as_ptr(), + get_callback_idx::<F>(), + Box::into_raw(callback) as *mut c_void, + ); let f: unsafe extern "C" fn(_, _) -> _ = raw_tlsext_status::<F>; - cvt(ffi::SSL_CTX_set_tlsext_status_cb(self.as_ptr(), Some(f)) as c_int).map(|_| ()) + cvt(ffi::SSL_CTX_set_tlsext_status_cb( + self.as_ptr(), + Some(f), + ) as c_int).map(|_| ()) } } @@ -730,13 +780,20 @@ impl SslContextBuilder { /// must be written as a null-terminated C string. #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] pub fn set_psk_callback<F>(&mut self, callback: F) - where F: Fn(&mut SslRef, Option<&[u8]>, &mut [u8], &mut [u8]) -> Result<usize, ErrorStack> + Any + 'static + Sync + Send + where + F: Fn(&mut SslRef, Option<&[u8]>, &mut [u8], &mut [u8]) -> Result<usize, ErrorStack> + + Any + + 'static + + Sync + + Send, { unsafe { let callback = Box::new(callback); - ffi::SSL_CTX_set_ex_data(self.as_ptr(), - get_callback_idx::<F>(), - mem::transmute(callback)); + ffi::SSL_CTX_set_ex_data( + self.as_ptr(), + get_callback_idx::<F>(), + mem::transmute(callback), + ); ffi::SSL_CTX_set_psk_client_callback(self.as_ptr(), Some(raw_psk::<F>)) } } @@ -745,7 +802,11 @@ impl SslContextBuilder { pub fn set_ex_data<T>(&mut self, index: Index<SslContext, T>, data: T) { unsafe { let data = Box::new(data); - ffi::SSL_CTX_set_ex_data(self.as_ptr(), index.as_raw(), Box::into_raw(data) as *mut c_void); + ffi::SSL_CTX_set_ex_data( + self.as_ptr(), + index.as_raw(), + Box::into_raw(data) as *mut c_void, + ); } } @@ -794,7 +855,7 @@ impl SslContext { /// index. pub fn new_ex_index<T>() -> Result<Index<SslContext, T>, ErrorStack> where - T: 'static + Sync + Send + T: 'static + Sync + Send, { unsafe { ffi::init(); @@ -1023,7 +1084,7 @@ impl Ssl { /// index. pub fn new_ex_index<T>() -> Result<Index<Ssl, T>, ErrorStack> where - T: 'static + Sync + Send + T: 'static + Sync + Send, { unsafe { ffi::init(); @@ -1078,13 +1139,16 @@ impl SslRef { /// to the certificate chain. It should return `true` if the certificate /// chain is valid and `false` otherwise. pub fn set_verify_callback<F>(&mut self, mode: SslVerifyMode, verify: F) - where F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send + where + F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send, { unsafe { let verify = Box::new(verify); - ffi::SSL_set_ex_data(self.as_ptr(), - get_ssl_callback_idx::<F>(), - mem::transmute(verify)); + ffi::SSL_set_ex_data( + self.as_ptr(), + get_ssl_callback_idx::<F>(), + mem::transmute(verify), + ); ffi::SSL_set_verify(self.as_ptr(), mode.bits as c_int, Some(ssl_raw_verify::<F>)); } } @@ -1094,13 +1158,16 @@ impl SslRef { } pub fn set_tmp_dh_callback<F>(&mut self, callback: F) - where F: Fn(&mut SslRef, bool, u32) -> Result<Dh, ErrorStack> + Any + 'static + Sync + Send + where + F: Fn(&mut SslRef, bool, u32) -> Result<Dh, ErrorStack> + Any + 'static + Sync + Send, { unsafe { let callback = Box::new(callback); - ffi::SSL_set_ex_data(self.as_ptr(), - get_ssl_callback_idx::<F>(), - Box::into_raw(callback) as *mut c_void); + ffi::SSL_set_ex_data( + self.as_ptr(), + get_ssl_callback_idx::<F>(), + Box::into_raw(callback) as *mut c_void, + ); let f: unsafe extern "C" fn(_, _, _) -> _ = raw_tmp_dh_ssl::<F>; ffi::SSL_set_tmp_dh_callback(self.as_ptr(), f); } @@ -1113,13 +1180,16 @@ impl SslRef { /// Requires the `v101` feature and OpenSSL 1.0.1, or the `v102` feature and OpenSSL 1.0.2. #[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))] pub fn set_tmp_ecdh_callback<F>(&mut self, callback: F) - where F: Fn(&mut SslRef, bool, u32) -> Result<EcKey, ErrorStack> + Any + 'static + Sync + Send + where + F: Fn(&mut SslRef, bool, u32) -> Result<EcKey, ErrorStack> + Any + 'static + Sync + Send, { unsafe { let callback = Box::new(callback); - ffi::SSL_set_ex_data(self.as_ptr(), - get_ssl_callback_idx::<F>(), - Box::into_raw(callback) as *mut c_void); + ffi::SSL_set_ex_data( + self.as_ptr(), + get_ssl_callback_idx::<F>(), + Box::into_raw(callback) as *mut c_void, + ); let f: unsafe extern "C" fn(_, _, _) -> _ = raw_tmp_ecdh_ssl::<F>; ffi::SSL_set_tmp_ecdh_callback(self.as_ptr(), f); } @@ -1169,8 +1239,10 @@ impl SslRef { pub fn set_hostname(&mut self, hostname: &str) -> Result<(), ErrorStack> { let cstr = CString::new(hostname).unwrap(); unsafe { - cvt(ffi::SSL_set_tlsext_host_name(self.as_ptr(), cstr.as_ptr() as *mut _) as c_int) - .map(|_| ()) + cvt(ffi::SSL_set_tlsext_host_name( + self.as_ptr(), + cstr.as_ptr() as *mut _, + ) as c_int).map(|_| ()) } } @@ -1285,7 +1357,9 @@ impl SslRef { return None; } let meth = ffi::SSL_COMP_get_name(ptr); - Some(str::from_utf8(CStr::from_ptr(meth as *const _).to_bytes()).unwrap()) + Some( + str::from_utf8(CStr::from_ptr(meth as *const _).to_bytes()).unwrap(), + ) } } @@ -1302,7 +1376,9 @@ impl SslRef { return None; } - Some(str::from_utf8(CStr::from_ptr(name as *const _).to_bytes()).unwrap()) + Some( + str::from_utf8(CStr::from_ptr(name as *const _).to_bytes()).unwrap(), + ) } } @@ -1367,7 +1443,10 @@ impl SslRef { /// Sets the status response a client wishes the server to reply with. pub fn set_status_type(&mut self, type_: StatusType) -> Result<(), ErrorStack> { unsafe { - cvt(ffi::SSL_set_tlsext_status_type(self.as_ptr(), type_.as_raw()) as c_int).map(|_| ()) + cvt(ffi::SSL_set_tlsext_status_type( + self.as_ptr(), + type_.as_raw(), + ) as c_int).map(|_| ()) } } @@ -1389,15 +1468,17 @@ impl SslRef { pub fn set_ocsp_status(&mut self, response: &[u8]) -> Result<(), ErrorStack> { unsafe { assert!(response.len() <= c_int::max_value() as usize); - let p = try!(cvt_p(ffi::CRYPTO_malloc(response.len() as _, - concat!(file!(), "\0").as_ptr() as *const _, - line!() as c_int))); + let p = try!(cvt_p(ffi::CRYPTO_malloc( + response.len() as _, + concat!(file!(), "\0").as_ptr() as *const _, + line!() as c_int, + ))); ptr::copy_nonoverlapping(response.as_ptr(), p as *mut u8, response.len()); - cvt(ffi::SSL_set_tlsext_status_ocsp_resp(self.as_ptr(), - p as *mut c_uchar, - response.len() as c_long) as - c_int) - .map(|_| ()) + cvt(ffi::SSL_set_tlsext_status_ocsp_resp( + self.as_ptr(), + p as *mut c_uchar, + response.len() as c_long, + ) as c_int).map(|_| ()) } } @@ -1410,7 +1491,11 @@ impl SslRef { pub fn set_ex_data<T>(&mut self, index: Index<Ssl, T>, data: T) { unsafe { let data = Box::new(data); - ffi::SSL_set_ex_data(self.as_ptr(), index.as_raw(), Box::into_raw(data) as *mut c_void); + ffi::SSL_set_ex_data( + self.as_ptr(), + index.as_raw(), + Box::into_raw(data) as *mut c_void, + ); } } @@ -1451,7 +1536,8 @@ impl Ssl { /// OpenSSL's default configuration is insecure. It is highly recommended to use /// `SslConnector` rather than `Ssl` directly, as it manages that configuration. pub fn connect<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>> - where S: Read + Write + where + S: Read + Write, { let mut stream = SslStream::new_base(self, stream); let ret = unsafe { ffi::SSL_connect(stream.ssl.as_ptr()) }; @@ -1462,15 +1548,15 @@ impl Ssl { e @ Error::WantWrite(_) | e @ Error::WantRead(_) => { Err(HandshakeError::Interrupted(MidHandshakeSslStream { - stream: stream, - error: e, - })) + stream: stream, + error: e, + })) } err => { Err(HandshakeError::Failure(MidHandshakeSslStream { - stream: