diff options
| author | Steven Fackler <[email protected]> | 2016-07-31 15:15:47 -0700 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2016-07-31 15:15:47 -0700 |
| commit | f0ffa246b83102d70bc59f76d136981efdafb1e7 (patch) | |
| tree | 0f6036a20ba4eb7b333986206962abeb4bab6c2f /openssl/src/ssl | |
| parent | Revert "Add a new trait based Nid setup" (diff) | |
| parent | Merge pull request #402 from bbatha/feat/dsa-ffi (diff) | |
| download | rust-openssl-f0ffa246b83102d70bc59f76d136981efdafb1e7.tar.xz rust-openssl-f0ffa246b83102d70bc59f76d136981efdafb1e7.zip | |
Merge remote-tracking branch 'origin/master' into breaks
Diffstat (limited to 'openssl/src/ssl')
| -rw-r--r-- | openssl/src/ssl/bio.rs | 31 | ||||
| -rw-r--r-- | openssl/src/ssl/mod.rs | 39 | ||||
| -rw-r--r-- | openssl/src/ssl/tests/mod.rs | 37 |
3 files changed, 64 insertions, 43 deletions
diff --git a/openssl/src/ssl/bio.rs b/openssl/src/ssl/bio.rs index 44893b88..3ced1c95 100644 --- a/openssl/src/ssl/bio.rs +++ b/openssl/src/ssl/bio.rs @@ -23,16 +23,16 @@ pub struct BioMethod(ffi::BIO_METHOD); impl BioMethod { pub fn new<S: Read + Write>() -> BioMethod { BioMethod(ffi::BIO_METHOD { - type_: BIO_TYPE_NONE, - name: b"rust\0".as_ptr() as *const _, - bwrite: Some(bwrite::<S>), - bread: Some(bread::<S>), - bputs: Some(bputs::<S>), - bgets: None, - ctrl: Some(ctrl::<S>), - create: Some(create), - destroy: Some(destroy::<S>), - callback_ctrl: None, + type_: BIO_TYPE_NONE, + name: b"rust\0".as_ptr() as *const _, + bwrite: Some(bwrite::<S>), + bread: Some(bread::<S>), + bputs: Some(bputs::<S>), + bgets: None, + ctrl: Some(ctrl::<S>), + create: Some(create), + destroy: Some(destroy::<S>), + callback_ctrl: None, }) } } @@ -82,12 +82,16 @@ unsafe fn state<'a, S: 'a>(bio: *mut BIO) -> &'a mut StreamState<S> { } #[cfg(feature = "nightly")] -fn catch_unwind<F, T>(f: F) -> Result<T, Box<Any + Send>> where F: FnOnce() -> T { +fn catch_unwind<F, T>(f: F) -> Result<T, Box<Any + Send>> + where F: FnOnce() -> T +{ ::std::panic::catch_unwind(::std::panic::AssertUnwindSafe(f)) } #[cfg(not(feature = "nightly"))] -fn catch_unwind<F, T>(f: F) -> Result<T, Box<Any + Send>> where F: FnOnce() -> T { +fn catch_unwind<F, T>(f: F) -> Result<T, Box<Any + Send>> + where F: FnOnce() -> T +{ Ok(f()) } @@ -137,7 +141,8 @@ unsafe extern "C" fn bread<S: Read>(bio: *mut BIO, buf: *mut c_char, len: c_int) fn retriable_error(err: &io::Error) -> bool { match err.kind() { - io::ErrorKind::WouldBlock | io::ErrorKind::NotConnected => true, + io::ErrorKind::WouldBlock | + io::ErrorKind::NotConnected => true, _ => false, } } diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 89a7f7d4..b18df7b3 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -475,6 +475,8 @@ impl SslContext { SslMethod::Dtlsv1_2 => ctx.set_read_ahead(1), _ => {} } + // this is a bit dubious (?) + try!(ctx.set_mode(ffi::SSL_MODE_AUTO_RETRY | ffi::SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)); Ok(ctx) } @@ -527,6 +529,10 @@ impl SslContext { } } + fn set_mode(&self, mode: c_long) -> Result<(), ErrorStack> { + wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_mode(self.ctx, mode) as c_int }) + } + pub fn set_tmp_dh(&mut self, dh: DH) -> Result<(), ErrorStack> { wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as i32 }) } @@ -729,7 +735,7 @@ pub struct SslCipher<'a> { ph: PhantomData<&'a ()>, } -impl <'a> SslCipher<'a> { +impl<'a> SslCipher<'a> { /// Returns the name of cipher. pub fn name(&self) -> &'static str { let name = unsafe { @@ -753,12 +759,18 @@ impl <'a> SslCipher<'a> { /// Returns the number of bits used for the cipher. pub fn bits(&self) -> CipherBits { unsafe { - let algo_bits : *mut c_int = ptr::null_mut(); + let algo_bits: *mut c_int = ptr::null_mut(); let secret_bits = ffi::SSL_CIPHER_get_bits(self.cipher, algo_bits); if !algo_bits.is_null() { - CipherBits { secret: secret_bits, algorithm: Some(*algo_bits) } + CipherBits { + secret: secret_bits, + algorithm: Some(*algo_bits), + } } else { - CipherBits { secret: secret_bits, algorithm: None } + CipherBits { + secret: secret_bits, + algorithm: None, + } } } } @@ -853,7 +865,9 @@ impl Ssl { { unsafe { let verify = Box::new(verify); - ffi::SSL_set_ex_data(self.ssl, get_ssl_verify_data_idx::<F>(), mem::transmute(verify)); + ffi::SSL_set_ex_data(self.ssl, + get_ssl_verify_data_idx::<F>(), + mem::transmute(verify)); ffi::SSL_set_verify(self.ssl, mode.bits as c_int, Some(ssl_raw_verify::<F>)); } } @@ -865,7 +879,10 @@ impl Ssl { if ptr.is_null() { None } else { - Some(SslCipher{ cipher: ptr, ph: PhantomData }) + Some(SslCipher { + cipher: ptr, + ph: PhantomData, + }) } } } @@ -918,8 +935,8 @@ impl Ssl { /// Returns the name of the protocol used for the connection, e.g. "TLSv1.2", "SSLv3", etc. pub fn version(&self) -> &'static str { let version = unsafe { - let ptr = ffi::SSL_get_version(self.ssl); - CStr::from_ptr(ptr