User-provided data in verify

author: Valerii Hiora <[email protected]> 2014-09-30 11:06:37 +0300
committer: Valerii Hiora <[email protected]> 2014-10-02 10:15:50 +0300
commit: fbb359720b24266938284edcd5cec46744379f1c (patch)
tree: 69648c3ed31e085403cd2a653fc869dc281eaba7 /src/ssl/mod.rs
parent: Merge pull request #57 from vhbit/mut-cleanup (diff)
download: rust-openssl-fbb359720b24266938284edcd5cec46744379f1c.tar.xz
rust-openssl-fbb359720b24266938284edcd5cec46744379f1c.zip
1 files changed, 82 insertions, 1 deletions
diff --git a/src/ssl/mod.rs b/src/ssl/mod.rs
index f034ed37..e1f35724 100644
--- a/src/ssl/mod.rs
+++ b/src/ssl/mod.rs
@@ -1,4 +1,4 @@
-use libc::{c_int, c_void, c_char};
+use libc::{c_int, c_void, c_char, c_long};
 use std::io::{IoResult, IoError, EndOfFile, Stream, Reader, Writer};
 use std::mem;
 use std::ptr;
@@ -82,6 +82,30 @@ pub enum SslVerifyMode {
     SslVerifyNone = ffi::SSL_VERIFY_NONE
 }
 
+// Creates a static index for user data of type T
+// Registers a destructor for the data which will be called
+// when context is freed
+fn get_verify_data_idx<T>() -> c_int {
+    static mut VERIFY_DATA_IDX: c_int = -1;
+    static mut INIT: Once = ONCE_INIT;
+
+    extern fn free_data_box<T>(_parent: *mut c_void, ptr: *mut c_void,
+                               _ad: *mut ffi::CRYPTO_EX_DATA, _idx: c_int,
+                               _argl: c_long, _argp: *mut c_void) {
+        let _: Box<T> = unsafe { mem::transmute(ptr) };
+    }
+
+    unsafe {
+        INIT.doit(|| {
+            let idx = ffi::SSL_CTX_get_ex_new_index(0, ptr::null(), None,
+                                                    None, Some(free_data_box::<T>));
+            assert!(idx >= 0);
+            VERIFY_DATA_IDX = idx;
+        });
+        VERIFY_DATA_IDX
+    }
+}
+
 extern fn locking_function(mode: c_int, n: c_int, _file: *const c_char,
                                _line: c_int) {
     unsafe {
@@ -113,10 +137,45 @@ extern fn raw_verify(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX)
     }
 }
 
+extern fn raw_verify_with_data<T>(preverify_ok: c_int,
+                                  x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int {
+    unsafe {
+        let idx = ffi::SSL_get_ex_data_X509_STORE_CTX_idx();
+        let ssl = ffi::X509_STORE_CTX_get_ex_data(x509_ctx, idx);
+        let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl);
+
+        let verify = ffi::SSL_CTX_get_ex_data(ssl_ctx, VERIFY_IDX);
+        let verify: Option<VerifyCallbackData<T>> = mem::transmute(verify);
+
+        let data = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_verify_data_idx::<T>());
+        let data: Box<T> = mem::transmute(data);
+
+        let ctx = X509StoreContext::new(x509_ctx);
+
+        let res = match verify {
+            None => preverify_ok,
+            Some(verify) => verify(preverify_ok != 0, &ctx, &*data) as c_int
+        };
+
+        // Since data might be required on the next verification
+        // it is time to forget about it and avoid dropping
+        // data will be freed once OpenSSL considers it is time
+        // to free all context data
+        mem::forget(data);
+        res
+    }
+}
+
 /// The signature of functions that can be used to manually verify certificates
 pub type VerifyCallback = fn(preverify_ok: bool,
                              x509_ctx: &X509StoreContext) -> bool;
 
+/// The signature of functions that can be used to manually verify certificates
+/// when user-data should be carried for all verification process
+pub type VerifyCallbackData<T> = fn(preverify_ok: bool,
+                                    x509_ctx: &X509StoreContext,
+                                    data: &T) -> bool;
+
 // FIXME: macro may be instead of inlining?
 #[inline]
 fn wrap_ssl_result(res: c_int) -> Option<SslError> {
@@ -161,6 +220,28 @@ impl SslContext {
         }
     }
 
+    /// Configures the certificate verification method for new connections also
+    /// carrying supplied data.
+    pub fn set_verify_with_data<T>(&mut self, mode: SslVerifyMode,
+                                   verify: Option<VerifyCallbackData<T>>,
+                                   data: T) {
+        let data = box data;
+        unsafe {
+            ffi::SSL_CTX_set_ex_data(self.ctx, VERIFY_IDX,
+                                     mem::transmute(verify));
+            ffi::SSL_CTX_set_ex_data(self.ctx, get_verify_data_idx::<T>(),
+                                     mem::transmute(data));
+            ffi::SSL_CTX_set_verify(self.ctx, mode as c_int, Some(raw_verify_with_data::<T>));
+        }
+    }
+
+    /// Sets verification depth
+    pub fn set_verify_depth(&mut self, depth: uint) {
+        unsafe {
+            ffi::SSL_CTX_set_verify_depth(self.ctx, depth as c_int);
+        }
+    }
+
     #[allow(non_snake_case)]
     /// Specifies the file that contains trusted CA certificates.
     pub fn set_CA_file(&mut self, file: &str) -> Option<SslError> {
author	Valerii Hiora <[email protected]>	2014-09-30 11:06:37 +0300
committer	Valerii Hiora <[email protected]>	2014-10-02 10:15:50 +0300
commit	fbb359720b24266938284edcd5cec46744379f1c (patch)
tree	69648c3ed31e085403cd2a653fc869dc281eaba7 /src/ssl/mod.rs
parent	Merge pull request #57 from vhbit/mut-cleanup (diff)
download	rust-openssl-fbb359720b24266938284edcd5cec46744379f1c.tar.xz rust-openssl-fbb359720b24266938284edcd5cec46744379f1c.zip