stream, - error: err, - })) + stream: stream, + error: err, + })) } } } @@ -1483,7 +1569,8 @@ impl Ssl { /// OpenSSL's default configuration is insecure. It is highly recommended to use /// `SslAcceptor` rather than `Ssl` directly, as it manages that configuration. pub fn accept<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>> - where S: Read + Write + where + S: Read + Write, { let mut stream = SslStream::new_base(self, stream); let ret = unsafe { ffi::SSL_accept(stream.ssl.as_ptr()) }; @@ -1494,15 +1581,15 @@ impl Ssl { e @ Error::WantWrite(_) | e @ Error::WantRead(_) => { Err(HandshakeError::Interrupted(MidHandshakeSslStream { - stream: stream, - error: e, - })) + stream: stream, + error: e, + })) } err => { Err(HandshakeError::Failure(MidHandshakeSslStream { - stream: stream, - error: err, - })) + stream: stream, + error: err, + })) } } } @@ -1571,7 +1658,8 @@ pub struct SslStream<S> { } impl<S> fmt::Debug for SslStream<S> - where S: fmt::Debug +where + S: fmt::Debug, { fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result { fmt.debug_struct("SslStream") @@ -1672,8 +1760,10 @@ impl<S> SslStream<S> { match self.get_bio_error() { Some(err) => Error::Stream(err), None => { - Error::Stream(io::Error::new(io::ErrorKind::ConnectionAborted, - "unexpected EOF observed")) + Error::Stream(io::Error::new( + io::ErrorKind::ConnectionAborted, + "unexpected EOF observed", + )) } } } else { @@ -1685,8 +1775,10 @@ impl<S> SslStream<S> { let err = match self.get_bio_error() { Some(err) => err, None => { - io::Error::new(io::ErrorKind::Other, - "BUG: got an SSL_ERROR_WANT_WRITE with no error in the BIO") + io::Error::new( + io::ErrorKind::Other, + "BUG: got an SSL_ERROR_WANT_WRITE with no error in the BIO", + ) } }; Error::WantWrite(err) @@ -1695,15 +1787,19 @@ impl<S> SslStream<S> { let err = match self.get_bio_error() { Some(err) => err, None => { - io::Error::new(io::ErrorKind::Other, - "BUG: got an SSL_ERROR_WANT_WRITE with no error in the BIO") + io::Error::new( + io::ErrorKind::Other, + "BUG: got an SSL_ERROR_WANT_WRITE with no error in the BIO", + ) } }; Error::WantRead(err) } err => { - Error::Stream(io::Error::new(io::ErrorKind::InvalidData, - format!("unexpected error {}", err))) + Error::Stream(io::Error::new( + io::ErrorKind::InvalidData, + format!("unexpected error {}", err), + )) } } } @@ -1760,13 +1856,12 @@ impl<S: Read + Write> Read for SslStream<S> { impl<S: Read + Write> Write for SslStream<S> { fn write(&mut self, buf: &[u8]) -> io::Result<usize> { - self.ssl_write(buf) - .map_err(|e| match e { - Error::Stream(e) => e, - Error::WantRead(e) => e, - Error::WantWrite(e) => e, - e => io::Error::new(io::ErrorKind::Other, e), - }) + self.ssl_write(buf).map_err(|e| match e { + Error::Stream(e) => e, + Error::WantRead(e) => e, + Error::WantWrite(e) => e, + e => io::Error::new(io::ErrorKind::Other, e), + }) } fn flush(&mut self) -> io::Result<()> { @@ -1795,21 +1890,25 @@ mod compat { SSL_SESSION_get_master_key, SSL_is_server, SSL_SESSION_up_ref}; pub unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int { - ffi::CRYPTO_get_ex_new_index(ffi::CRYPTO_EX_INDEX_SSL_CTX, - 0, - ptr::null_mut(), - None, - None, - Some(f)) + ffi::CRYPTO_get_ex_new_index( + ffi::CRYPTO_EX_INDEX_SSL_CTX, + 0, + ptr::null_mut(), + None, + None, + Some(f), + ) } pub unsafe fn get_new_ssl_idx(f: ffi::CRYPTO_EX_free) -> c_int { - ffi::CRYPTO_get_ex_new_index(ffi::CRYPTO_EX_INDEX_SSL, - 0, - ptr::null_mut(), - None, - None, - Some(f)) + ffi::CRYPTO_get_ex_new_index( + ffi::CRYPTO_EX_INDEX_SSL, + 0, + ptr::null_mut(), + None, + None, + Some(f), + ) } pub