aboutsummaryrefslogtreecommitdiff
path: root/openssl/src
diff options
context:
space:
mode:
authorSteven Fackler <[email protected]>2016-10-30 22:02:26 -0700
committerSteven Fackler <[email protected]>2016-10-30 22:02:26 -0700
commit558124b7555539e09292b61be057d9ba24e64bf5 (patch)
tree13fc3f0badecbb6a46e1c2879704ae9acf0643f1 /openssl/src
parentRename set_CA_file (diff)
downloadrust-openssl-558124b7555539e09292b61be057d9ba24e64bf5.tar.xz
rust-openssl-558124b7555539e09292b61be057d9ba24e64bf5.zip
Expose SSL_MODEs
Diffstat (limited to 'openssl/src')
-rw-r--r--openssl/src/dh.rs5
-rw-r--r--openssl/src/hash.rs4
-rw-r--r--openssl/src/ssl/connector.rs46
-rw-r--r--openssl/src/ssl/mod.rs49
-rw-r--r--openssl/src/ssl/tests/mod.rs14
5 files changed, 64 insertions, 54 deletions
diff --git a/openssl/src/dh.rs b/openssl/src/dh.rs
index f2659eb3..5c5ea05e 100644
--- a/openssl/src/dh.rs
+++ b/openssl/src/dh.rs
@@ -27,10 +27,7 @@ impl Dh {
pub fn from_params(p: BigNum, g: BigNum, q: BigNum) -> Result<Dh, ErrorStack> {
unsafe {
let dh = Dh(try!(cvt_p(ffi::DH_new())));
- try!(cvt(compat::DH_set0_pqg(dh.0,
- p.as_ptr(),
- q.as_ptr(),
- g.as_ptr())));
+ try!(cvt(compat::DH_set0_pqg(dh.0, p.as_ptr(), q.as_ptr(), g.as_ptr())));
mem::forget((p, g, q));
Ok(dh)
}
diff --git a/openssl/src/hash.rs b/openssl/src/hash.rs
index c91976bf..6a13371d 100644
--- a/openssl/src/hash.rs
+++ b/openssl/src/hash.rs
@@ -135,9 +135,7 @@ impl Hasher {
try!(self.init());
}
unsafe {
- try!(cvt(ffi::EVP_DigestUpdate(self.ctx,
- data.as_ptr() as *mut _,
- data.len())));
+ try!(cvt(ffi::EVP_DigestUpdate(self.ctx, data.as_ptr() as *mut _, data.len())));
}
self.state = Updated;
Ok(())
diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs
index dd7656dd..c7bfb209 100644
--- a/openssl/src/ssl/connector.rs
+++ b/openssl/src/ssl/connector.rs
@@ -39,6 +39,10 @@ fn ctx(method: SslMethod) -> Result<SslContextBuilder, ErrorStack> {
opts |= ssl::SSL_OP_CIPHER_SERVER_PREFERENCE;
ctx.set_options(opts);
+ let mode = ssl::SSL_MODE_AUTO_RETRY | ssl::SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
+ ssl::SSL_MODE_ENABLE_PARTIAL_WRITE;
+ ctx.set_mode(mode);
+
Ok(ctx)
}
@@ -53,9 +57,9 @@ impl SslConnectorBuilder {
let mut ctx = try!(ctx(method));
try!(ctx.set_default_verify_paths());
// From https://github.com/python/cpython/blob/c30098c8c6014f3340a369a31df9c74bdbacc269/Lib/ssl.py#L191
- try!(ctx.set_cipher_list(
- "ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:ECDH+AES128:\
- DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:!aNULL:!eNULL:!MD5:!3DES"));
+ try!(ctx.set_cipher_list("ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:\
+ DH+AES256:ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:\
+ RSA+AES:RSA+HIGH:!aNULL:!eNULL:!MD5:!3DES"));
Ok(SslConnectorBuilder(ctx))
}
@@ -123,17 +127,20 @@ impl SslAcceptorBuilder {
let dh = try!(Dh::from_pem(DHPARAM_PEM.as_bytes()));
try!(ctx.set_tmp_dh(&dh));
try!(setup_curves(&mut ctx));
- try!(ctx.set_cipher_list(
- "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:\
- ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:\
- ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:\
- DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:\
- ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:\
- ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:\
- ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:\
- DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:\
- EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:\
- AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"));
+ try!(ctx.set_cipher_list("ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:\
+ ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:\
+ ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:\
+ DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:\
+ ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:\
+ ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:\
+ ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:\
+ ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:\
+ DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:\
+ DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:\
+ ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:\
+ EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:\
+ AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:\
+ DES-CBC3-SHA:!DSS"));
SslAcceptorBuilder::finish_setup(ctx, private_key, certificate, chain)
}
@@ -153,12 +160,11 @@ impl SslAcceptorBuilder {
{
let mut ctx = try!(ctx(method));
try!(setup_curves(&mut ctx));
- try!(ctx.set_cipher_list(
- "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:\
- ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:\
- ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:\
- ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:\
- ECDHE-RSA-AES128-SHA256"));
+ try!(ctx.set_cipher_list("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:\
+ ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:\
+ ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:\
+ ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:\
+ ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"));
SslAcceptorBuilder::finish_setup(ctx, private_key, certificate, chain)
}
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 2aea5af4..3aa509f4 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -108,12 +108,11 @@ mod tests;
use self::bio::BioMethod;
-pub use ssl::connector::{SslConnectorBuilder, SslConnector, SslAcceptorBuilder,
- SslAcceptor};
+pub use ssl::connector::{SslConnectorBuilder, SslConnector, SslAcceptorBuilder, SslAcceptor};
pub use ssl::error::{Error, HandshakeError};
bitflags! {
- pub flags SslOptions: c_ulong {
+ pub flags SslOption: c_ulong {
const SSL_OP_MICROSOFT_SESS_ID_BUG = ffi::SSL_OP_MICROSOFT_SESS_ID_BUG,
const SSL_OP_NETSCAPE_CHALLENGE_BUG = ffi::SSL_OP_NETSCAPE_CHALLENGE_BUG,
const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG =
@@ -154,6 +153,19 @@ bitflags! {
}
}
+bitflags! {
+ pub flags SslMode: c_long {
+ const SSL_MODE_ENABLE_PARTIAL_WRITE = ffi::SSL_MODE_ENABLE_PARTIAL_WRITE,
+ const SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = ffi::SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER,
+ const SSL_MODE_AUTO_RETRY = ffi::SSL_MODE_AUTO_RETRY,
+ const SSL_MODE_NO_AUTO_CHAIN = ffi::SSL_MODE_NO_AUTO_CHAIN,
+ const SSL_MODE_RELEASE_BUFFERS = ffi::SSL_MODE_RELEASE_BUFFERS,
+ const SSL_MODE_SEND_CLIENTHELLO_TIME = ffi::SSL_MODE_SEND_CLIENTHELLO_TIME,
+ const SSL_MODE_SEND_SERVERHELLO_TIME = ffi::SSL_MODE_SEND_SERVERHELLO_TIME,
+ const SSL_MODE_SEND_FALLBACK_SCSV = ffi::SSL_MODE_SEND_FALLBACK_SCSV,
