diff options
Diffstat (limited to 'openssl')
| -rw-r--r-- | openssl/build.rs | 5 | ||||
| -rw-r--r-- | openssl/src/asn1.rs | 2 | ||||
| -rw-r--r-- | openssl/src/bn.rs | 4 | ||||
| -rw-r--r-- | openssl/src/dh.rs | 10 | ||||
| -rw-r--r-- | openssl/src/dsa.rs | 2 | ||||
| -rw-r--r-- | openssl/src/hash.rs | 2 | ||||
| -rw-r--r-- | openssl/src/lib.rs | 2 | ||||
| -rw-r--r-- | openssl/src/pkcs5.rs | 4 | ||||
| -rw-r--r-- | openssl/src/rsa.rs | 2 | ||||
| -rw-r--r-- | openssl/src/sign.rs | 2 | ||||
| -rw-r--r-- | openssl/src/ssl/bio.rs | 2 | ||||
| -rw-r--r-- | openssl/src/ssl/callbacks.rs | 4 | ||||
| -rw-r--r-- | openssl/src/ssl/connector.rs | 6 | ||||
| -rw-r--r-- | openssl/src/ssl/mod.rs | 41 | ||||
| -rw-r--r-- | openssl/src/ssl/tests/mod.rs | 48 | ||||
| -rw-r--r-- | openssl/src/stack.rs | 2 | ||||
| -rw-r--r-- | openssl/src/string.rs | 4 | ||||
| -rw-r--r-- | openssl/src/symm.rs | 10 | ||||
| -rw-r--r-- | openssl/src/verify.rs | 2 | ||||
| -rw-r--r-- | openssl/src/version.rs | 2 | ||||
| -rw-r--r-- | openssl/src/x509/mod.rs | 6 |
21 files changed, 99 insertions, 63 deletions
diff --git a/openssl/build.rs b/openssl/build.rs index eb8894fd..6af69b40 100644 --- a/openssl/build.rs +++ b/openssl/build.rs @@ -12,6 +12,11 @@ fn main() { } Ok(ref v) if v == "110" => { println!("cargo:rustc-cfg=ossl110"); + println!("cargo:rustc-cfg=ossl11x"); + } + Ok(ref v) if v == "111" => { + println!("cargo:rustc-cfg=ossl111"); + println!("cargo:rustc-cfg=ossl11x"); } _ => panic!("Unable to detect OpenSSL version"), } diff --git a/openssl/src/asn1.rs b/openssl/src/asn1.rs index d129235a..9c79f2f0 100644 --- a/openssl/src/asn1.rs +++ b/openssl/src/asn1.rs @@ -288,7 +288,7 @@ impl fmt::Display for Asn1ObjectRef { #[cfg(any(ossl101, ossl102))] use ffi::ASN1_STRING_data; -#[cfg(ossl110)] +#[cfg(ossl11x)] #[allow(bad_style)] unsafe fn ASN1_STRING_data(s: *mut ffi::ASN1_STRING) -> *mut ::libc::c_uchar { ffi::ASN1_STRING_get0_data(s) as *mut _ diff --git a/openssl/src/bn.rs b/openssl/src/bn.rs index 82ec38b6..80152ec4 100644 --- a/openssl/src/bn.rs +++ b/openssl/src/bn.rs @@ -47,7 +47,7 @@ use ffi::{get_rfc2409_prime_768 as BN_get_rfc2409_prime_768, get_rfc3526_prime_6144 as BN_get_rfc3526_prime_6144, get_rfc3526_prime_8192 as BN_get_rfc3526_prime_8192}; -#[cfg(ossl110)] +#[cfg(ossl11x)] use ffi::{BN_get_rfc2409_prime_768, BN_get_rfc2409_prime_1024, BN_get_rfc3526_prime_1536, BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096, BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192}; @@ -366,7 +366,7 @@ impl BigNumRef { unsafe { (*self.as_ptr()).neg == 1 } } - #[cfg(ossl110)] + #[cfg(ossl11x)] fn _is_negative(&self) -> bool { unsafe { ffi::BN_is_negative(self.as_ptr()) == 1 } } diff --git a/openssl/src/dh.rs b/openssl/src/dh.rs index 50d9da7b..e667eba3 100644 --- a/openssl/src/dh.rs +++ b/openssl/src/dh.rs @@ -40,7 +40,7 @@ impl Dh { from_der!(Dh, ffi::d2i_DHparams); /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] pub fn get_1024_160() -> Result<Dh, ErrorStack> { unsafe { ffi::init(); @@ -49,7 +49,7 @@ impl Dh { } /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] pub fn get_2048_224() -> Result<Dh, ErrorStack> { unsafe { ffi::init(); @@ -58,7 +58,7 @@ impl Dh { } /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] pub fn get_2048_256() -> Result<Dh, ErrorStack> { unsafe { ffi::init(); @@ -67,7 +67,7 @@ impl Dh { } } -#[cfg(ossl110)] +#[cfg(ossl11x)] mod compat { pub use ffi::DH_set0_pqg; } @@ -98,7 +98,7 @@ mod tests { use ssl::{SslMethod, SslContext}; #[test] - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] fn test_dh_rfc5114() { let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); let dh1 = Dh::get_1024_160().unwrap(); diff --git a/openssl/src/dsa.rs b/openssl/src/dsa.rs index c687531e..e1af63bd 100644 --- a/openssl/src/dsa.rs +++ b/openssl/src/dsa.rs @@ -189,7 +189,7 @@ impl fmt::Debug for Dsa { } } -#[cfg(ossl110)] +#[cfg(ossl11x)] mod compat { use std::ptr; use ffi::{self, BIGNUM, DSA}; diff --git a/openssl/src/hash.rs b/openssl/src/hash.rs index bb60ed35..2bf54ec0 100644 --- a/openssl/src/hash.rs +++ b/openssl/src/hash.rs @@ -4,7 +4,7 @@ use std::ops::{Deref, DerefMut}; use std::fmt; use ffi; -#[cfg(ossl110)] +#[cfg(ossl11x)] use ffi::{EVP_MD_CTX_new, EVP_MD_CTX_free}; #[cfg(any(ossl101, ossl102))] use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free}; diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index 5c3e7cc8..56141f1d 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -60,7 +60,7 @@ pub mod symm; pub mod types; pub mod version; pub mod x509; -#[cfg(any(ossl102, ossl110))] +#[cfg(any(ossl102, ossl11x))] mod verify; fn cvt_p<T>(r: *mut T) -> Result<*mut T, ErrorStack> { diff --git a/openssl/src/pkcs5.rs b/openssl/src/pkcs5.rs index b37e4770..a619e11c 100644 --- a/openssl/src/pkcs5.rs +++ b/openssl/src/pkcs5.rs @@ -108,7 +108,7 @@ pub fn pbkdf2_hmac( /// Derives a key from a password and salt using the scrypt algorithm. /// /// Requires the `v110` feature and OpenSSL 1.1.0. -#[cfg(all(feature = "v110", ossl110))] +#[cfg(all(feature = "v110", ossl11x))] pub fn scrypt( pass: &[u8], salt: &[u8], @@ -546,7 +546,7 @@ mod tests { } #[test] - #[cfg(all(feature = "v110", ossl110))] + #[cfg(all(feature = "v110", ossl11x))] fn scrypt() { use hex::ToHex; diff --git a/openssl/src/rsa.rs b/openssl/src/rsa.rs index b02b9216..1930f769 100644 --- a/openssl/src/rsa.rs +++ b/openssl/src/rsa.rs @@ -362,7 +362,7 @@ impl fmt::Debug for Rsa { } } -#[cfg(ossl110)] +#[cfg(ossl11x)] mod compat { use std::ptr; diff --git a/openssl/src/sign.rs b/openssl/src/sign.rs index a90d1570..1dca9643 100644 --- a/openssl/src/sign.rs +++ b/openssl/src/sign.rs @@ -72,7 +72,7 @@ use hash::MessageDigest; use pkey::{PKeyCtxRef, PKeyRef}; use error::ErrorStack; -#[cfg(ossl110)] +#[cfg(ossl11x)] use ffi::{EVP_MD_CTX_free, EVP_MD_CTX_new}; #[cfg(any(ossl101, ossl102))] use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free}; diff --git a/openssl/src/ssl/bio.rs b/openssl/src/ssl/bio.rs index 4b792a75..4c0c37db 100644 --- a/openssl/src/ssl/bio.rs +++ b/openssl/src/ssl/bio.rs @@ -173,7 +173,7 @@ unsafe extern "C" fn destroy<S>(bio: *mut BIO) -> c_int { 1 } -#[cfg(ossl110)] +#[cfg(ossl11x)] #[allow(bad_style)] mod compat { use std::io::{Read, Write}; diff --git a/openssl/src/ssl/callbacks.rs b/openssl/src/ssl/callbacks.rs index d7c48050..9df34e72 100644 --- a/openssl/src/ssl/callbacks.rs +++ b/openssl/src/ssl/callbacks.rs @@ -12,7 +12,7 @@ use dh::Dh; #[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))] use ec_key::EcKey; use ssl::{get_callback_idx, get_ssl_callback_idx, SslRef, SniError, NPN_PROTOS_IDX}; -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] use ssl::ALPN_PROTOS_IDX; use x509::X509StoreContextRef; @@ -158,7 +158,7 @@ pub