diff options
| author | Steven Fackler <[email protected]> | 2018-03-11 14:06:57 -0700 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2018-03-11 14:08:34 -0700 |
| commit | 4ee7e0d3a9398cf9deb9f72fd978fd3cab86db0e (patch) | |
| tree | b5f16a26c39466e3c69f2fec9a192475b6d489ef /openssl/src/x509/mod.rs | |
| parent | Merge pull request #861 from bkchr/verify_certificate (diff) | |
| download | rust-openssl-4ee7e0d3a9398cf9deb9f72fd978fd3cab86db0e.tar.xz rust-openssl-4ee7e0d3a9398cf9deb9f72fd978fd3cab86db0e.zip | |
Tweak verify_cert's signature
The call can fail either due to an invalid cert or an internal error,
and we should distinguish between the two.
Diffstat (limited to 'openssl/src/x509/mod.rs')
| -rw-r--r-- | openssl/src/x509/mod.rs | 50 |
1 files changed, 24 insertions, 26 deletions
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 146a77b0..ef4b57e5 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -122,22 +122,33 @@ impl X509StoreContextRef { /// /// [`X509_STORE_CTX_init`]: https://www.openssl.org/docs/man1.0.2/crypto/X509_STORE_CTX_init.html /// [`X509_STORE_CTX_cleanup`]: https://www.openssl.org/docs/man1.0.2/crypto/X509_STORE_CTX_cleanup.html - pub fn init<F, T>(&mut self, trust: &store::X509StoreRef, cert: &X509Ref, - cert_chain: &StackRef<X509>, with_context: F) -> Result<T, ErrorStack> + pub fn init<F, T>( + &mut self, + trust: &store::X509StoreRef, + cert: &X509Ref, + cert_chain: &StackRef<X509>, + with_context: F, + ) -> Result<T, ErrorStack> where - F: FnOnce(&mut X509StoreContextRef) -> Result<T, ErrorStack> + F: FnOnce(&mut X509StoreContextRef) -> Result<T, ErrorStack>, { struct Cleanup<'a>(&'a mut X509StoreContextRef); impl<'a> Drop for Cleanup<'a> { fn drop(&mut self) { - self.0.cleanup(); + unsafe { + ffi::X509_STORE_CTX_cleanup(self.0.as_ptr()); + } } } unsafe { - cvt(ffi::X509_STORE_CTX_init(self.as_ptr(), trust.as_ptr(), - cert.as_ptr(), cert_chain.as_ptr()))?; + cvt(ffi::X509_STORE_CTX_init( + self.as_ptr(), + trust.as_ptr(), + cert.as_ptr(), + cert_chain.as_ptr(), + ))?; let cleanup = Cleanup(self); with_context(cleanup.0) @@ -145,30 +156,17 @@ impl X509StoreContextRef { } /// Verifies the stored certificate. - /// It is required to call `init` in beforehand, to initialize the required values. /// - /// This corresponds to [`X509_verify_cert`]. - /// - /// [`X509_verify_cert`]: https://www.openssl.org/docs/man1.0.2/crypto/X509_verify_cert.html + /// Returns `true` if verification succeeds. The `error` method will return the specific + /// validation error if the certificate was not valid. /// - /// # Result - /// - /// The Result must be `Ok(())` to be a valid certificate, otherwise the cert is not valid. - pub fn verify_cert(&mut self) -> Result<(), ErrorStack> { - unsafe { - cvt(ffi::X509_verify_cert(self.as_ptr())).map(|_| ()) - } - } - - /// Cleans-up the context. + /// This will only work inside of a call to `init`. /// - /// This corresponds to [`X509_STORE_CTX_cleanup`]. + /// This corresponds to [`X509_verify_cert`]. /// - /// [`X509_STORE_CTX_cleanup`]: https://www.openssl.org/docs/man1.0.2/crypto/X509_STORE_CTX_cleanup.html - fn cleanup(&mut self) { - unsafe { - ffi::X509_STORE_CTX_cleanup(self.as_ptr()); - } + /// [`X509_verify_cert`]: https://www.openssl.org/docs/man1.0.2/crypto/X509_verify_cert.html + pub fn verify_cert(&mut self) -> Result<bool, ErrorStack> { + unsafe { cvt_n(ffi::X509_verify_cert(self.as_ptr())).map(|n| n != 0) } } /// Set the error code of the context. |