diff options
| author | Bastian Köcher <[email protected]> | 2018-03-10 00:15:03 +0100 |
|---|---|---|
| committer | Bastian Köcher <[email protected]> | 2018-03-10 00:15:03 +0100 |
| commit | a5d7f8a718bc16d8c7986ea13b8585af8f20a648 (patch) | |
| tree | 230c8413e6282d00673cb6724c8bbe40e7eec4f9 /openssl/src/x509/mod.rs | |
| parent | Extends the test to verify the certificate two times (diff) | |
| download | rust-openssl-a5d7f8a718bc16d8c7986ea13b8585af8f20a648.tar.xz rust-openssl-a5d7f8a718bc16d8c7986ea13b8585af8f20a648.zip | |
Moves store context init into its own function
Diffstat (limited to 'openssl/src/x509/mod.rs')
| -rw-r--r-- | openssl/src/x509/mod.rs | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 107bfe69..55e5c75d 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -107,30 +107,38 @@ impl X509StoreContextRef { unsafe { X509VerifyResult::from_raw(ffi::X509_STORE_CTX_get_error(self.as_ptr())) } } - /// Verifies a certificate with the given certificate store. + /// Initializes this context with the given certificate, certificates chain and certificate + /// store. /// For successive calls to this function, it is required to call `cleanup` in beforehand. /// /// * `trust` - The certificate store with the trusted certificates. /// * `cert` - The certificate that should be verified. /// * `cert_chain` - The certificates chain. /// - /// This corresponds to [`X509_STORE_CTX_init`] followed by [`X509_verify_cert`]. + /// This corresponds to [`X509_STORE_CTX_init`]. /// /// [`X509_STORE_CTX_init`]: https://www.openssl.org/docs/man1.0.2/crypto/X509_STORE_CTX_init.html + pub fn init(&mut self, trust: &store::X509StoreRef, cert: &X509Ref, + cert_chain: &StackRef<X509>) -> Result<(), ErrorStack> { + unsafe { + cvt(ffi::X509_STORE_CTX_init(self.as_ptr(), trust.as_ptr(), + cert.as_ptr(), cert_chain.as_ptr())).map(|_| ()) + } + } + + /// Verifies the stored certificate. + /// It is required to call `init` in beforehand, to initialize the required values. + /// + /// This corresponds to [`X509_verify_cert`]. + /// /// [`X509_verify_cert`]: https://www.openssl.org/docs/man1.0.2/crypto/X509_verify_cert.html /// /// # Result /// /// The Result must be `Ok(())` to be a valid certificate, otherwise the cert is not valid. - pub fn verify_cert(&mut self, trust: &store::X509StoreRef, cert: &X509Ref, - cert_chain: &StackRef<X509>) -> Result<(), ErrorStack> { + pub fn verify_cert(&mut self) -> Result<(), ErrorStack> { unsafe { - cvt(ffi::X509_STORE_CTX_init(self.as_ptr(), trust.as_ptr(), - cert.as_ptr(), cert_chain.as_ptr()))?; - - cvt(ffi::X509_verify_cert(self.as_ptr()))?; - - Ok(()) + cvt(ffi::X509_verify_cert(self.as_ptr())).map(|_| ()) } } |