diff options
| author | Steven Fackler <[email protected]> | 2016-11-12 00:24:12 +0000 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2016-11-12 00:24:12 +0000 |
| commit | 26a3358a2b70b46bf06403b2810c379f5299a551 (patch) | |
| tree | 40efb4305948a67660bd6bcdbdf12d25d3871945 /openssl/src | |
| parent | Consistently support both PEM and DER encodings (diff) | |
| download | rust-openssl-26a3358a2b70b46bf06403b2810c379f5299a551.tar.xz rust-openssl-26a3358a2b70b46bf06403b2810c379f5299a551.zip | |
Add basic X509_STORE access
There's more to do here, but this enabled addition of trusted CAs from
X509 objects.
Closes #394
Diffstat (limited to 'openssl/src')
| -rw-r--r-- | openssl/src/ssl/mod.rs | 11 | ||||
| -rw-r--r-- | openssl/src/ssl/tests/mod.rs | 14 | ||||
| -rw-r--r-- | openssl/src/x509/mod.rs | 1 | ||||
| -rw-r--r-- | openssl/src/x509/store.rs | 20 |
4 files changed, 46 insertions, 0 deletions
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index c92bf56b..1e0d2e66 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -94,6 +94,7 @@ use {init, cvt, cvt_p}; use dh::DhRef; use ec_key::EcKeyRef; use x509::{X509StoreContextRef, X509FileType, X509, X509Ref, X509VerifyError, X509Name}; +use x509::store::X509StoreBuilderRef; #[cfg(any(ossl102, ossl110))] use verify::X509VerifyParamRef; use pkey::PKeyRef; @@ -739,6 +740,16 @@ impl SslContextBuilder { unsafe { cvt(ffi::SSL_CTX_check_private_key(self.as_ptr())).map(|_| ()) } } + /// Returns a shared reference to the context's certificate store. + pub fn cert_store(&self) -> &X509StoreBuilderRef { + unsafe { X509StoreBuilderRef::from_ptr(ffi::SSL_CTX_get_cert_store(self.as_ptr())) } + } + + /// Returns a mutable reference to the context's certificate store. + pub fn cert_store_mut(&mut self) -> &mut X509StoreBuilderRef { + unsafe { X509StoreBuilderRef::from_ptr_mut(ffi::SSL_CTX_get_cert_store(self.as_ptr())) } + } + pub fn build(self) -> SslContext { let ctx = SslContext(self.0); mem::forget(self); diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index 96c0d585..fa7c6024 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -28,6 +28,7 @@ use std::net::UdpSocket; mod select; +static ROOT_CERT: &'static [u8] = include_bytes!("../../../test/root-ca.pem"); static CERT: &'static [u8] = include_bytes!("../../../test/cert.pem"); static KEY: &'static [u8] = include_bytes!("../../../test/key.pem"); @@ -1192,6 +1193,19 @@ fn client_ca_list() { ctx.set_client_ca_list(names); } +#[test] +fn cert_store() { + let (_s, tcp) = Server::new(); + + let cert = X509::from_pem(ROOT_CERT).unwrap(); + + let mut ctx = SslConnectorBuilder::new(SslMethod::tls()).unwrap(); + ctx.builder_mut().cert_store_mut().add_cert(cert).unwrap(); + let ctx = ctx.build(); + + ctx.connect("foobar.com", tcp).unwrap(); +} + fn _check_kinds() { fn is_send<T: Send>() {} fn is_sync<T: Sync>() {} diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index e98e6006..e7c633d0 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -36,6 +36,7 @@ pub mod verify; use x509::extension::{ExtensionType, Extension}; pub mod extension; +pub mod store; #[cfg(test)] mod tests; diff --git a/openssl/src/x509/store.rs b/openssl/src/x509/store.rs new file mode 100644 index 00000000..01eb0e2f --- /dev/null +++ b/openssl/src/x509/store.rs @@ -0,0 +1,20 @@ +use ffi; +use std::mem; + +use cvt; +use error::ErrorStack; +use types::OpenSslTypeRef; +use x509::X509; + +type_!(X509StoreBuilder, X509StoreBuilderRef, ffi::X509_STORE, ffi::X509_STORE_free); + +impl X509StoreBuilderRef { + /// Adds a certificate to the certificate store. + pub fn add_cert(&mut self, cert: X509) -> Result<(), ErrorStack> { + unsafe { + let ptr = cert.as_ptr(); + mem::forget(cert); // the cert will be freed inside of X509_STORE_add_cert on error + cvt(ffi::X509_STORE_add_cert(self.as_ptr(), ptr)).map(|_| ()) + } + } +} |