aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--openssl-sys/src/lib.rs1
-rw-r--r--openssl/src/ssl/mod.rs11
-rw-r--r--openssl/src/ssl/tests/mod.rs8
-rw-r--r--openssl/src/x509/mod.rs11
4 files changed, 28 insertions, 3 deletions
diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index ab29f55c..be9de412 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -1073,6 +1073,7 @@ extern "C" {
pub fn X509_REQ_add_extensions(req: *mut X509_REQ, exts: *mut stack_st_X509_EXTENSION) -> c_int;
pub fn X509_REQ_sign(x: *mut X509_REQ, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int;
+ pub fn d2i_X509(a: *mut *mut X509, pp: *mut *mut c_uchar, length: c_long) -> *mut X509;
pub fn i2d_X509_bio(b: *mut BIO, x: *mut X509) -> c_int;
pub fn i2d_X509_REQ_bio(b: *mut BIO, x: *mut X509_REQ) -> c_int;
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 64a2ccaf..6e365af6 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -535,9 +535,14 @@ impl<'a> SslContextRef<'a> {
/// Adds a certificate to the certificate chain presented together with the
/// certificate specified using set_certificate()
pub fn add_extra_chain_cert(&mut self, cert: &X509Ref) -> Result<(), ErrorStack> {
- wrap_ssl_result(unsafe {
- ffi::SSL_CTX_add_extra_chain_cert(self.as_ptr(), cert.as_ptr()) as c_int
- })
+ // FIXME this should really just take an X509 by value
+ let der = try!(cert.to_der());
+ let cert = try!(X509::from_der(&der));
+ unsafe {
+ try_ssl!(ffi::SSL_CTX_add_extra_chain_cert(self.as_ptr(), cert.as_ptr()));
+ }
+ mem::forget(cert);
+ Ok(())
}
/// Specifies the file that contains private key
diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs
index 2881d4fe..3bbbed03 100644
--- a/openssl/src/ssl/tests/mod.rs
+++ b/openssl/src/ssl/tests/mod.rs
@@ -1081,3 +1081,11 @@ fn default_verify_paths() {
assert!(result.starts_with(b"HTTP/1.0"));
assert!(result.ends_with(b"</HTML>\r\n") || result.ends_with(b"</html>"));
}
+
+#[test]
+fn add_extra_chain_cert() {
+ let cert = include_bytes!("../../../test/cert.pem");
+ let cert = X509::from_pem(cert).unwrap();
+ let mut ctx = SslContext::new(SslMethod::Sslv23).unwrap();
+ ctx.add_extra_chain_cert(&cert).unwrap();
+}
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index 1319b75c..f5369447 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -1,4 +1,5 @@
use libc::{c_char, c_int, c_long, c_ulong, c_void};
+use std::cmp;
use std::ffi::CString;
use std::mem;
use std::ptr;
@@ -492,6 +493,16 @@ impl X509 {
X509::from_ptr(x509)
}
+ /// Reads a certificate from DER.
+ pub fn from_der(buf: &[u8]) -> Result<X509, ErrorStack> {
+ unsafe {
+ let mut ptr = buf.as_ptr() as *mut _;
+ let len = cmp::min(buf.len(), c_long::max_value() as usize) as c_long;
+ let x509 = try_ssl_null!(ffi::d2i_X509(ptr::null_mut(), &mut ptr, len));
+ Ok(X509::from_ptr(x509))
+ }
+ }
+
/// Reads a certificate from PEM.
pub fn from_pem(buf: &[u8]) -> Result<X509, ErrorStack> {
let mem_bio = try!(MemBioSlice::new(buf));
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-19 00:02:33 +0000