diff options
| author | Bastian Köcher <[email protected]> | 2018-03-10 00:15:03 +0100 |
|---|---|---|
| committer | Bastian Köcher <[email protected]> | 2018-03-10 00:15:03 +0100 |
| commit | a5d7f8a718bc16d8c7986ea13b8585af8f20a648 (patch) | |
| tree | 230c8413e6282d00673cb6724c8bbe40e7eec4f9 /openssl/src | |
| parent | Extends the test to verify the certificate two times (diff) | |
| download | rust-openssl-a5d7f8a718bc16d8c7986ea13b8585af8f20a648.tar.xz rust-openssl-a5d7f8a718bc16d8c7986ea13b8585af8f20a648.zip | |
Moves store context init into its own function
Diffstat (limited to 'openssl/src')
| -rw-r--r-- | openssl/src/x509/mod.rs | 28 | ||||
| -rw-r--r-- | openssl/src/x509/tests.rs | 9 |
2 files changed, 24 insertions, 13 deletions
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 107bfe69..55e5c75d 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -107,30 +107,38 @@ impl X509StoreContextRef { unsafe { X509VerifyResult::from_raw(ffi::X509_STORE_CTX_get_error(self.as_ptr())) } } - /// Verifies a certificate with the given certificate store. + /// Initializes this context with the given certificate, certificates chain and certificate + /// store. /// For successive calls to this function, it is required to call `cleanup` in beforehand. /// /// * `trust` - The certificate store with the trusted certificates. /// * `cert` - The certificate that should be verified. /// * `cert_chain` - The certificates chain. /// - /// This corresponds to [`X509_STORE_CTX_init`] followed by [`X509_verify_cert`]. + /// This corresponds to [`X509_STORE_CTX_init`]. /// /// [`X509_STORE_CTX_init`]: https://www.openssl.org/docs/man1.0.2/crypto/X509_STORE_CTX_init.html + pub fn init(&mut self, trust: &store::X509StoreRef, cert: &X509Ref, + cert_chain: &StackRef<X509>) -> Result<(), ErrorStack> { + unsafe { + cvt(ffi::X509_STORE_CTX_init(self.as_ptr(), trust.as_ptr(), + cert.as_ptr(), cert_chain.as_ptr())).map(|_| ()) + } + } + + /// Verifies the stored certificate. + /// It is required to call `init` in beforehand, to initialize the required values. + /// + /// This corresponds to [`X509_verify_cert`]. + /// /// [`X509_verify_cert`]: https://www.openssl.org/docs/man1.0.2/crypto/X509_verify_cert.html /// /// # Result /// /// The Result must be `Ok(())` to be a valid certificate, otherwise the cert is not valid. - pub fn verify_cert(&mut self, trust: &store::X509StoreRef, cert: &X509Ref, - cert_chain: &StackRef<X509>) -> Result<(), ErrorStack> { + pub fn verify_cert(&mut self) -> Result<(), ErrorStack> { unsafe { - cvt(ffi::X509_STORE_CTX_init(self.as_ptr(), trust.as_ptr(), - cert.as_ptr(), cert_chain.as_ptr()))?; - - cvt(ffi::X509_verify_cert(self.as_ptr()))?; - - Ok(()) + cvt(ffi::X509_verify_cert(self.as_ptr())).map(|_| ()) } } diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 8e89c3a0..9b630d0e 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -306,9 +306,11 @@ fn test_verify_cert() { let store = store_bldr.build(); let mut context = X509StoreContext::new().unwrap(); - assert!(context.verify_cert(&store, &cert, &chain).is_ok()); + assert!(context.init(&store, &cert, &chain).is_ok()); + assert!(context.verify_cert().is_ok()); context.cleanup(); - assert!(context.verify_cert(&store, &cert, &chain).is_ok()); + assert!(context.init(&store, &cert, &chain).is_ok()); + assert!(context.verify_cert().is_ok()); } #[test] @@ -324,5 +326,6 @@ fn test_verify_fails() { let store = store_bldr.build(); let mut context = X509StoreContext::new().unwrap(); - assert!(context.verify_cert(&store, &cert, &chain).is_err()); + assert!(context.init(&store, &cert, &chain).is_ok()); + assert!(context.verify_cert().is_err()); } |