+ }
+}
+
#[derive(Copy, Clone)]
pub struct SslMethod(*const ffi::SSL_METHOD);
@@ -426,16 +438,12 @@ impl Drop for SslContextBuilder {
impl SslContextBuilder {
pub fn new(method: SslMethod) -> Result<SslContextBuilder, ErrorStack> {
- init();
-
- let mut ctx = unsafe {
+ unsafe {
+ init();
let ctx = try!(cvt_p(ffi::SSL_CTX_new(method.as_ptr())));
- SslContextBuilder::from_ptr(ctx)
- };
-
- try!(ctx.set_mode(ffi::SSL_MODE_AUTO_RETRY | ffi::SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER));
- Ok(ctx)
+ Ok(SslContextBuilder::from_ptr(ctx))
+ }
}
pub unsafe fn from_ptr(ctx: *mut ffi::SSL_CTX) -> SslContextBuilder {
@@ -498,8 +506,11 @@ impl SslContextBuilder {
}
}
- fn set_mode(&mut self, mode: c_long) -> Result<(), ErrorStack> {
- unsafe { cvt(ffi::SSL_CTX_set_mode(self.as_ptr(), mode) as c_int).map(|_| ()) }
+ pub fn set_mode(&mut self, mode: SslMode) -> SslMode {
+ unsafe {
+ let mode = ffi::SSL_CTX_set_mode(self.as_ptr(), mode.bits());
+ SslMode::from_bits(mode).unwrap()
+ }
}
pub fn set_tmp_dh(&mut self, dh: &DhRef) -> Result<(), ErrorStack> {
@@ -630,19 +641,19 @@ impl SslContextBuilder {
unsafe { cvt(ffi::SSL_CTX_set_ecdh_auto(self.as_ptr(), onoff as c_int)).map(|_| ()) }
}
- pub fn set_options(&mut self, option: SslOptions) -> SslOptions {
+ pub fn set_options(&mut self, option: SslOption) -> SslOption {
let ret = unsafe { compat::SSL_CTX_set_options(self.as_ptr(), option.bits()) };
- SslOptions::from_bits(ret).unwrap()
+ SslOption::from_bits(ret).unwrap()
}
- pub fn options(&self) -> SslOptions {
+ pub fn options(&self) -> SslOption {
let ret = unsafe { compat::SSL_CTX_get_options(self.as_ptr()) };
- SslOptions::from_bits(ret).unwrap()
+ SslOption::from_bits(ret).unwrap()
}
- pub fn clear_options(&mut self, option: SslOptions) -> SslOptions {
+ pub fn clear_options(&mut self, option: SslOption) -> SslOption {
let ret = unsafe { compat::SSL_CTX_clear_options(self.as_ptr(), option.bits()) };
- SslOptions::from_bits(ret).unwrap()
+ SslOption::from_bits(ret).unwrap()
}
/// Set the protocols to be used during Next Protocol Negotiation (the protocols
diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs
index 61eac063..a874fe3b 100644
--- a/openssl/src/ssl/tests/mod.rs
+++ b/openssl/src/ssl/tests/mod.rs
@@ -18,8 +18,8 @@ use hash::MessageDigest;
use ssl;
use ssl::SSL_VERIFY_PEER;
use ssl::{SslMethod, HandshakeError};
-use ssl::{SslContext, SslStream, Ssl, ShutdownResult, SslConnectorBuilder,
- SslAcceptorBuilder, Error};
+use ssl::{SslContext, SslStream, Ssl, ShutdownResult, SslConnectorBuilder, SslAcceptorBuilder,
+ Error};
use x509::X509StoreContextRef;
use x509::X509FileType;
use x509::X509;
@@ -1115,12 +1115,10 @@ fn connector_client_server_mozilla_intermediate() {
let t = thread::spawn(move || {
let key = PKey::private_key_from_pem(KEY).unwrap();
let cert = X509::from_pem(CERT).unwrap();
- let connector = SslAcceptorBuilder::mozilla_intermediate(SslMethod::tls(),
- &key,
- &cert,
- None::<X509>)
- .unwrap()
- .build();
+ let connector =
+ SslAcceptorBuilder::mozilla_intermediate(SslMethod::tls(), &key, &cert, None::<X509>)
+ .unwrap()
+ .build();
let stream = listener.accept().unwrap().0;
let mut stream = connector.accept(stream).unwrap();
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-31 16:06:28 +0000