fn tls_method() -> *const ffi::SSL_METHOD { @@ -1834,17 +1933,21 @@ mod compat { } pub unsafe fn SSL_CTX_set_options(ctx: *const ffi::SSL_CTX, op: c_ulong) -> c_ulong { - ffi::SSL_CTX_ctrl(ctx as *mut _, - ffi::SSL_CTRL_OPTIONS, - op as c_long, - ptr::null_mut()) as c_ulong + ffi::SSL_CTX_ctrl( + ctx as *mut _, + ffi::SSL_CTRL_OPTIONS, + op as c_long, + ptr::null_mut(), + ) as c_ulong } pub unsafe fn SSL_CTX_clear_options(ctx: *const ffi::SSL_CTX, op: c_ulong) -> c_ulong { - ffi::SSL_CTX_ctrl(ctx as *mut _, - ffi::SSL_CTRL_CLEAR_OPTIONS, - op as c_long, - ptr::null_mut()) as c_ulong + ffi::SSL_CTX_ctrl( + ctx as *mut _, + ffi::SSL_CTRL_CLEAR_OPTIONS, + op as c_long, + ptr::null_mut(), + ) as c_ulong } pub unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int { @@ -1856,18 +1959,21 @@ mod compat { } pub unsafe fn SSL_CTX_up_ref(ssl: *mut ffi::SSL_CTX) -> libc::c_int { - ffi::CRYPTO_add_lock(&mut (*ssl).references, - 1, - ffi::CRYPTO_LOCK_SSL_CTX, - "mod.rs\0".as_ptr() as *const _, - line!() as libc::c_int); + ffi::CRYPTO_add_lock( + &mut (*ssl).references, + 1, + ffi::CRYPTO_LOCK_SSL_CTX, + "mod.rs\0".as_ptr() as *const _, + line!() as libc::c_int, + ); 0 } - pub unsafe fn SSL_SESSION_get_master_key(session: *const ffi::SSL_SESSION, - out: *mut c_uchar, - mut outlen: size_t) - -> size_t { + pub unsafe fn SSL_SESSION_get_master_key( + session: *const ffi::SSL_SESSION, + out: *mut c_uchar, + mut outlen: size_t, + ) -> size_t { if outlen == 0 { return (*session).master_key_length as size_t; } @@ -1891,11 +1997,13 @@ mod compat { } pub unsafe fn SSL_SESSION_up_ref(ses: *mut ffi::SSL_SESSION) -> c_int { - ffi::CRYPTO_add_lock(&mut (*ses).references, - 1, - ffi::CRYPTO_LOCK_SSL_CTX, - "mod.rs\0".as_ptr() as *const _, - line!() as libc::c_int); + ffi::CRYPTO_add_lock( + &mut (*ses).references, + 1, + ffi::CRYPTO_LOCK_SSL_CTX, + "mod.rs\0".as_ptr() as *const _, + line!() as libc::c_int, + ); 0 } } diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index 48d83b78..ba89fcd6 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -19,8 +19,8 @@ use hash::MessageDigest; use ocsp::{OcspResponse, RESPONSE_STATUS_UNAUTHORIZED}; use ssl; use ssl::{SslMethod, HandshakeError, SslContext, SslStream, Ssl, ShutdownResult, - SslConnectorBuilder, SslAcceptorBuilder, Error, SSL_VERIFY_PEER, SSL_VERIFY_NONE, - STATUS_TYPE_OCSP}; + SslConnectorBuilder, SslAcceptorBuilder, Error, SSL_VERIFY_PEER, SSL_VERIFY_NONE, + STATUS_TYPE_OCSP}; use x509::{X509StoreContext, X509, X509Name, X509_FILETYPE_PEM}; #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] use x509::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS; @@ -75,11 +75,13 @@ impl Server { if let Some(mut input) = input { thread::spawn(move || input(stdin)); } - (Server { - p: child, - _temp: td, - }, - addr) + ( + Server { + p: child, + _temp: td, + }, + addr, + ) } fn new_tcp(args: &[&str]) -> (Server, TcpStream) { @@ -102,26 +104,31 @@ impl Server { #[allow(dead_code)] fn new_alpn() -> (Server, TcpStream) { - Server::new_tcp(&["-www", - "-nextprotoneg", - "http/1.1,spdy/3.1", - "-alpn", - "http/1.1,spdy/3.1"]) + Server::new_tcp( + &[ + "-www", + "-nextprotoneg", + "http/1.1,spdy/3.1", + "-alpn", + "http/1.1,spdy/3.1", + ], + ) } fn new_dtlsv1<I>(input: I) -> (Server, UdpConnected) - where I: IntoIterator<Item = &'static str>, - I::IntoIter: Send + 'static + where + I: IntoIterator<Item = &'static str>, + I::IntoIter: Send + 'static, { let mut input = input.into_iter(); - let (s, addr) = Server::spawn(&["-dtls1"], - Some(Box::new(move |mut io| { - for s in input.by_ref() { + let (s, addr) = Server::spawn( + &["-dtls1"], + Some(Box::new(move |mut io| for s in input.by_ref() { if io.write_all(s.as_bytes()).is_err() { break; } - } - }))); + })), + ); // Need to wait for the UDP socket to get bound in our child process, // but don't currently have a great way to do that so just wait for a // bit. @@ -199,9 +206,10 @@ macro_rules! run_test( ); ); -run_test!