diff options
Diffstat (limited to 'openssl/src/ssl/mod.rs')
| -rw-r--r-- | openssl/src/ssl/mod.rs | 85 |
1 files changed, 60 insertions, 25 deletions
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 955f10fd..8e6d061d 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -26,8 +26,7 @@ use std::os::windows::io::{AsRawSocket, RawSocket}; use ffi; use ffi_extras; use dh::DH; -use ssl::error::{NonblockingSslError, SslError, StreamError, OpenSslErrors, OpenSslError, - OpensslError}; +use ssl::error::{NonblockingSslError, SslError, OpenSslError, OpensslError}; use x509::{X509StoreContext, X509FileType, X509}; use crypto::pkey::PKey; @@ -482,6 +481,8 @@ fn wrap_ssl_result(res: c_int) -> Result<(), SslError> { } /// An SSL context object +/// +/// Internally ref-counted, use `.clone()` in the same way as Rc and Arc. pub struct SslContext { ctx: *mut ffi::SSL_CTX, } @@ -489,6 +490,12 @@ pub struct SslContext { unsafe impl Send for SslContext {} unsafe impl Sync for SslContext {} +impl Clone for SslContext { + fn clone(&self) -> Self { + unsafe { SslContext::new_ref(self.ctx) } + } +} + // TODO: add useful info here impl fmt::Debug for SslContext { fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result { @@ -503,6 +510,12 @@ impl Drop for SslContext { } impl SslContext { + // Create a new SslContext given an existing ref, and incriment ref-count appropriately. + unsafe fn new_ref(ctx: *mut ffi::SSL_CTX) -> SslContext { + rust_SSL_CTX_clone(ctx); + SslContext { ctx: ctx } + } + /// Creates a new SSL context. pub fn new(method: SslMethod) -> Result<SslContext, SslError> { init(); @@ -956,16 +969,27 @@ impl Ssl { } /// change the context corresponding to the current connection + /// + /// Returns a clone of the SslContext @ctx (ie: the new context). The old context is freed. pub fn set_ssl_context(&self, ctx: &SslContext) -> SslContext { - SslContext { ctx: unsafe { ffi::SSL_set_SSL_CTX(self.ssl, ctx.ctx) } } + // If duplication of @ctx's cert fails, this returns NULL. This _appears_ to only occur on + // allocation failures (meaning panicing is probably appropriate), but it might be nice to + // propogate the error. + assert!(unsafe { ffi::SSL_set_SSL_CTX(self.ssl, ctx.ctx) } != ptr::null_mut()); + + // FIXME: we return this reference here for compatibility, but it isn't actually required. + // This should be removed when a api-incompatabile version is to be released. + // + // ffi:SSL_set_SSL_CTX() returns copy of the ctx pointer passed to it, so it's easier for + // us to do the clone directly. + ctx.clone() } /// obtain the context corresponding to the current connection pub fn get_ssl_context(&self) -> SslContext { unsafe { let ssl_ctx = ffi::SSL_get_SSL_CTX(self.ssl); - rust_SSL_CTX_clone(ssl_ctx); - SslContext { ctx: ssl_ctx } + SslContext::new_ref(ssl_ctx) } } } @@ -1070,10 +1094,9 @@ impl<S: Read + Write> SslStream<S> { if ret > 0 { Ok(stream) } else { - match stream.make_error(ret) { - // This is fine - nonblocking sockets will finish the handshake in read/write - Error::WantRead(..) | Error::WantWrite(..) => Ok(stream), - _ => Err(stream.make_old_error(ret)), + match stream.make_old_error(ret) { + Some(err) => Err(err), + None => Ok(stream), } } } @@ -1086,10 +1109,9 @@ impl<S: Read + Write> SslStream<S> { if ret > 0 { Ok(stream) } else { - match stream.make_error(ret) { - // This is fine - nonblocking sockets will finish the handshake in read/write - Error::WantRead(..) | Error::WantWrite(..) => Ok(stream), - _ => Err(stream.make_old_error(ret)), + match stream.make_old_error(ret) { + Some(err) => Err(err), + None => Ok(stream), } } } @@ -1137,6 +1159,8 @@ impl<S: Read + Write> SslStream<S> { impl<S> SslStream<S> { fn make_error(&mut self, ret: c_int) -> Error { + self.check_panic(); + match self.ssl.get_error(ret) { LibSslError::ErrorSsl => Error::Ssl(OpenSslError::get_stack()), LibSslError::ErrorSyscall => { @@ -1162,9 +1186,11 @@ impl<S> SslStream<S> { } } - fn make_old_error(&mut self, ret: c_int) -> SslError { + fn make_old_error(&mut self, ret: c_int) -> Option<SslError> { + self.check_panic(); + match self.ssl.get_error(ret) { - LibSslError::ErrorSsl => SslError::get(), + LibSslError::ErrorSsl => Some(SslError::get()), LibSslError::ErrorSyscall => { let err = SslError::get(); let count = match err { @@ -1173,26 +1199,35 @@ impl<S> SslStream<S> { }; if count == 0 { if ret == 0 { - SslError::StreamError(io::Error::new(io::ErrorKind::ConnectionAborted, - "unexpected EOF observed")) + Some(SslError::StreamError(io::Error::new(io::ErrorKind::ConnectionAborted, + "unexpected EOF observed"))) } else { - SslError::StreamError(self.get_bio_error()) + Some(SslError::StreamError(self.get_bio_error())) } } else { - err + Some(err) } } - LibSslError::ErrorZeroReturn => SslError::SslSessionClosed, - LibSslError::ErrorWantWrite | LibSslError::ErrorWantRead => { - SslError::StreamError(self.get_bio_error()) - } + LibSslError::ErrorZeroReturn => Some(SslError::SslSessionClosed), + LibSslError::ErrorWantWrite | LibSslError::ErrorWantRead => None, err => { - SslError::StreamError(io::Error::new(io::ErrorKind::Other, - format!("unexpected error {:?}", err))) + Some(SslError::StreamError(io::Error::new(io::ErrorKind::Other, + format!("unexpected error {:?}", err)))) } } } + #[cfg(feature = "nightly")] + fn check_panic(&mut self) { + if let Some(err) = unsafe { bio::take_panic::<S>(self.ssl.get_raw_rbio()) } { + ::std::panic::propagate(err) + } + } + + #[cfg(not(feature = "nightly"))] + fn check_panic(&mut self) { + } + fn get_bio_error(&mut self) -> io::Error { let error = unsafe { bio::take_error::<S>(self.ssl.get_raw_rbio()) }; match error { |