aboutsummaryrefslogtreecommitdiff
path: root/openssl/src/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/src/ssl')
-rw-r--r--openssl/src/ssl/connector.rs23
-rw-r--r--openssl/src/ssl/mod.rs16
-rw-r--r--openssl/src/ssl/tests/mod.rs23
3 files changed, 23 insertions, 39 deletions
diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs
index 752126e0..a1bcfa77 100644
--- a/openssl/src/ssl/connector.rs
+++ b/openssl/src/ssl/connector.rs
@@ -5,7 +5,7 @@ use error::ErrorStack;
use ssl::{self, SslMethod, SslContextBuilder, SslContext, Ssl, SSL_VERIFY_PEER, SslStream,
HandshakeError};
use pkey::PKey;
-use x509::X509Ref;
+use x509::X509;
use types::Ref;
// apps/dh2048.pem
@@ -118,11 +118,11 @@ impl SslAcceptorBuilder {
/// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS
pub fn mozilla_intermediate<I>(method: SslMethod,
private_key: &Ref<PKey>,
- certificate: &X509Ref,
+ certificate: &Ref<X509>,
chain: I)
-> Result<SslAcceptorBuilder, ErrorStack>
where I: IntoIterator,
- I::Item: AsRef<X509Ref>
+ I::Item: AsRef<Ref<X509>>
{
let mut ctx = try!(ctx(method));
let dh = try!(Dh::from_pem(DHPARAM_PEM.as_bytes()));
@@ -153,11 +153,11 @@ impl SslAcceptorBuilder {
/// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS
pub fn mozilla_modern<I>(method: SslMethod,
private_key: &Ref<PKey>,
- certificate: &X509Ref,
+ certificate: &Ref<X509>,
chain: I)
-> Result<SslAcceptorBuilder, ErrorStack>
where I: IntoIterator,
- I::Item: AsRef<X509Ref>
+ I::Item: AsRef<Ref<X509>>
{
let mut ctx = try!(ctx(method));
try!(setup_curves(&mut ctx));
@@ -171,11 +171,11 @@ impl SslAcceptorBuilder {
fn finish_setup<I>(mut ctx: SslContextBuilder,
private_key: &Ref<PKey>,
- certificate: &X509Ref,
+ certificate: &Ref<X509>,
chain: I)
-> Result<SslAcceptorBuilder, ErrorStack>
where I: IntoIterator,
- I::Item: AsRef<X509Ref>
+ I::Item: AsRef<Ref<X509>>
{
try!(ctx.set_private_key(private_key));
try!(ctx.set_certificate(certificate));
@@ -255,11 +255,12 @@ mod verify {
use std::net::IpAddr;
use nid;
- use x509::{X509StoreContextRef, X509Ref, GeneralNames, X509NameRef};
+ use x509::{X509StoreContext, X509, GeneralNames, X509Name};
+ use types::Ref;
pub fn verify_callback(domain: &str,
preverify_ok: bool,
- x509_ctx: &X509StoreContextRef)
+ x509_ctx: &Ref<X509StoreContext>)
-> bool {
if !preverify_ok || x509_ctx.error_depth() != 0 {
return preverify_ok;
@@ -271,7 +272,7 @@ mod verify {
}
}
- fn verify_hostname(domain: &str, cert: &X509Ref) -> bool {
+ fn verify_hostname(domain: &str, cert: &Ref<X509>) -> bool {
match cert.subject_alt_names() {
Some(names) => verify_subject_alt_names(domain, &names),
None => verify_subject_name(domain, &cert.subject_name()),
@@ -303,7 +304,7 @@ mod verify {
false
}
- fn verify_subject_name(domain: &str, subject_name: &X509NameRef) -> bool {
+ fn verify_subject_name(domain: &str, subject_name: &Ref<X509Name>) -> bool {
if let Some(pattern) = subject_name.text_by_nid(nid::COMMONNAME) {
// Unlike with SANs, IP addresses in the subject name don't have a
// different encoding. We need to pass this down to matches_dns to
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 42c38980..68d411c7 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -92,7 +92,7 @@ use ffi;
use {init, cvt, cvt_p};
use dh::Dh;
use ec_key::EcKey;
-use x509::{X509StoreContextRef, X509FileType, X509, X509Ref, X509VerifyError};
+use x509::{X509StoreContext, X509FileType, X509, X509VerifyError};
#[cfg(any(ossl102, ossl110))]
use verify::X509VerifyParam;
use pkey::PKey;
@@ -262,7 +262,7 @@ fn get_new_ssl_idx<T>() -> c_int {
}
extern "C" fn raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int
- where F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send
