diff options
| author | Benjamin Fry <[email protected]> | 2017-03-20 22:28:15 -0700 |
|---|---|---|
| committer | Bastian Köcher <[email protected]> | 2018-03-07 13:51:58 +0100 |
| commit | d8a11973e2c9ccc5a806936edb2cccf28332bc5e (patch) | |
| tree | 823e6efa3faab61402fe41c3d7fba07884c42d2d /openssl/src | |
| parent | add comment about consuming self in verify_cert (diff) | |
| download | rust-openssl-d8a11973e2c9ccc5a806936edb2cccf28332bc5e.tar.xz rust-openssl-d8a11973e2c9ccc5a806936edb2cccf28332bc5e.zip | |
convert to raw pass-through methods
Diffstat (limited to 'openssl/src')
| -rw-r--r-- | openssl/src/x509/mod.rs | 26 | ||||
| -rw-r--r-- | openssl/src/x509/tests.rs | 4 |
2 files changed, 23 insertions, 7 deletions
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index cb5eca40..52907110 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -86,14 +86,20 @@ impl X509StoreContextRef { } } - /// Verifies the certificate associated in the `build()` method + /// Initializes the store context to verify the certificate. /// - /// This consumes self as the `X509StoreContext` must be reinitialized subsequent to any cally to verify. - pub fn verify_cert(self) -> Result<Option<X509VerifyError>, ErrorStack> { + /// This Context can only be used once, subsequent to any validation, the context must be reinitialized. + /// + /// # Arguments + /// + /// * `trust` - a store of the trusted chain of certificates, or CAs, to validated the certificate + /// * `cert` - certificate to validate + /// * `cert_chain` - the certificates chain + pub fn init(&self, trust: &store::X509StoreRef, cert: &X509Ref, cert_chain: &StackRef<X509>) -> Result<(), ErrorStack> { unsafe { - try!(cvt(ffi::X509_verify_cert(self.as_ptr())).map(|_| ())) + cvt(ffi::X509_STORE_CTX_init(self.as_ptr(), trust.as_ptr(), cert.as_ptr(), cert_chain.as_ptr())) + .map(|_| ()) } - Ok(self.error()) } /// Returns the error code of the context. @@ -105,6 +111,16 @@ impl X509StoreContextRef { unsafe { X509VerifyResult::from_raw(ffi::X509_STORE_CTX_get_error(self.as_ptr())) } } + /// Verifies the certificate associated in the `init()` method + /// + /// This consumes self as the `X509StoreContext` must be reinitialized subsequent to any cally to verify. + pub fn verify_cert(&self) -> Result<Option<X509VerifyError>, ErrorStack> { + unsafe { + try!(cvt(ffi::X509_verify_cert(self.as_ptr())).map(|_| ())) + } + Ok(self.error()) + } + /// Set the error code of the context. /// /// This corresponds to [`X509_STORE_CTX_set_error`]. diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index b6303ade..6ef4f18e 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -303,8 +303,8 @@ fn test_verify_cert() { store_bldr.add_cert(ca).unwrap(); let store = store_bldr.build(); - let store_ctx_bldr = X509StoreContext::builder().unwrap(); - let store_ctx = store_ctx_bldr.build(&store, &cert, &Stack::new().unwrap()).unwrap(); + let store_ctx = X509StoreContext::new().unwrap(); + store_ctx.init(&store, &cert, &Stack::new().unwrap()).unwrap(); assert!(store_ctx.verify_cert().unwrap().is_none()); } |