extern "C" fn raw_next_proto_select_cb( unsafe { select_proto_using(ssl, out, outlen, inbuf, inlen, *NPN_PROTOS_IDX) } } -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] pub extern "C" fn raw_alpn_select_cb( ssl: *mut ffi::SSL, out: *mut *const c_uchar, diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs index a730cc49..1f73220f 100644 --- a/openssl/src/ssl/connector.rs +++ b/openssl/src/ssl/connector.rs @@ -367,7 +367,7 @@ fn setup_curves(ctx: &mut SslContextBuilder) -> Result<(), ErrorStack> { ctx._set_ecdh_auto(true) } -#[cfg(ossl110)] +#[cfg(ossl11x)] fn setup_curves(_: &mut SslContextBuilder) -> Result<(), ErrorStack> { Ok(()) } @@ -390,7 +390,7 @@ impl SslAcceptor { } } -#[cfg(any(ossl102, ossl110))] +#[cfg(any(ossl102, ossl11x))] fn setup_verify(ctx: &mut SslContextBuilder) { ctx.set_verify(SSL_VERIFY_PEER); } @@ -409,7 +409,7 @@ fn setup_verify(ctx: &mut SslContextBuilder) { }); } -#[cfg(any(ossl102, ossl110))] +#[cfg(any(ossl102, ossl11x))] fn setup_verify_hostname(ssl: &mut Ssl, domain: &str) -> Result<(), ErrorStack> { let param = ssl._param_mut(); param.set_hostflags(::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 6ef39964..dad9b4c7 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -99,9 +99,9 @@ use ec::EcKeyRef; use ec::EcKey; use x509::{X509, X509FileType, X509Name, X509Ref, X509StoreContextRef, X509VerifyError}; use x509::store::{X509StoreBuilderRef, X509StoreRef}; -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] use x509::store::X509Store; -#[cfg(any(ossl102, ossl110))] +#[cfg(any(ossl102, ossl11x))] use verify::X509VerifyParamRef; use pkey::PKeyRef; use error::ErrorStack; @@ -211,15 +211,21 @@ bitflags! { /// Disables the use of TLSv1.2. const SSL_OP_NO_TLSV1_2 = ffi::SSL_OP_NO_TLSv1_2; + /// Disables the use of TLSv1.3. + /// + /// Requires OpenSSL 1.1.1 or newer. + #[cfg(ossl111)] + const SSL_OP_NO_TLSV1_3 = ffi::SSL_OP_NO_TLSv1_3; + /// Disables the use of DTLSv1.0 /// /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] const SSL_OP_NO_DTLSV1 = ffi::SSL_OP_NO_DTLSv1; /// Disables the use of DTLSv1.2. /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] const SSL_OP_NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2; /// Disables the use of all (D)TLS protocol versions. @@ -237,8 +243,15 @@ bitflags! { /// /// let options = SSL_OP_NO_SSL_MASK & !SSL_OP_NO_TLSV1_2; /// ``` - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] const SSL_OP_NO_SSL_MASK = ffi::SSL_OP_NO_SSL_MASK; + + /// Enable TLSv1.3 Compatibility mode. + /// + /// Requires OpenSSL 1.1.1 or newer. This is on by default in 1.1.1, but a future version + /// may have this disabled by default. + #[cfg(ossl111)] + const SSL_OP_ENABLE_MIDDLEBOX_COMPAT = ffi::SSL_OP_ENABLE_MIDDLEBOX_COMPAT; } } @@ -398,7 +411,7 @@ lazy_static! { static ref NPN_PROTOS_IDX: c_int = get_new_idx::<Vec<u8>>(); } -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] lazy_static! { static ref ALPN_PROTOS_IDX: c_int = get_new_idx::<Vec<u8>>(); } @@ -578,7 +591,7 @@ impl SslContextBuilder { /// This corresponds to [`SSL_CTX_set0_verify_cert_store`]. /// /// [`SSL_CTX_set0_verify_cert_store`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set0_verify_cert_store.html - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] pub fn set_verify_cert_store(&mut self, cert_store: X509Store) -> Result<(), ErrorStack> { unsafe { let