+ where F: Fn(bool, &Ref<X509StoreContext>) -> bool + Any + 'static + Sync + Send
{
unsafe {
let idx = ffi::SSL_get_ex_data_X509_STORE_CTX_idx();
@@ -271,14 +271,14 @@ extern "C" fn raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_
let verify = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_verify_data_idx::<F>());
let verify: &F = &*(verify as *mut F);
- let ctx = X509StoreContextRef::from_ptr(x509_ctx);
+ let ctx = Ref::from_ptr(x509_ctx);
verify(preverify_ok != 0, ctx) as c_int
}
}
extern "C" fn ssl_raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int
- where F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send
+ where F: Fn(bool, &Ref<X509StoreContext>) -> bool + Any + 'static + Sync + Send
{
unsafe {
let idx = ffi::SSL_get_ex_data_X509_STORE_CTX_idx();
@@ -286,7 +286,7 @@ extern "C" fn ssl_raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_ST
let verify = ffi::SSL_get_ex_data(ssl as *const _, get_ssl_verify_data_idx::<F>());
let verify: &F = &*(verify as *mut F);
- let ctx = X509StoreContextRef::from_ptr(x509_ctx);
+ let ctx = Ref::from_ptr(x509_ctx);
verify(preverify_ok != 0, ctx) as c_int
}
@@ -463,7 +463,7 @@ impl SslContextBuilder {
/// Configures the certificate verification method for new connections and
/// registers a verification callback.
pub fn set_verify_callback<F>(&mut self, mode: SslVerifyMode, verify: F)
- where F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send
+ where F: Fn(bool, &Ref<X509StoreContext>) -> bool + Any + 'static + Sync + Send
{
unsafe {
let verify = Box::new(verify);
@@ -584,7 +584,7 @@ impl SslContextBuilder {
}
/// Specifies the certificate
- pub fn set_certificate(&mut self, cert: &X509Ref) -> Result<(), ErrorStack> {
+ pub fn set_certificate(&mut self, cert: &Ref<X509>) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::SSL_CTX_use_certificate(self.as_ptr(), cert.as_ptr())).map(|_| ()) }
}
@@ -874,7 +874,7 @@ impl Ref<Ssl> {
/// to the certificate chain. It should return `true` if the certificate
/// chain is valid and `false` otherwise.
pub fn set_verify_callback<F>(&mut self, mode: SslVerifyMode, verify: F)
- where F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send
+ where F: Fn(bool, &Ref<X509StoreContext>) -> bool + Any + 'static + Sync + Send
{
unsafe {
let verify = Box::new(verify);
diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs
index a874fe3b..13b3a8a7 100644
--- a/openssl/src/ssl/tests/mod.rs
+++ b/openssl/src/ssl/tests/mod.rs
@@ -20,7 +20,7 @@ use ssl::SSL_VERIFY_PEER;
use ssl::{SslMethod, HandshakeError};
use ssl::{SslContext, SslStream, Ssl, ShutdownResult, SslConnectorBuilder, SslAcceptorBuilder,
Error};
-use x509::X509StoreContextRef;
+use x509::X509StoreContext;
use x509::X509FileType;
use x509::X509;
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
@@ -171,8 +171,9 @@ macro_rules! run_test(
use ssl::{SslContext, Ssl, SslStream};
use ssl::SSL_VERIFY_PEER;
use hash::MessageDigest;
- use x509::X509StoreContextRef;
+ use x509::X509StoreContext;
use serialize::hex::FromHex;
+ use types::Ref;
use super::Server;
#[test]
@@ -771,24 +772,6 @@ fn test_alpn_server_select_none() {
assert!(Ssl::new(&ctx.build()).unwrap().connect(stream).is_err());
}
-#[cfg(test)]
-mod dtlsv1 {
- use serialize::hex::FromHex;
- use std::net::TcpStream;
- use std::thread;
-
- use hash::MessageDigest;
- use ssl::SslMethod;
- use ssl::{SslContext, SslStream};
- use ssl::SSL_VERIFY_PEER;
- use x509::X509StoreContextRef;
-
- #[test]
- fn test_new_ctx() {
- SslContext::builder(SslMethod::dtls()).unwrap();
- }
-}
-
#[test]
#[cfg_attr(any(windows, target_arch = "arm"), ignore)] // FIXME(#467)
fn test_read_dtlsv1() {
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-13 01:32:00 +0000