aboutsummaryrefslogtreecommitdiff
path: root/openssl/src
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/src')
-rw-r--r--openssl/src/asn1/mod.rs41
-rw-r--r--openssl/src/c_helpers.c8
-rw-r--r--openssl/src/c_helpers.rs3
-rw-r--r--openssl/src/error.rs6
-rw-r--r--openssl/src/lib.rs2
-rw-r--r--openssl/src/ssl/mod.rs11
-rw-r--r--openssl/src/ssl/tests/mod.rs9
-rw-r--r--openssl/src/x509/mod.rs36
-rw-r--r--openssl/src/x509/tests.rs12
9 files changed, 119 insertions, 9 deletions
diff --git a/openssl/src/asn1/mod.rs b/openssl/src/asn1/mod.rs
index 7d209775..1eab9f04 100644
--- a/openssl/src/asn1/mod.rs
+++ b/openssl/src/asn1/mod.rs
@@ -1,15 +1,19 @@
use libc::c_long;
-use std::ptr;
+use std::{ptr, fmt};
+use std::marker::PhantomData;
+use std::ops::Deref;
+use bio::MemBio;
use ffi;
use error::ErrorStack;
-pub struct Asn1Time(*mut ffi::ASN1_TIME);
+/// Corresponds to the ASN.1 structure Time defined in RFC5280
+pub struct Asn1Time(Asn1TimeRef<'static>);
impl Asn1Time {
/// Wraps existing ASN1_TIME and takes ownership
pub unsafe fn from_ptr(handle: *mut ffi::ASN1_TIME) -> Asn1Time {
- Asn1Time(handle)
+ Asn1Time(Asn1TimeRef::from_ptr(handle))
}
fn from_period(period: c_long) -> Result<Asn1Time, ErrorStack> {
@@ -25,6 +29,24 @@ impl Asn1Time {
pub fn days_from_now(days: u32) -> Result<Asn1Time, ErrorStack> {
Asn1Time::from_period(days as c_long * 60 * 60 * 24)
}
+}
+
+impl Deref for Asn1Time {
+ type Target = Asn1TimeRef<'static>;
+
+ fn deref(&self) -> &Asn1TimeRef<'static> {
+ &self.0
+ }
+}
+
+/// A borrowed Asn1Time
+pub struct Asn1TimeRef<'a>(*mut ffi::ASN1_TIME, PhantomData<&'a ()>);
+
+impl<'a> Asn1TimeRef<'a> {
+ /// Creates a new `Asn1TimeRef` wrapping the provided handle.
+ pub unsafe fn from_ptr(handle: *mut ffi::ASN1_TIME) -> Asn1TimeRef<'a> {
+ Asn1TimeRef(handle, PhantomData)
+ }
/// Returns the raw handle
pub fn as_ptr(&self) -> *mut ffi::ASN1_TIME {
@@ -32,8 +54,19 @@ impl Asn1Time {
}
}
+impl<'a> fmt::Display for Asn1TimeRef<'a> {
+ fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+ let mem_bio = try!(MemBio::new());
+ let as_str = unsafe {
+ try_ssl!(ffi::ASN1_TIME_print(mem_bio.as_ptr(), self.0));
+ String::from_utf8_unchecked(mem_bio.get_buf().to_owned())
+ };
+ write!(f, "{}", as_str)
+ }
+}
+
impl Drop for Asn1Time {
fn drop(&mut self) {
- unsafe { ffi::ASN1_TIME_free(self.0) };
+ unsafe { ffi::ASN1_TIME_free(self.as_ptr()) };
}
}
diff --git a/openssl/src/c_helpers.c b/openssl/src/c_helpers.c
index 5d149553..6e6a5021 100644
--- a/openssl/src/c_helpers.c
+++ b/openssl/src/c_helpers.c
@@ -15,6 +15,14 @@ STACK_OF(X509_EXTENSION) *rust_0_8_X509_get_extensions(X509 *x) {
return x->cert_info ? x->cert_info->extensions : NULL;
}
+ASN1_TIME* rust_0_8_X509_get_notAfter(X509 *x) {
+ return X509_get_notAfter(x);
+}
+
+ASN1_TIME* rust_0_8_X509_get_notBefore(X509 *x) {
+ return X509_get_notBefore(x);
+}
+
DH *rust_0_8_DH_new_from_params(BIGNUM *p, BIGNUM *g, BIGNUM *q) {
