3 files changed, 64 insertions, 43 deletions

diff --git a/openssl/src/ssl/bio.rs b/openssl/src/ssl/bio.rs
index 44893b88..3ced1c95 100644
--- a/openssl/src/ssl/bio.rs
+++ b/openssl/src/ssl/bio.rs
@@ -23,16 +23,16 @@ pub struct BioMethod(ffi::BIO_METHOD);
 impl BioMethod {
     pub fn new<S: Read + Write>() -> BioMethod {
         BioMethod(ffi::BIO_METHOD {
-                type_: BIO_TYPE_NONE,
-                name: b"rust\0".as_ptr() as *const _,
-                bwrite: Some(bwrite::<S>),
-                bread: Some(bread::<S>),
-                bputs: Some(bputs::<S>),
-                bgets: None,
-                ctrl: Some(ctrl::<S>),
-                create: Some(create),
-                destroy: Some(destroy::<S>),
-                callback_ctrl: None,
+            type_: BIO_TYPE_NONE,
+            name: b"rust\0".as_ptr() as *const _,
+            bwrite: Some(bwrite::<S>),
+            bread: Some(bread::<S>),
+            bputs: Some(bputs::<S>),
+            bgets: None,
+            ctrl: Some(ctrl::<S>),
+            create: Some(create),
+            destroy: Some(destroy::<S>),
+            callback_ctrl: None,
         })
     }
 }
@@ -82,12 +82,16 @@ unsafe fn state<'a, S: 'a>(bio: *mut BIO) -> &'a mut StreamState<S> {
 }
 
 #[cfg(feature = "nightly")]
-fn catch_unwind<F, T>(f: F) -> Result<T, Box<Any + Send>> where F: FnOnce() -> T {
+fn catch_unwind<F, T>(f: F) -> Result<T, Box<Any + Send>>
+    where F: FnOnce() -> T
+{
     ::std::panic::catch_unwind(::std::panic::AssertUnwindSafe(f))
 }
 
 #[cfg(not(feature = "nightly"))]
-fn catch_unwind<F, T>(f: F) -> Result<T, Box<Any + Send>> where F: FnOnce() -> T {
+fn catch_unwind<F, T>(f: F) -> Result<T, Box<Any + Send>>
+    where F: FnOnce() -> T
+{
     Ok(f())
 }
 
@@ -137,7 +141,8 @@ unsafe extern "C" fn bread<S: Read>(bio: *mut BIO, buf: *mut c_char, len: c_int)
 
 fn retriable_error(err: &io::Error) -> bool {
     match err.kind() {
-        io::ErrorKind::WouldBlock | io::ErrorKind::NotConnected => true,
+        io::ErrorKind::WouldBlock |
+        io::ErrorKind::NotConnected => true,
         _ => false,
     }
 }
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 89a7f7d4..b18df7b3 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -475,6 +475,8 @@ impl SslContext {
             SslMethod::Dtlsv1_2 => ctx.set_read_ahead(1),
             _ => {}
         }
+        // this is a bit dubious (?)
+        try!(ctx.set_mode(ffi::SSL_MODE_AUTO_RETRY | ffi::SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER));
 
         Ok(ctx)
     }
@@ -527,6 +529,10 @@ impl SslContext {
         }
     }
 
+    fn set_mode(&self, mode: c_long) -> Result<(), ErrorStack> {
+        wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_mode(self.ctx, mode) as c_int })
+    }
+
     pub fn set_tmp_dh(&mut self, dh: DH) -> Result<(), ErrorStack> {
         wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as i32 })
     }
@@ -729,7 +735,7 @@ pub struct SslCipher<'a> {
     ph: PhantomData<&'a ()>,
 }
 