ptr = cert_store.as_ptr(); @@ -970,7 +983,7 @@ impl SslContextBuilder { /// /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. // FIXME overhaul - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] pub fn set_alpn_protocols(&mut self, protocols: &[&[u8]]) -> Result<(), ErrorStack> { let protocols: Box<Vec<u8>> = Box::new(ssl_encode_byte_strings(protocols)); unsafe { @@ -1190,7 +1203,7 @@ impl SslContextRef { /// This corresponds to [`SSL_CTX_get0_certificate`]. /// /// [`SSL_CTX_get0_certificate`]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] pub fn certificate(&self) -> Option<&X509Ref> { unsafe { let ptr = ffi::SSL_CTX_get0_certificate(self.as_ptr()); @@ -1209,7 +1222,7 @@ impl SslContextRef { /// This corresponds to [`SSL_CTX_get0_privatekey`]. /// /// [`SSL_CTX_get0_privatekey`]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] pub fn private_key(&self) -> Option<&PKeyRef> { unsafe { let ptr = ffi::SSL_CTX_get0_privatekey(self.as_ptr()); @@ -1794,7 +1807,7 @@ impl SslRef { /// This corresponds to [`SSL_get0_alpn_selected`]. /// /// [`SSL_get0_alpn_selected`]: https://www.openssl.org/docs/manmaster/man3/SSL_get0_next_proto_negotiated.html - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] pub fn selected_alpn_protocol(&self) -> Option<&[u8]> { unsafe { let mut data: *const c_uchar = ptr::null(); @@ -1894,12 +1907,12 @@ impl SslRef { /// This corresponds to [`SSL_get0_param`]. /// /// [`SSL_get0_param`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_get0_param.html - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] pub fn param_mut(&mut self) -> &mut X509VerifyParamRef { self._param_mut() } - #[cfg(any(ossl102, ossl110))] + #[cfg(any(ossl102, ossl11x))] fn _param_mut(&mut self) -> &mut X509VerifyParamRef { unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_get0_param(self.as_ptr())) } } @@ -2437,7 +2450,7 @@ pub enum ShutdownResult { Received, } -#[cfg(ossl110)] +#[cfg(ossl11x)] mod compat { use std::ptr; diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index 1cc36c7f..b5d5a829 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -22,7 +22,7 @@ use ssl::{SslMethod, HandshakeError, SslContext, SslStream, Ssl, ShutdownResult, SslConnectorBuilder, SslAcceptorBuilder, Error, SSL_VERIFY_PEER, SSL_VERIFY_NONE, STATUS_TYPE_OCSP}; use x509::{X509StoreContext, X509, X509Name, X509_FILETYPE_PEM}; -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] use x509::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS; use pkey::PKey; @@ -138,14 +138,14 @@ macro_rules! run_test( use ssl::SSL_VERIFY_PEER; use hash::MessageDigest; use x509::X509StoreContext; - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] use x509::X509; - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] use x509::store::X509StoreBuilder; use hex::FromHex; use foreign_types::ForeignTypeRef; use super::Server; - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] use super::ROOT_CERT; #[test] @@ -186,7 +186,7 @@ run_test!(verify_trusted, |method, stream| { } }); -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] run_test!