3 files changed, 47 insertions, 7 deletions

diff --git a/openssl/src/ssl/bio.rs b/openssl/src/ssl/bio.rs
index 4adbfbe2..e53545d7 100644
--- a/openssl/src/ssl/bio.rs
+++ b/openssl/src/ssl/bio.rs
@@ -82,12 +82,12 @@ unsafe fn state<'a, S: 'a>(bio: *mut BIO) -> &'a mut StreamState<S> {
 }
 
 #[cfg(feature = "nightly")]
-fn recover<F, T>(f: F) -> Result<T, Box<Any + Send>> where F: FnOnce() -> T {
-    ::std::panic::recover(::std::panic::AssertRecoverSafe(f))
+fn catch_unwind<F, T>(f: F) -> Result<T, Box<Any + Send>> where F: FnOnce() -> T {
+    ::std::panic::catch_unwind(::std::panic::AssertUnwindSafe(f))
 }
 
 #[cfg(not(feature = "nightly"))]
-fn recover<F, T>(f: F) -> Result<T, Box<Any + Send>> where F: FnOnce() -> T {
+fn catch_unwind<F, T>(f: F) -> Result<T, Box<Any + Send>> where F: FnOnce() -> T {
     Ok(f())
 }
 
@@ -97,7 +97,7 @@ unsafe extern "C" fn bwrite<S: Write>(bio: *mut BIO, buf: *const c_char, len: c_
     let state = state::<S>(bio);
     let buf = slice::from_raw_parts(buf as *const _, len as usize);
 
-    match recover(|| state.stream.write(buf)) {
+    match catch_unwind(|| state.stream.write(buf)) {
         Ok(Ok(len)) => len as c_int,
         Ok(Err(err)) => {
             if retriable_error(&err) {
@@ -119,7 +119,7 @@ unsafe extern "C" fn bread<S: Read>(bio: *mut BIO, buf: *mut c_char, len: c_int)
     let state = state::<S>(bio);
     let buf = slice::from_raw_parts_mut(buf as *mut _, len as usize);
 
-    match recover(|| state.stream.read(buf)) {
+    match catch_unwind(|| state.stream.read(buf)) {
         Ok(Ok(len)) => len as c_int,
         Ok(Err(err)) => {
             if retriable_error(&err) {
@@ -154,7 +154,7 @@ unsafe extern "C" fn ctrl<S: Write>(bio: *mut BIO,
     if cmd == BIO_CTRL_FLUSH {
         let state = state::<S>(bio);
 
-        match recover(|| state.stream.flush()) {
+        match catch_unwind(|| state.stream.flush()) {
             Ok(Ok(())) => 1,
             Ok(Err(err)) => {
                 state.error = Some(err);
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 7b5cf492..4b3a4385 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -612,6 +612,15 @@ impl SslContext {
         wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as i32 })
     }
 
+    /// Use the default locations of trusted certificates for verification.
+    ///
+    /// These locations are read from the `SSL_CERT_FILE` and `SSL_CERT_DIR`
+    /// environment variables if present, or defaults specified at OpenSSL
+    /// build time otherwise.
+    pub fn set_default_verify_paths(&mut self) -> Result<(), SslError> {
+        wrap_ssl_result(unsafe { ffi::SSL_CTX_set_default_verify_paths(self.ctx) })
+    }
+
     #[allow(non_snake_case)]
     /// Specifies the file that contains trusted CA certificates.
     pub fn set_CA_file<P: AsRef<Path>>(&mut self, file: P) -> Result<(), SslError> {
@@ -621,6 +630,20 @@ impl SslContext {
         })
     }
 
+    /// Set the context identifier for sessions
+    ///
+    /// This value identifies the server's session cache to a clients, telling them when they're
+    /// able to reuse sessions. Should be set to a unique value per server, unless multiple servers
+    /// share a session cache.
+    ///
+    /// This value should be set when using client certificates, or each request will fail
+    /// handshake and need to be restarted.
+    pub fn set_session_id_context(&mut self, sid_ctx: &[u8]) -> Result<(), SslError> {
+        wrap_ssl_result(unsafe {
+            ffi::SSL_CTX_set_session_id_context(self.ctx, sid_ctx.as_ptr(), sid_ctx.len() as u32)
+        })
+    }
+
     /// Specifies the file that contains certificate
     pub fn set_certificate_file<P: AsRef<Path>>(&mut self,
                                                 file: P,
@@ -1309,7 +1332,7 @@ impl<S> SslStream<S> {
     #[cfg(feature = "nightly")]
     fn check_panic(&mut self) {
         if let Some(err) = unsafe { bio::take_panic::<S>(self.ssl.get_raw_rbio()) } {
-            ::std::panic::propagate(err)
+            ::std::panic::resume_unwind(err)
         }
     }
 
diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs
index be35d7ef..15811d99 100644
--- a/openssl/src/ssl/tests/mod.rs
+++ b/openssl/src/ssl/tests/mod.rs
@@ -1059,3 +1059,20 @@ fn refcount_ssl_context() {
         let _new_ctx_b = ssl.set_ssl_context(&new_ctx_a);
     }
 }
+
+#[test]
+fn default_verify_paths() {
+    let mut ctx = SslContext::new(SslMethod::Sslv23).unwrap();
+    ctx.set_default_verify_paths().unwrap();
+    ctx.set_verify(SSL_VERIFY_PEER, None);
+    let s = TcpStream::connect("google.com:443").unwrap();
+    let mut socket = SslStream::connect(&ctx, s).unwrap();
+
+    socket.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();
+    let mut result = vec![];
+    socket.read_to_end(&mut result).unwrap();
+
+    println!("{}", String::from_utf8_lossy(&result));
+    assert!(result.starts_with(b"HTTP/1.0"));
+    assert!(result.ends_with(b"</HTML>\r\n") || result.ends_with(b"</html>"));
+}