-impl <'a> SslCipher<'a> {
+impl<'a> SslCipher<'a> {
     /// Returns the name of cipher.
     pub fn name(&self) -> &'static str {
         let name = unsafe {
@@ -753,12 +759,18 @@ impl <'a> SslCipher<'a> {
     /// Returns the number of bits used for the cipher.
     pub fn bits(&self) -> CipherBits {
         unsafe {
-            let algo_bits : *mut c_int = ptr::null_mut();
+            let algo_bits: *mut c_int = ptr::null_mut();
             let secret_bits = ffi::SSL_CIPHER_get_bits(self.cipher, algo_bits);
             if !algo_bits.is_null() {
-                CipherBits { secret: secret_bits, algorithm: Some(*algo_bits) }
+                CipherBits {
+                    secret: secret_bits,
+                    algorithm: Some(*algo_bits),
+                }
             } else {
-                CipherBits { secret: secret_bits, algorithm: None }
+                CipherBits {
+                    secret: secret_bits,
+                    algorithm: None,
+                }
             }
         }
     }
@@ -853,7 +865,9 @@ impl Ssl {
     {
         unsafe {
             let verify = Box::new(verify);
-            ffi::SSL_set_ex_data(self.ssl, get_ssl_verify_data_idx::<F>(), mem::transmute(verify));
+            ffi::SSL_set_ex_data(self.ssl,
+                                 get_ssl_verify_data_idx::<F>(),
+                                 mem::transmute(verify));
             ffi::SSL_set_verify(self.ssl, mode.bits as c_int, Some(ssl_raw_verify::<F>));
         }
     }
@@ -865,7 +879,10 @@ impl Ssl {
             if ptr.is_null() {
                 None
             } else {
-                Some(SslCipher{ cipher: ptr, ph: PhantomData })
+                Some(SslCipher {
+                    cipher: ptr,
+                    ph: PhantomData,
+                })
             }
         }
     }
@@ -918,8 +935,8 @@ impl Ssl {
     /// Returns the name of the protocol used for the connection, e.g. "TLSv1.2", "SSLv3", etc.
     pub fn version(&self) -> &'static str {
         let version = unsafe {
-             let ptr = ffi::SSL_get_version(self.ssl);
-             CStr::from_ptr(ptr as *const _)
+            let ptr = ffi::SSL_get_version(self.ssl);
+            CStr::from_ptr(ptr as *const _)
         };
 
         str::from_utf8(version.to_bytes()).unwrap()
@@ -1038,7 +1055,8 @@ pub struct SslStream<S> {
 
 unsafe impl<S: Send> Send for SslStream<S> {}
 
-impl<S> fmt::Debug for SslStream<S> where S: fmt::Debug
+impl<S> fmt::Debug for SslStream<S>
+    where S: fmt::Debug
 {
     fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
         fmt.debug_struct("SslStream")
@@ -1156,8 +1174,7 @@ impl<S> SslStream<S> {
     }
 
     #[cfg(not(feature = "nightly"))]
-    fn check_panic(&mut self) {
-    }
+    fn check_panic(&mut self) {}
 
     fn get_bio_error(&mut self) -> io::Error {
         let error = unsafe { bio::take_error::<S>(self.ssl.get_raw_rbio()) };
diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs
index 94bb4b4b..1fc0076b 100644
--- a/openssl/src/ssl/tests/mod.rs
+++ b/openssl/src/ssl/tests/mod.rs
@@ -196,7 +196,7 @@ macro_rules! run_test(
             use ssl::SslMethod;
             use ssl::{SslContext, Ssl, SslStream};
             use ssl::SSL_VERIFY_PEER;
-            use crypto::hash::Type::SHA256;
+            use crypto::hash::Type::{SHA1, SHA256};
             use x509::X509StoreContext;
             use serialize::hex::FromHex;
             use super::Server;
@@ -236,7 +236,7 @@ run_test!(verify_untrusted, |method, stream| {
 
     match SslStream::connect(&ctx, stream) {
         Ok(_) => panic!("expected failure"),
-        Err(err) => println!("error {:?}", err)
+        Err(err) => println!("error {:?}", err),
     }
 });
 
@@ -246,11 +246,11 @@ run_test!(verify_trusted, |method, stream| {
 
     match ctx.set_CA_file(&Path::new("test/cert.pem")) {
         Ok(_) => {}
-        Err(err) => panic!("Unexpected error {:?}", err)
+        Err(err) => panic!("Unexpected error {:?}", err),
     }
     match SslStream::connect(&ctx, stream) {
         Ok(_) => (),
-        Err(err) => panic!("Expected success, got {:?}", err)
+        Err(err) => panic!("Expected success, got {:?}", err),
     }
 });
 
@@ -260,7 +260,7 @@ run_test!(verify_untrusted_callback_override_ok, |method, stream| {
 
     match SslStream::connect(&ctx, stream) {
         Ok(_) => (),
-        Err(err) => panic!("Expected success, got {:?}", err)
+        Err(err) => panic!("Expected success, got {:?}", err),
     }
 });
 
