diff options
| author | Benjamin Fry <[email protected]> | 2017-03-26 00:16:27 -0700 |
|---|---|---|
| committer | Bastian Köcher <[email protected]> | 2018-03-07 13:54:35 +0100 |
| commit | 6abac82f13c80a2726fc2e9a0f6913357e93a985 (patch) | |
| tree | 2b3a67b85aafd964194bee78d448ccc59272913e /openssl/src | |
| parent | add cleanup ffi to store context (diff) | |
| download | rust-openssl-6abac82f13c80a2726fc2e9a0f6913357e93a985.tar.xz rust-openssl-6abac82f13c80a2726fc2e9a0f6913357e93a985.zip | |
cleanup and add negative test
Diffstat (limited to 'openssl/src')
| -rw-r--r-- | openssl/src/x509/mod.rs | 13 | ||||
| -rw-r--r-- | openssl/src/x509/tests.rs | 16 |
2 files changed, 23 insertions, 6 deletions
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 0cfa8ada..6bb58dbd 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -117,18 +117,21 @@ impl X509StoreContextRef { /// # Result /// /// The Result must be `Some(None)` to be a valid certificate, otherwise the cert is not valid. - pub fn verify_cert(trust: store::X509Store, cert: X509, cert_chain: Stack<X509>) -> Result<Option<X509VerifyError>, ErrorStack> { + pub fn verify_cert(trust: store::X509Store, cert: X509, cert_chain: Stack<X509>) -> Result<(), ErrorStack> { unsafe { ffi::init(); let context = try!(cvt_p(ffi::X509_STORE_CTX_new()).map(|p| X509StoreContext(p))); try!(cvt(ffi::X509_STORE_CTX_init(context.as_ptr(), trust.as_ptr(), cert.as_ptr(), cert_chain.as_ptr())) .map(|_| ())); + + mem::forget(trust); + mem::forget(cert); + mem::forget(cert_chain); + + // verify_cert returns an error `<= 0` if there was a validation error try!(cvt(ffi::X509_verify_cert(context.as_ptr())).map(|_| ())); - let result = Ok(context.error()); - ffi::X509_STORE_CTX_cleanup(context.as_ptr()); - - result + Ok(()) } } diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 96d45742..7ea91432 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -303,5 +303,19 @@ fn test_verify_cert() { store_bldr.add_cert(ca).unwrap(); let store = store_bldr.build(); - assert!(X509StoreContext::verify_cert(store, cert, Stack::new().unwrap()).unwrap().is_none()); + assert!(X509StoreContext::verify_cert(store, cert, Stack::new().unwrap()).is_ok()); +} + +#[test] +fn test_verify_fails() { + let cert = include_bytes!("../../test/cert.pem"); + let cert = X509::from_pem(cert).unwrap(); + let ca = include_bytes!("../../test/alt_name_cert.pem"); + let ca = X509::from_pem(ca).unwrap(); + + let mut store_bldr = X509StoreBuilder::new().unwrap(); + store_bldr.add_cert(ca).unwrap(); + let store = store_bldr.build(); + + assert!(X509StoreContext::verify_cert(store, cert, Stack::new().unwrap()).is_err()); } |