aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* | | | | Merge branch 'release'Steven Fackler2015-10-055-8/+8
|\ \ \ \ \ | | |_|_|/ | |/| | |
| * | | | Merge branch 'release-v0.6.6' into releasev0.6.6Steven Fackler2015-10-0516-143/+547
| |\ \ \ \ | | | |_|/ | | |/| |
| | * | | Release v0.6.6Steven Fackler2015-10-055-8/+8
| |/ / / |/| | |
* | | | Clean up init stuffSteven Fackler2015-10-052-9/+8
| | | |
* | | | Merge pull request #282 from Manishearth/threadidSteven Fackler2015-10-052-0/+29
|\ \ \ \ | |_|_|/ |/| | | Set threadid_func on linux/osx (fixes #281)
| * | | Set threadid_func on linux/osx (fixes #281)Manish Goregaokar2015-10-052-0/+29
|/ / /
* | | Merge pull request #279 from jtdowney/sslv23_docsSteven Fackler2015-10-021-1/+2
|\ \ \ | |_|/ |/| | Update documentation about SSLv23
| * | Update documentation about SSLv23John Downey2015-10-021-1/+2
|/ / | | | | | | | | | | | | In OpenSSL world, the SSLv23 option is a poorly name method that will negotiate what version of TLS or SSL to use. It starts with the best version the library supports and then precedes to keep trying all the way down to SSL 2.0.
* | Merge pull request #263 from jedisct1/ecdh_autoSteven Fackler2015-09-265-0/+23
|\ \ | | | | | | Add SSL::set_ecdh_auto()
| * | Add an ecdh_auto descriptionFrank Denis2015-09-251-0/+4
| | |
| * | Add SSL::set_ecdh_auto()Frank Denis2015-09-255-0/+19
|/ / | | | | | | | | This sets automatic curve selection and enables ECDH support. Requires LibreSSL or OpenSSL >= 1.0.2, so behind a feature gate.
* | Merge pull request #273 from alexcrichton/test-on-windowsSteven Fackler2015-09-227-97/+190
|\ \ | | | | | | Enable testing on Windows via AppVeyor
| * | Enable testing on Windows via AppVeyorAlex Crichton2015-09-227-97/+190
|/ / | | | | | | | | | | | | This abolishes the test.sh script which spawns a bunch of `openssl` instances to instead run/manage the binary in-process (providing more isolation to boot). The tests have been updated accordingly and the `connected_socket` dependency was also dropped in favor of `net2` as it the former doesn't work on Windows.
* | Merge pull request #266 from jmesmon/alpnSteven Fackler2015-09-163-8/+54
|\ \ | | | | | | ssl/npn+alpn: adjust protocol selection to fail if no protocols match
| * | ssl/alpn: test mismatch between protocols resulting in NoneCody P Schafer2015-09-161-0/+43
| | |
| * | ssl/npn+alpn: adjust protocol selection to fail if no protocols matchCody P Schafer2015-09-012-5/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current behavior causes a server written using rust-openssl to (if it cannot negotiate a protocol) fallback to the first protocol it has avaliable. This makes it impossible to detect protocol mismatches. This updates our selection to be more similar to how openssl's s_server behaves: non-matching protocols are not supplied with a fallback. Note that some setups may actually want a fallback protocol supplied via ALPN. To support those cases, we should consider adding a generic callback that allows protocol selection to be entirely controlled by the programmer. For the purposes of having a sane default, however, not supplying a default (and mimicing s_server's behavior) is the best choice.
| * | openssl/ssl: fix some of the comment text where I missed replacing NPN with ALPNCody P Schafer2015-09-011-3/+3
| | |
* | | Merge pull request #261 from jedisct1/try_ssl_nullSteven Fackler2015-09-162-28/+7
|\ \ \ | | | | | | | | Use try_ssl_null!() when relevant
| * | | Use try_ssl_null!() when relevantFrank Denis2015-09-132-28/+7
| | | |
* | | | Merge pull request #262 from jedisct1/read_dhparamsSteven Fackler2015-09-163-2/+37
|\ \ \ \ | |/ / / |/| | | Add DH::from_pem() to load DH parameters from a file
| * | | Add DH::from_pem() to load DH parameters from a fileFrank Denis2015-09-133-2/+37
|/ / /
* | | Merge pull request #270 from mvdnes/crypto_segvSteven Fackler2015-09-111-7/+67
|\ \ \ | | | | | | | | Check if public/private RSA key is properly loaded
| * | | Fix one call to RSA_size found by testsMathijs van de Nes2015-09-111-1/+1
| | | |
| * | | Add tests to ensure a panic occurs instead of segvMathijs van de Nes2015-09-111-0/+32
| | | |
| * | | Check rsa.is_null() before passing it to RSA_sizeMathijs van de Nes2015-09-101-1/+22
| | | | | | | | | | | | | | | | RSA_size will cause an segmentation fault if it is null
| * | | Check _fromstr function for successMathijs van de Nes2015-09-101-6/+13
| | | |
* | | | Merge pull request #268 from alex/patch-1Steven Fackler2015-09-091-2/+2
|\ \ \ \ | |/ / / |/| | | Make the docs say that load_pub/save_pub methods take DER bytes
| * | | Make the docs say that load_pub/save_pub methods take DER bytesAlex Gaynor2015-09-091-2/+2
|/ / /
* | | Merge pull request #265 from alexcrichton/swap-orderSteven Fackler2015-09-011-3/+3
|\ \ \ | |/ / |/| | Swap order of linking ssl/crypto
| * | Swap order of linking ssl/cryptoAlex Crichton2015-09-011-3/+3
|/ / | | | | | | | | | | | | | | | | | | | | | | GNU linkers will sometimes aggressively try to strip objects and archives from a linker command line in a left-to-right fashion. When a linker hits an object file that doesn't satisfy any unresolved symbols, it will discard the object and not re-visit it. This means that currently if symbols are depended upon in libssl then some of the dependencies of libssl (in libcrypto) may have already been stripped, causing a link error. By swapping the order of what's linked it reflects the natural flow of dependencies and the linker should figure everything out for us.