as *const _) + let ptr = ffi::SSL_get_version(self.ssl); + CStr::from_ptr(ptr as *const _) }; str::from_utf8(version.to_bytes()).unwrap() @@ -1038,7 +1055,8 @@ pub struct SslStream<S> { unsafe impl<S: Send> Send for SslStream<S> {} -impl<S> fmt::Debug for SslStream<S> where S: fmt::Debug +impl<S> fmt::Debug for SslStream<S> + where S: fmt::Debug { fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result { fmt.debug_struct("SslStream") @@ -1156,8 +1174,7 @@ impl<S> SslStream<S> { } #[cfg(not(feature = "nightly"))] - fn check_panic(&mut self) { - } + fn check_panic(&mut self) {} fn get_bio_error(&mut self) -> io::Error { let error = unsafe { bio::take_error::<S>(self.ssl.get_raw_rbio()) }; diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index 94bb4b4b..1fc0076b 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -196,7 +196,7 @@ macro_rules! run_test( use ssl::SslMethod; use ssl::{SslContext, Ssl, SslStream}; use ssl::SSL_VERIFY_PEER; - use crypto::hash::Type::SHA256; + use crypto::hash::Type::{SHA1, SHA256}; use x509::X509StoreContext; use serialize::hex::FromHex; use super::Server; @@ -236,7 +236,7 @@ run_test!(verify_untrusted, |method, stream| { match SslStream::connect(&ctx, stream) { Ok(_) => panic!("expected failure"), - Err(err) => println!("error {:?}", err) + Err(err) => println!("error {:?}", err), } }); @@ -246,11 +246,11 @@ run_test!(verify_trusted, |method, stream| { match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } match SslStream::connect(&ctx, stream) { Ok(_) => (), - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), } }); @@ -260,7 +260,7 @@ run_test!(verify_untrusted_callback_override_ok, |method, stream| { match SslStream::connect(&ctx, stream) { Ok(_) => (), - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), } }); @@ -277,11 +277,11 @@ run_test!(verify_trusted_callback_override_ok, |method, stream| { match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } match SslStream::connect(&ctx, stream) { Ok(_) => (), - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), } }); @@ -291,7 +291,7 @@ run_test!(verify_trusted_callback_override_bad, |method, stream| { match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } assert!(SslStream::connect(&ctx, stream).is_err()); }); @@ -315,7 +315,7 @@ run_test!(verify_trusted_get_error_ok, |method, stream| { match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } assert!(SslStream::connect(&ctx, stream).is_ok()); }); @@ -337,14 +337,14 @@ run_test!(verify_callback_data, |method, stream| { // in DER format. // Command: openssl x509 -in test/cert.pem -outform DER | openssl dgst -sha256 // Please update if "test/cert.pem" will ever change - let node_hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b"; + let node_hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6"; let node_id = node_hash_str.from_hex().unwrap(); ctx.set_verify_callback(SSL_VERIFY_PEER, move |_preverify_ok, x509_ctx| { let cert = x509_ctx.get_current_cert(); match cert { None => false, Some(cert) => { - let fingerprint = cert.fingerprint(SHA256).unwrap(); + let fingerprint = cert.fingerprint(SHA1).unwrap(); fingerprint == node_id } } @@ -353,7 +353,7 @@ run_test!(verify_callback_data, |method, stream| { match SslStream::connect(&ctx, stream) { Ok(_) => (), - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), } }); @@ -366,14 +366,14 @@ run_test!(ssl_verify_callback, |method, stream| { let ctx = SslContext::new(method).unwrap(); let mut ssl = ctx.into_ssl().unwrap(); - let node_hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b"; + let node_hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6"; let node_id = node_hash_str.from_hex().unwrap(); ssl.set_verify_callback(SSL_VERIFY_PEER, move |_, x509| { CHECKED.store(1, Ordering::SeqCst); match x509.get_current_cert() { None => false, Some(cert) => { - let fingerprint = cert.fingerprint(SHA256).unwrap(); + let fingerprint = cert.fingerprint(SHA1).unwrap(); fingerprint == node_id } } @@ -381,7 +381,7 @@ run_test!(ssl_verify_callback, |method, stream| { match SslStream::connect(ssl, stream) { Ok(_) => (), - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), } assert_eq!(CHECKED.load(Ordering::SeqCst), 1); @@ -475,11 +475,10 @@ fn test_write_direct() { } run_test!(get_peer_certificate, |method, stream| { - let stream = SslStream::connect(&SslContext::new(method).unwrap(), - stream).unwrap(); + let stream = SslStream::connect(&SslContext::new(method).unwrap(), stream).unwrap(); let cert = stream.ssl().peer_certificate().unwrap(); - let fingerprint = cert.fingerprint(SHA256).unwrap(); - let node_hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b"; + let fingerprint = cert.fingerprint(SHA1).unwrap(); + let node_hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6"; let node_id = node_hash_str.from_hex().unwrap(); assert_eq!(node_id, fingerprint) }); |