DH *dh;
diff --git a/openssl/src/c_helpers.rs b/openssl/src/c_helpers.rs
index 74ddb9ac..d16c3125 100644
--- a/openssl/src/c_helpers.rs
+++ b/openssl/src/c_helpers.rs
@@ -6,7 +6,8 @@ extern "C" {
pub fn rust_0_8_SSL_CTX_clone(cxt: *mut ffi::SSL_CTX);
pub fn rust_0_8_X509_clone(x509: *mut ffi::X509);
pub fn rust_0_8_X509_get_extensions(x: *mut ffi::X509) -> *mut ffi::stack_st_X509_EXTENSION;
-
+ pub fn rust_0_8_X509_get_notAfter(x: *mut ffi::X509) -> *mut ffi::ASN1_TIME;
+ pub fn rust_0_8_X509_get_notBefore(x: *mut ffi::X509) -> *mut ffi::ASN1_TIME;
pub fn rust_0_8_HMAC_Init_ex(ctx: *mut ffi::HMAC_CTX, key: *const c_void, keylen: c_int, md: *const ffi::EVP_MD, impl_: *mut ffi::ENGINE) -> c_int;
pub fn rust_0_8_HMAC_Final(ctx: *mut ffi::HMAC_CTX, output: *mut c_uchar, len: *mut c_uint) -> c_int;
pub fn rust_0_8_HMAC_Update(ctx: *mut ffi::HMAC_CTX, input: *const c_uchar, len: c_uint) -> c_int;
diff --git a/openssl/src/error.rs b/openssl/src/error.rs
index 5fa542c2..cc89b5db 100644
--- a/openssl/src/error.rs
+++ b/openssl/src/error.rs
@@ -54,6 +54,12 @@ impl From<ErrorStack> for io::Error {
}
}
+impl From<ErrorStack> for fmt::Error {
+ fn from(_: ErrorStack) -> fmt::Error {
+ fmt::Error
+ }
+}
+
/// An error reported from OpenSSL.
pub struct Error(c_ulong);
diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs
index f20401f6..0c4bc51f 100644
--- a/openssl/src/lib.rs
+++ b/openssl/src/lib.rs
@@ -1,4 +1,4 @@
-#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.8.1")]
+#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.8.2")]
#[macro_use]
extern crate bitflags;
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 64a2ccaf..6e365af6 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -535,9 +535,14 @@ impl<'a> SslContextRef<'a> {
/// Adds a certificate to the certificate chain presented together with the
/// certificate specified using set_certificate()
pub fn add_extra_chain_cert(&mut self, cert: &X509Ref) -> Result<(), ErrorStack> {
- wrap_ssl_result(unsafe {
- ffi::SSL_CTX_add_extra_chain_cert(self.as_ptr(), cert.as_ptr()) as c_int
- })
+ // FIXME this should really just take an X509 by value
+ let der = try!(cert.to_der());
+ let cert = try!(X509::from_der(&der));
+ unsafe {
+ try_ssl!(ffi::SSL_CTX_add_extra_chain_cert(self.as_ptr(), cert.as_ptr()));
+ }
+ mem::forget(cert);
+ Ok(())
}
/// Specifies the file that contains private key
diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs
index 4e4985e1..3bbbed03 100644
--- a/openssl/src/ssl/tests/mod.rs
+++ b/openssl/src/ssl/tests/mod.rs
@@ -909,6 +909,7 @@ fn test_write_nonblocking() {
}
#[test]
+#[cfg_attr(windows, ignore)] // FIXME flickers on appveyor
fn test_read_nonblocking() {
let (_s, stream) = Server::new();
stream.set_nonblocking(true).unwrap();
@@ -1080,3 +1081,11 @@ fn default_verify_paths() {
assert!(result.starts_with(b"HTTP/1.0"));
assert!(result.ends_with(b"</HTML>\r\n") || result.ends_with(b"</html>"));
