6 files changed, 59 insertions, 12 deletions

diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs
index 7c366aba..321a301f 100644
--- a/openssl/src/lib.rs
+++ b/openssl/src/lib.rs
@@ -1,4 +1,4 @@
-#![doc(html_root_url = "https://docs.rs/openssl/0.9")]
+#![doc(html_root_url = "https://docs.rs/openssl/0.10")]
 
 #[macro_use]
 extern crate bitflags;
diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs
index 54910733..9e485ab9 100644
--- a/openssl/src/ssl/connector.rs
+++ b/openssl/src/ssl/connector.rs
@@ -124,11 +124,22 @@ pub struct ConnectConfiguration {
 }
 
 impl ConnectConfiguration {
+    /// A builder-style version of `set_use_server_name_indication`.
+    pub fn use_server_name_indication(mut self, use_sni: bool) -> ConnectConfiguration {
+        self.set_use_server_name_indication(use_sni);
+        self
+    }
+
     /// Configures the use of Server Name Indication (SNI) when connecting.
     ///
     /// Defaults to `true`.
-    pub fn use_server_name_indication(mut self, use_sni: bool) -> ConnectConfiguration {
+    pub fn set_use_server_name_indication(&mut self, use_sni: bool) {
         self.sni = use_sni;
+    }
+
+    /// A builder-style version of `set_verify_hostname`.
+    pub fn verify_hostname(mut self, verify_hostname: bool) -> ConnectConfiguration {
+        self.set_verify_hostname(verify_hostname);
         self
     }
 
@@ -141,9 +152,8 @@ impl ConnectConfiguration {
     /// You should think very carefully before you use this method. If hostname verification is not
     /// used, *any* valid certificate for *any* site will be trusted for use from any other. This
     /// introduces a significant vulnerability to man-in-the-middle attacks.
-    pub fn verify_hostname(mut self, verify_hostname: bool) -> ConnectConfiguration {
+    pub fn set_verify_hostname(&mut self, verify_hostname: bool) {
         self.verify_hostname = verify_hostname;
-        self
     }
 
     /// Initiates a client-side TLS session on a stream.
diff --git a/openssl/src/ssl/error.rs b/openssl/src/ssl/error.rs
index c0bc80ae..18e44cd6 100644
--- a/openssl/src/ssl/error.rs
+++ b/openssl/src/ssl/error.rs
@@ -82,6 +82,15 @@ impl Error {
     }
 }
 
+impl From<ErrorStack> for Error {
+    fn from(e: ErrorStack) -> Error {
+        Error {
+            code: ErrorCode::SSL,
+            cause: Some(InnerError::Ssl(e)),
+        }
+    }
+}
+
 impl fmt::Display for Error {
     fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
         match self.code {
diff --git a/openssl/src/ssl/test.rs b/openssl/src/ssl/test.rs
index db478d36..dc58c4fa 100644
--- a/openssl/src/ssl/test.rs
+++ b/openssl/src/ssl/test.rs
@@ -82,11 +82,14 @@ impl Server {
     }
 
     fn new_tcp(args: &[&str]) -> (Server, TcpStream) {
-        let (server, addr) = Server::spawn(args, None);
+        let (mut server, addr) = Server::spawn(args, None);
         for _ in 0..20 {
             match TcpStream::connect(&addr) {
                 Ok(s) => return (server, s),
                 Err(ref e) if e.kind() == io::ErrorKind::ConnectionRefused => {
+                    if let Some(exit_status) = server.p.try_wait().expect("try_wait") {
+                        panic!("server exited: {}", exit_status);
+                    }
                     thread::sleep(Duration::from_millis(100));
                 }
                 Err(e) => panic!("wut: {}", e),
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index 7c897e31..f3a8b8e6 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -1090,10 +1090,10 @@ foreign_type_and_impl_send_sync! {
 }
 
 impl GeneralNameRef {
-    /// Returns the contents of this `GeneralName` if it is a `dNSName`.
-    pub fn dnsname(&self) -> Option<&str> {
+
+    fn ia5_string(&self, ffi_type: c_int) -> Option<&str> {
         unsafe {
-            if (*self.as_ptr()).type_ != ffi::GEN_DNS {
+            if (*self.as_ptr()).type_ != ffi_type {
                 return None;
             }
 
@@ -1101,13 +1101,28 @@ impl GeneralNameRef {
             let len = ffi::ASN1_STRING_length((*self.as_ptr()).d as *mut _);
 
             let slice = slice::from_raw_parts(ptr as *const u8, len as usize);
-            // dNSNames are stated to be ASCII (specifically IA5). Hopefully
+            // IA5Strings are stated to be ASCII (specifically IA5). Hopefully
             // OpenSSL checks that when loading a certificate but if not we'll
             // use this instead of from_utf8_unchecked just in case.
             str::from_utf8(slice).ok()
         }
     }
 
+    /// Returns the contents of this `GeneralName` if it is an `rfc822Name`.
+    pub fn email(&self) -> Option<&str> {
+        self.ia5_string(ffi::GEN_EMAIL)
+    }
+
+    /// Returns the contents of this `GeneralName` if it is a `dNSName`.
+    pub fn dnsname(&self) -> Option<&str> {
+        self.ia5_string(ffi::GEN_DNS)
+    }
+
+    /// Returns the contents of this `GeneralName` if it is an `uniformResourceIdentifier`.
+    pub fn uri(&self) -> Option<&str> {
+        self.ia5_string(ffi::GEN_URI)
+    }
+
     /// Returns the contents of this `GeneralName` if it is an `iPAddress`.
     pub fn ipaddress(&self) -> Option<&[u8]> {
         unsafe {
diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs
index 2d9348e8..6f6b430a 100644
--- a/openssl/src/x509/tests.rs
+++ b/openssl/src/x509/tests.rs
@@ -92,13 +92,15 @@ fn test_subject_alt_name() {
     let cert = X509::from_pem(cert).unwrap();
 
     let subject_alt_names = cert.subject_alt_names().unwrap();
-    assert_eq!(3, subject_alt_names.len());
-    assert_eq!(Some("foobar.com"), subject_alt_names[0].dnsname());
+    assert_eq!(5, subject_alt_names.len());
+    assert_eq!(Some("example.com"), subject_alt_names[0].dnsname());
     assert_eq!(subject_alt_names[1].ipaddress(), Some(&[127, 0, 0, 1][..]));
     assert_eq!(
         subject_alt_names[2].ipaddress(),
         Some(&b"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"[..])
     );
+    assert_eq!(Some("[email protected]"), subject_alt_names[3].email());
+    assert_eq!(Some("http://www.example.com"), subject_alt_names[4].uri());
 }
 
 #[test]
@@ -110,7 +112,7 @@ fn test_subject_alt_name_iter() {
     let mut subject_alt_names_iter = subject_alt_names.iter();
     assert_eq!(
         subject_alt_names_iter.next().unwrap().dnsname(),
-        Some("foobar.com")
+        Some("example.com")
     );
     assert_eq!(
         subject_alt_names_iter.next().unwrap().ipaddress(),
@@ -120,6 +122,14 @@ fn test_subject_alt_name_iter() {
         subject_alt_names_iter.next().unwrap().ipaddress(),
         Some(&b"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"[..])
     );
+    assert_eq!(
+        subject_alt_names_iter.next().unwrap().email(),
+        Some("[email protected]")
+    );
+    assert_eq!(
+        subject_alt_names_iter.next().unwrap().uri(),
+        Some("http://www.example.com")
+    );
     assert!(subject_alt_names_iter.next().is_none());
 }