(new_ctx, |method, _| { - SslContext::builder(method).unwrap(); -}); +run_test!( + new_ctx, + |method, _| { SslContext::builder(method).unwrap(); } +); run_test!(verify_untrusted, |method, stream| { let mut ctx = SslContext::builder(method).unwrap(); @@ -325,10 +333,10 @@ run_test!(verify_trusted_get_error_err, |method, stream| { run_test!(verify_callback_data, |method, stream| { let mut ctx = SslContext::builder(method).unwrap(); -// Node id was generated as SHA256 hash of certificate "test/cert.pem" -// in DER format. -// Command: openssl x509 -in test/cert.pem -outform DER | openssl dgst -sha256 -// Please update if "test/cert.pem" will ever change + // Node id was generated as SHA256 hash of certificate "test/cert.pem" + // in DER format. + // Command: openssl x509 -in test/cert.pem -outform DER | openssl dgst -sha256 + // Please update if "test/cert.pem" will ever change let node_hash_str = "59172d9313e84459bcff27f967e79e6e9217e584"; let node_id = Vec::from_hex(node_hash_str).unwrap(); ctx.set_verify_callback(SSL_VERIFY_PEER, move |_preverify_ok, x509_ctx| { @@ -395,8 +403,10 @@ fn test_write_hits_stream() { let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); - ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM).unwrap(); - ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM).unwrap(); + ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM) + .unwrap(); + ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM) + .unwrap(); let stream = listener.accept().unwrap().0; let mut stream = Ssl::new(&ctx.build()).unwrap().accept(stream).unwrap(); @@ -488,7 +498,9 @@ fn test_read() { let mut stream = Ssl::new(&ctx.build()).unwrap().connect(tcp).unwrap(); stream.write_all("GET /\r\n\r\n".as_bytes()).unwrap(); stream.flush().unwrap(); - io::copy(&mut stream, &mut io::sink()).ok().expect("read error"); + io::copy(&mut stream, &mut io::sink()).ok().expect( + "read error", + ); } #[test] @@ -521,8 +533,10 @@ fn test_state() { let ctx = SslContext::builder(SslMethod::tls()).unwrap(); let stream = Ssl::new(&ctx.build()).unwrap().connect(tcp).unwrap(); assert_eq!(stream.ssl().state_string(), "SSLOK "); - assert_eq!(stream.ssl().state_string_long(), - "SSL negotiation finished successfully"); + assert_eq!( + stream.ssl().state_string_long(), + "SSL negotiation finished successfully" + ); } /// Tests that connecting with the client using ALPN, but the server not does not @@ -670,8 +684,10 @@ fn test_npn_server_advertise_multiple() { let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_npn_protocols(&[b"http/1.1", b"spdy/3.1"]).unwrap(); - assert!(ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM) - .is_ok()); + assert!( + ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM) + .is_ok() + ); ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM) .unwrap(); ctx.build() @@ -711,8 +727,10 @@ fn test_alpn_server_advertise_multiple() { let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]).unwrap(); - assert!(ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM) - .is_ok()); + assert!( + ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM) + .is_ok() + ); ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM) .unwrap(); ctx.build() @@ -752,8 +770,10 @@ fn test_alpn_server_select_none() { let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_verify(SSL_VERIFY_PEER); ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]).unwrap(); - assert!(ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM) - .is_ok()); + assert!( + ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM) + .is_ok() + ); ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM) .unwrap(); ctx.build() @@ -990,7 +1010,11 @@ fn flush_panic() { let stream = ExplodingStream(stream); let ctx = SslContext::builder(SslMethod::tls()).unwrap(); - let mut stream = Ssl::new(&ctx.build()).unwrap().connect(stream).ok().unwrap(); + let mut stream = Ssl::new(&ctx.build()) + .unwrap() + .connect(stream) + .ok() + .unwrap(); let _ = stream.flush(); } @@ -1040,7 +1064,9 @@ fn verify_valid_hostname() { ctx.set_verify(SSL_VERIFY_PEER); let mut ssl = Ssl::new(&ctx.build()).unwrap(); - ssl.param_mut().set_hostflags(X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); + ssl.param_mut().set_hostflags( + X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS, + ); ssl.param_mut().set_host("google.com").unwrap(); let s = TcpStream::connect("google.com:443").unwrap(); @@ -1063,7 +1089,9 @@ fn verify_invalid_hostname() { ctx.set_verify(SSL_VERIFY_PEER); let mut ssl = Ssl::new(&ctx.build()).unwrap(); - ssl.param_mut().set_hostflags(X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); + ssl.param_mut().set_hostflags( + X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS, + ); ssl.param_mut().set_host("foobar.com").unwrap(); let s = TcpStream::connect("google.com:443").unwrap(); @@ -1143,7 +1171,10 @@ fn connector_client_server_mozilla_intermediate() { }); let mut connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap(); - connector.builder_mut().set_ca_file("test/root-ca.pem").unwrap(); + connector + .builder_mut() + .set_ca_file("test/root-ca.pem") + .unwrap(); let connector = connector.build(); let stream = TcpStream::connect(("127.0.0.1", port)).unwrap(); @@ -1175,7 +1206,10 @@ fn connector_client_server_mozilla_modern() { }); let mut connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap(); - connector.builder_mut().set_ca_file("test/root-ca.pem").unwrap(); + connector + .builder_mut() + .set_ca_file("test/root-ca.pem") + .unwrap(); let connector = connector.build(); let stream = TcpStream::connect(("127.0.0.1", port)).unwrap(); @@ -1196,8 +1230,10 @@ fn shutdown() { thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); - ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM).unwrap(); - ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM).unwrap(); + ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM) + .unwrap(); + ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM) + .unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap(); let mut stream = ssl.accept(stream).unwrap(); @@ -1249,11 +1285,13 @@ fn tmp_dh_callback() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let port = listener.local_addr().unwrap().port(); - thread::spawn(move ||{ + thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); - ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM).unwrap(); - ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM).unwrap(); + ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM) + .unwrap(); + ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM) + .unwrap(); ctx.set_tmp_dh_callback(|_, _, _| { CALLED_BACK.store(true, Ordering::SeqCst); let dh = include_bytes!