}
+
+#[test]
+fn add_extra_chain_cert() {
+ let cert = include_bytes!("../../../test/cert.pem");
+ let cert = X509::from_pem(cert).unwrap();
+ let mut ctx = SslContext::new(SslMethod::Sslv23).unwrap();
+ ctx.add_extra_chain_cert(&cert).unwrap();
+}
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index 0cc0eca7..f5369447 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -1,4 +1,5 @@
use libc::{c_char, c_int, c_long, c_ulong, c_void};
+use std::cmp;
use std::ffi::CString;
use std::mem;
use std::ptr;
@@ -11,6 +12,9 @@ use std::marker::PhantomData;
use HashTypeInternals;
use asn1::Asn1Time;
+#[cfg(feature = "x509_expiry")]
+use asn1::Asn1TimeRef;
+
use bio::{MemBio, MemBioSlice};
use crypto::hash;
use crypto::hash::Type as HashType;
@@ -433,6 +437,28 @@ impl<'a> X509Ref<'a> {
}
}
+ /// Returns certificate Not After validity period.
+ /// Requires the `x509_expiry` feature.
+ #[cfg(feature = "x509_expiry")]
+ pub fn not_after<'b>(&'b self) -> Asn1TimeRef<'b> {
+ unsafe {
+ let date = ::c_helpers::rust_0_8_X509_get_notAfter(self.0);
+ assert!(!date.is_null());
+ Asn1TimeRef::from_ptr(date)
+ }
+ }
+
+ /// Returns certificate Not Before validity period.
+ /// Requires the `x509_expiry` feature.
+ #[cfg(feature = "x509_expiry")]
+ pub fn not_before<'b>(&'b self) -> Asn1TimeRef<'b> {
+ unsafe {
+ let date = ::c_helpers::rust_0_8_X509_get_notBefore(self.0);
+ assert!(!date.is_null());
+ Asn1TimeRef::from_ptr(date)
+ }
+ }
+
/// Writes certificate as PEM
pub fn to_pem(&self) -> Result<Vec<u8>, ErrorStack> {
let mem_bio = try!(MemBio::new());
@@ -467,6 +493,16 @@ impl X509 {
X509::from_ptr(x509)
}
+ /// Reads a certificate from DER.
+ pub fn from_der(buf: &[u8]) -> Result<X509, ErrorStack> {
+ unsafe {
+ let mut ptr = buf.as_ptr() as *mut _;
+ let len = cmp::min(buf.len(), c_long::max_value() as usize) as c_long;
+ let x509 = try_ssl_null!(ffi::d2i_X509(ptr::null_mut(), &mut ptr, len));
+ Ok(X509::from_ptr(x509))
+ }
+ }
+
/// Reads a certificate from PEM.
pub fn from_pem(buf: &[u8]) -> Result<X509, ErrorStack> {
let mem_bio = try!(MemBioSlice::new(buf));
diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs
index 43add896..eac08941 100644
--- a/openssl/src/x509/tests.rs
+++ b/openssl/src/x509/tests.rs
@@ -93,6 +93,18 @@ fn test_cert_loading() {
}
#[test]
+#[cfg(feature = "x509_expiry")]
+fn test_cert_issue_validity() {
+ let cert = include_bytes!("../../test/cert.pem");
+ let cert = X509::from_pem(cert).ok().expect("Failed to load PEM");
+ let not_before = cert.not_before().to_string();
+ let not_after = cert.not_after().to_string();
+
+ assert_eq!(not_before, "Aug 14 17:00:03 2016 GMT");
+ assert_eq!(not_after, "Aug 12 17:00:03 2026 GMT");
+}
+
+#[test]
fn test_save_der() {
let cert = include_bytes!("../../test/cert.pem");
let cert = X509::from_pem(cert).ok().expect("Failed to load PEM");
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-11 12:45:34 +0000