(verify_trusted_with_set_cert, |method, stream| { let x509 = X509::from_pem(ROOT_CERT).unwrap(); let mut store = X509StoreBuilder::new().unwrap(); @@ -481,7 +481,7 @@ fn test_state() { /// Tests that connecting with the client using ALPN, but the server not does not /// break the existing connection behavior. #[test] -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] fn test_connect_with_unilateral_alpn() { let (_s, stream) = Server::new(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); @@ -525,7 +525,7 @@ fn test_connect_with_unilateral_npn() { /// Tests that when both the client as well as the server use ALPN and their /// lists of supported protocols have an overlap, the correct protocol is chosen. #[test] -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] fn test_connect_with_alpn_successful_multiple_matching() { let (_s, stream) = Server::new_alpn(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); @@ -546,8 +546,10 @@ fn test_connect_with_alpn_successful_multiple_matching() { /// Tests that when both the client as well as the server use NPN and their /// lists of supported protocols have an overlap, the correct protocol is chosen. +// Ignore: NPN is removed on master. #[test] -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[ignore] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] fn test_connect_with_npn_successful_multiple_matching() { let (_s, stream) = Server::new_alpn(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); @@ -570,7 +572,7 @@ fn test_connect_with_npn_successful_multiple_matching() { /// lists of supported protocols have an overlap -- with only ONE protocol /// being valid for both. #[test] -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] fn test_connect_with_alpn_successful_single_match() { let (_s, stream) = Server::new_alpn(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); @@ -593,8 +595,10 @@ fn test_connect_with_alpn_successful_single_match() { /// Tests that when both the client as well as the server use NPN and their /// lists of supported protocols have an overlap -- with only ONE protocol /// being valid for both. +// Ignore: NPN is removed on master. #[test] -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[ignore] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] fn test_connect_with_npn_successful_single_match() { let (_s, stream) = Server::new_alpn(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); @@ -615,7 +619,9 @@ fn test_connect_with_npn_successful_single_match() { /// Tests that when the `SslStream` is created as a server stream, the protocols /// are correctly advertised to the client. +// Ignore: NPN is removed on master. #[test] +#[ignore] #[cfg(not(any(libressl261, libressl262, libressl26x)))] fn test_npn_server_advertise_multiple() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); @@ -659,7 +665,7 @@ fn test_npn_server_advertise_multiple() { /// Tests that when the `SslStream` is created as a server stream, the protocols /// are correctly advertised to the client. #[test] -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] fn test_alpn_server_advertise_multiple() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let localhost = listener.local_addr().unwrap(); @@ -702,7 +708,7 @@ fn test_alpn_server_advertise_multiple() { /// Test that Servers supporting ALPN don't report a protocol when none of their protocols match /// the client's reported protocol. #[test] -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] fn test_alpn_server_select_none() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let localhost = listener.local_addr().unwrap(); @@ -804,7 +810,9 @@ fn