@@ -277,11 +277,11 @@ run_test!(verify_trusted_callback_override_ok, |method, stream| {
 
     match ctx.set_CA_file(&Path::new("test/cert.pem")) {
         Ok(_) => {}
-        Err(err) => panic!("Unexpected error {:?}", err)
+        Err(err) => panic!("Unexpected error {:?}", err),
     }
     match SslStream::connect(&ctx, stream) {
         Ok(_) => (),
-        Err(err) => panic!("Expected success, got {:?}", err)
+        Err(err) => panic!("Expected success, got {:?}", err),
     }
 });
 
@@ -291,7 +291,7 @@ run_test!(verify_trusted_callback_override_bad, |method, stream| {
 
     match ctx.set_CA_file(&Path::new("test/cert.pem")) {
         Ok(_) => {}
-        Err(err) => panic!("Unexpected error {:?}", err)
+        Err(err) => panic!("Unexpected error {:?}", err),
     }
     assert!(SslStream::connect(&ctx, stream).is_err());
 });
@@ -315,7 +315,7 @@ run_test!(verify_trusted_get_error_ok, |method, stream| {
 
     match ctx.set_CA_file(&Path::new("test/cert.pem")) {
         Ok(_) => {}
-        Err(err) => panic!("Unexpected error {:?}", err)
+        Err(err) => panic!("Unexpected error {:?}", err),
     }
     assert!(SslStream::connect(&ctx, stream).is_ok());
 });
@@ -337,14 +337,14 @@ run_test!(verify_callback_data, |method, stream| {
     // in DER format.
     // Command: openssl x509 -in test/cert.pem  -outform DER | openssl dgst -sha256
     // Please update if "test/cert.pem" will ever change
-    let node_hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b";
+    let node_hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6";
     let node_id = node_hash_str.from_hex().unwrap();
     ctx.set_verify_callback(SSL_VERIFY_PEER, move |_preverify_ok, x509_ctx| {
         let cert = x509_ctx.get_current_cert();
         match cert {
             None => false,
             Some(cert) => {
-                let fingerprint = cert.fingerprint(SHA256).unwrap();
+                let fingerprint = cert.fingerprint(SHA1).unwrap();
                 fingerprint == node_id
             }
         }
@@ -353,7 +353,7 @@ run_test!(verify_callback_data, |method, stream| {
 
     match SslStream::connect(&ctx, stream) {
         Ok(_) => (),
-        Err(err) => panic!("Expected success, got {:?}", err)
+        Err(err) => panic!("Expected success, got {:?}", err),
     }
 });
 
@@ -366,14 +366,14 @@ run_test!(ssl_verify_callback, |method, stream| {
     let ctx = SslContext::new(method).unwrap();
     let mut ssl = ctx.into_ssl().unwrap();
 
-    let node_hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b";
+    let node_hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6";
     let node_id = node_hash_str.from_hex().unwrap();
     ssl.set_verify_callback(SSL_VERIFY_PEER, move |_, x509| {
         CHECKED.store(1, Ordering::SeqCst);
         match x509.get_current_cert() {
             None => false,
             Some(cert) => {
-                let fingerprint = cert.fingerprint(SHA256).unwrap();
+                let fingerprint = cert.fingerprint(SHA1).unwrap();
                 fingerprint == node_id
             }
         }
@@ -381,7 +381,7 @@ run_test!(ssl_verify_callback, |method, stream| {
 
     match SslStream::connect(ssl, stream) {
         Ok(_) => (),
-        Err(err) => panic!("Expected success, got {:?}", err)
+        Err(err) => panic!("Expected success, got {:?}", err),
     }
 
     assert_eq!(CHECKED.load(Ordering::SeqCst), 1);
@@ -475,11 +475,10 @@ fn test_write_direct() {
 }
 
 run_test!(get_peer_certificate, |method, stream| {
-    let stream = SslStream::connect(&SslContext::new(method).unwrap(),
-                                            stream).unwrap();
+    let stream = SslStream::connect(&SslContext::new(method).unwrap(), stream).unwrap();
     let cert = stream.ssl().peer_certificate().unwrap();
-    let fingerprint = cert.fingerprint(SHA256).unwrap();
-    let node_hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b";
+    let fingerprint = cert.fingerprint(SHA1).unwrap();
+    let node_hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6";
     let node_id = node_hash_str.from_hex().unwrap();
     assert_eq!(node_id, fingerprint)
 });