("../../../test/dhparams.pem"); @@ -1283,11 +1321,13 @@ fn tmp_ecdh_callback() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let port = listener.local_addr().unwrap().port(); - thread::spawn(move ||{ + thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); - ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM).unwrap(); - ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM).unwrap(); + ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM) + .unwrap(); + ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM) + .unwrap(); ctx.set_tmp_ecdh_callback(|_, _, _| { CALLED_BACK.store(true, Ordering::SeqCst); EcKey::new_by_curve_name(nid::X9_62_PRIME256V1) @@ -1312,11 +1352,13 @@ fn tmp_dh_callback_ssl() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let port = listener.local_addr().unwrap().port(); - thread::spawn(move ||{ + thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); - ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM).unwrap(); - ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM).unwrap(); + ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM) + .unwrap(); + ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM) + .unwrap(); let mut ssl = Ssl::new(&ctx.build()).unwrap(); ssl.set_tmp_dh_callback(|_, _, _| { CALLED_BACK.store(true, Ordering::SeqCst); @@ -1346,11 +1388,13 @@ fn tmp_ecdh_callback_ssl() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let port = listener.local_addr().unwrap().port(); - thread::spawn(move ||{ + thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); - ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM).unwrap(); - ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM).unwrap(); + ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM) + .unwrap(); + ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM) + .unwrap(); let mut ssl = Ssl::new(&ctx.build()).unwrap(); ssl.set_tmp_ecdh_callback(|_, _, _| { CALLED_BACK.store(true, Ordering::SeqCst); @@ -1402,8 +1446,10 @@ fn status_callbacks() { let guard = thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); - ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM).unwrap(); - ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM).unwrap(); + ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM) + .unwrap(); + ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM) + .unwrap(); ctx.set_status_callback(|ssl| { CALLED_BACK_SERVER.store(true, Ordering::SeqCst); let response = OcspResponse::create(RESPONSE_STATUS_UNAUTHORIZED, None).unwrap(); diff --git a/openssl/src/ssl/tests/select.rs b/openssl/src/ssl/tests/select.rs index abdf9339..36d5ed49 100644 --- a/openssl/src/ssl/tests/select.rs +++ b/openssl/src/ssl/tests/select.rs @@ -15,12 +15,13 @@ mod imp { } } - pub unsafe fn select<F: AsRawFd>(max: &F, - read: *mut fd_set, - write: *mut fd_set, - error: *mut fd_set, - timeout_ms: u32) - -> io::Result<bool> { + pub unsafe fn select<F: AsRawFd>( + max: &F, + read: *mut fd_set, + write: *mut fd_set, + error: *mut fd_set, + timeout_ms: u32, + ) -> io::Result<bool> { let mut timeout = libc::timeval { tv_sec: (timeout_ms / 1000) as libc::time_t, tv_usec: (timeout_ms % 1000 * 1000) as libc::suseconds_t, @@ -52,12 +53,13 @@ mod imp { set.fd_count += 1; } - pub unsafe fn select<F: AsRawSocket>(_max: &F, - read: *mut fd_set, - write: *mut fd_set, - error: *mut fd_set, - timeout_ms: u32) - -> io::Result<bool> { + pub unsafe fn select<F: AsRawSocket>( + _max: &F, + read: *mut fd_set, + write: *mut fd_set, + error: *mut fd_set, + timeout_ms: u32, + ) -> io::Result<bool> { let mut timeout = winsock2::timeval { tv_sec: (timeout_ms / 1000) as c_long, tv_usec: (timeout_ms % 1000 * 1000) as c_long, |