test_write_nonblocking() { stream.write(" there".as_bytes()).unwrap(); } +// Ignore: the test is removed in master. #[test] +#[ignore] #[cfg_attr(any(libressl, windows, target_arch = "arm"), ignore)] // FIXME(#467) fn test_read_nonblocking() { let (_s, stream) = Server::new(); @@ -967,7 +975,9 @@ fn default_verify_paths() { ctx.set_default_verify_paths().unwrap(); ctx.set_verify(SSL_VERIFY_PEER); let s = TcpStream::connect("google.com:443").unwrap(); - let mut socket = Ssl::new(&ctx.build()).unwrap().connect(s).unwrap(); + let mut ssl = Ssl::new(&ctx.build()).unwrap(); + ssl.set_hostname("google.com").unwrap(); + let mut socket = ssl.connect(s).unwrap(); socket.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap(); let mut result = vec![]; @@ -987,7 +997,7 @@ fn add_extra_chain_cert() { } #[test] -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] fn verify_valid_hostname() { let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_default_verify_paths().unwrap(); @@ -998,6 +1008,7 @@ fn verify_valid_hostname() { X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS, ); ssl.param_mut().set_host("google.com").unwrap(); + ssl.set_hostname("google.com").unwrap(); let s = TcpStream::connect("google.com:443").unwrap(); let mut socket = ssl.connect(s).unwrap(); @@ -1012,7 +1023,7 @@ fn verify_valid_hostname() { } #[test] -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] fn verify_invalid_hostname() { let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_default_verify_paths().unwrap(); @@ -1052,7 +1063,10 @@ fn connector_invalid_hostname() { assert!(connector.connect("foobar.com", s).is_err()); } +// Ignored: Google's load balancer architecture changed. Connection without SNI will fail with +// self signed certs. #[test] +#[ignore] fn connector_invalid_no_hostname_verification() { let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build(); @@ -1231,6 +1245,8 @@ fn tmp_dh_callback() { let stream = TcpStream::connect(("127.0.0.1", port)).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); + #[cfg(ossl111)] + ctx.set_options(super::SSL_OP_NO_TLSV1_3); ctx.set_cipher_list("EDH").unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap(); ssl.connect(stream).unwrap(); @@ -1298,6 +1314,8 @@ fn tmp_dh_callback_ssl() { let stream = TcpStream::connect(("127.0.0.1", port)).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); + #[cfg(ossl111)] + ctx.set_options(super::SSL_OP_NO_TLSV1_3); ctx.set_cipher_list("EDH").unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap(); ssl.connect(stream).unwrap(); diff --git a/openssl/src/stack.rs b/openssl/src/stack.rs index d8589352..f15fdb39 100644 --- a/openssl/src/stack.rs +++ b/openssl/src/stack.rs @@ -15,7 +15,7 @@ use std::ops::{Deref, DerefMut, Index, IndexMut}; use ffi::{sk_pop as OPENSSL_sk_pop, sk_free as OPENSSL_sk_free, sk_num as OPENSSL_sk_num, sk_value as OPENSSL_sk_value, _STACK as OPENSSL_STACK, sk_new_null as OPENSSL_sk_new_null, sk_push as OPENSSL_sk_push}; -#[cfg(ossl110)] +#[cfg(ossl11x)] use ffi::{OPENSSL_sk_pop, OPENSSL_sk_free, OPENSSL_sk_num, OPENSSL_sk_value, OPENSSL_STACK, OPENSSL_sk_new_null, OPENSSL_sk_push}; diff --git a/openssl/src/string.rs b/openssl/src/string.rs index af58130e..e24d8720 100644 --- a/openssl/src/string.rs +++ b/openssl/src/string.rs @@ -67,12 +67,12 @@ impl fmt::Debug for OpensslStringRef { } } -#[cfg(not(ossl110))] +#[cfg(not(ossl11x))] unsafe fn free(buf: *mut c_char) { ::ffi::CRYPTO_free(buf as *mut c_void); } -#[cfg(ossl110)] +#[cfg(ossl11x)] unsafe fn free(buf: *mut c_char) { ::ffi::CRYPTO_free( buf as *mut c_void, diff --git a/openssl/src/symm.rs b/openssl/src/symm.rs index e109b2a7..84a91d77 100644 --- a/openssl/src/symm.rs +++ b/openssl/src/symm.rs @@ -138,13 +138,13 @@ impl Cipher { } /// Requires the `v110` feature and OpenSSL 1.1.0. - #[cfg(all(ossl110, feature = "v110"))] + #[cfg(all(ossl11x, feature = "v110"))] pub fn chacha20() -> Cipher { unsafe { Cipher(ffi::EVP_chacha20()) } } /// Requires the `v110` feature and OpenSSL 1.1.0. - #[cfg(all(ossl110, feature = "v110"))] + #[cfg(all(ossl11x, feature = "v110"))] pub fn chacha20_poly1305() -> Cipher { unsafe { Cipher(ffi::EVP_chacha20_poly1305()) } } @@ -589,7 +589,7 @@ pub fn decrypt_aead( Ok(out) } -#[cfg(ossl110)] +#[cfg(ossl11x)] use ffi::{EVP_CIPHER_iv_length, EVP_CIPHER_block_size, EVP_CIPHER_key_length}; #[cfg(ossl10x)] @@ -1076,7 +1076,7 @@ mod tests { } #[test] - #[cfg(all(ossl110, feature = "v110"))] + #[cfg(all(ossl11x, feature = "v110"))] fn test_chacha20() { let key = "0000000000000000000000000000000000000000000000000000000000000000"; let iv = "00000000000000000000000000000000"; @@ -1089,7 +1089,7 @@ mod tests { } #[test] - #[cfg(all(ossl110, feature = "v110"))] + #[cfg(all(ossl11x, feature = "v110"))] fn test_chacha20_poly1305() { let key = "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f"; let iv = "070000004041424344454647"; diff --git a/openssl/src/verify.rs b/openssl/src/verify.rs index 65315e47..b3a0db2c 100644 --- a/openssl/src/verify.rs +++ b/openssl/src/verify.rs @@ -15,7 +15,7 @@ bitflags! { const X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS = ffi::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS; /// Requires the `v110` feature and OpenSSL 1.1.0. - #[cfg(all(feature = "v110", ossl110))] + #[cfg(all(feature = "v110", ossl11x))] const X509_CHECK_FLAG_NEVER_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_NEVER_CHECK_SUBJECT; } } diff --git a/openssl/src/version.rs b/openssl/src/version.rs index 7254d7ba..3c775080 100644 --- a/openssl/src/version.rs +++ b/openssl/src/version.rs @@ -19,7 +19,7 @@ use ffi::{SSLEAY_VERSION as OPENSSL_VERSION, SSLEAY_CFLAGS as OPENSSL_CFLAGS, SSLEAY_DIR as OPENSSL_DIR, SSLeay as OpenSSL_version_num, SSLeay_version as OpenSSL_version}; -#[cfg(ossl110)] +#[cfg(ossl11x)] use ffi::{OPENSSL_VERSION, OPENSSL_CFLAGS, OPENSSL_BUILT_ON, OPENSSL_PLATFORM, OPENSSL_DIR, OpenSSL_version_num, OpenSSL_version}; diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index dff65222..16c80ed8 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -28,12 +28,12 @@ use ssl::SslRef; #[cfg(ossl10x)] use ffi::{X509_set_notBefore, X509_set_notAfter, ASN1_STRING_data, X509_STORE_CTX_get_chain}; -#[cfg(ossl110)] +#[cfg(ossl11x)] use ffi::{X509_set1_notBefore as X509_set_notBefore, X509_set1_notAfter as X509_set_notAfter, ASN1_STRING_get0_data as ASN1_STRING_data, X509_STORE_CTX_get0_chain as X509_STORE_CTX_get_chain}; -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))] pub mod verify; use x509::extension::{ExtensionType, Extension}; @@ -1142,7 +1142,7 @@ impl X509AlgorithmRef { } } -#[cfg(ossl110)] +#[cfg(ossl11x)] mod compat { pub use ffi::X509_getm_notAfter as X509_get_notAfter; pub use ffi::X509_getm_notBefore as X509_get_notBefore; |