* | Merge pull request #259 from jedisct1/dhSteven Fackler2015-09-018-2/+141
|\ \ | | | | | | Add support for DHE for forward secrecy
| * | Add support for set_tmp_dh() and RFC5114 DH parameters for forward secrecy.Frank Denis2015-08-318-2/+141
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | rust-openssl didn't support forward secrecy at all. This adds support for DHE, by exposing set_tmp_dh() as well as the RFC5114 parameters, which are conveniently exposed since OpenSSL 1.0.2. With OpenSSL >= 1.0.2, and the rfc5114 feature gate, enabling DHE is as simple as (here for 2048-bit MODP group with 256-bit prime order subgroup): use openssl::dh::DH; let dh = DH::get_2048_256().unwrap(); ctx.set_tmp_dh(dh).unwrap(); With OpenSSL < 1.0.2, DH::from_params() can be used to manually specify the DH parameters (here for 2048-bit MODP group with 256-bit prime order subgroup): use openssl::bn::BigNum; use openssl::dh::DH; let p = BigNum::from_hex_str("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0EF13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5140564251CCACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE621C3A3960A54E710C375F26375D7014103A4B54330C198AF126116D2276E11715F693877FAD7EF09CADB094AE91E1A1597").unwrap(); let g = BigNum::from_hex_str("3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC831D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6184B523D1DB246C32F63078490F00EF8D647D148D47954515E2327CFEF98C582664B4C0F6CC41659").unwrap(); let q = BigNum::from_hex_str("8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F5FBD3").unwrap(); let dh = DH::from_params(p, g, q).unwrap(); ctx.set_tmp_dh(dh).unwrap();
* | | Merge branch 'release'Steven Fackler2015-08-315-7/+7
|\ \ \ | |/ / |/| / | |/
| * Merge branch 'release-v0.6.5' into releasev0.6.5Steven Fackler2015-08-3121-213/+846
| |\
| | * Release v0.6.5Steven Fackler2015-08-315-7/+7
| |/ |/|
* | Merge pull request #251 from ebarnard/evp_bytestokeySteven Fackler2015-08-235-23/+144
|\ \ | | | | | | Expose EVP_BytesToKey
| * | Expose EVP_BytesToKeyEdward Barnard2015-08-235-23/+144
| | | | | | | | | | | | | | | This is based on work by pyrho. Closes #88
* | | Merge pull request #253 from manuels/masterSteven Fackler2015-08-193-0/+37
|\ \ \ | | | | | | | | Add get_state_string()
| * | | Add get_state_string()Manuel Schölling2015-08-173-0/+37
| | | |
* | | | Fix openssl source link in testsSteven Fackler2015-08-151-1/+1
| | | |
* | | | Merge pull request #240 from jethrogb/topic/x509_req_extensionSteven Fackler2015-08-154-9/+43
|\ \ \ \ | |/ / / |/| | | Implement certificate extensions for certificate requests
| * | | Implement certificate extensions for certificate requestsJethro Beekman2015-07-084-9/+43
| | | |
* | | | Grab errno for directstream want errorsSteven Fackler2015-08-101-7/+2
| | | |
* | | | Handle WantWrite and WantRead errorsSteven Fackler2015-08-081-0/+8
| |/ / |/| |
* | | Merge pull request #243 from manuels/masterSteven Fackler2015-08-023-2/+42
|\ \ \ | | | | | | | | Fix probelms with DTLS when no packets are pending.
| * | | Fix probelms with DTLS when no packets are pending.Manuel Schölling2015-07-183-2/+42
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When using DTLS you might run into the situation where no packets are pending, so SSL_read returns len=0. On a TLS connection this means that the connection was closed, but on DTLS it does not (a DTLS connection cannot be closed in the usual sense). This commit fixes a bug introduced by c8d23f3. Conflicts: openssl/src/ssl/mod.rs
* | | Add new feature to travis testsSteven Fackler2015-08-021-1/+1
| | |
* | | Merge pull request #242 from awelkie/masterSteven Fackler2015-08-024-13/+22
|\ \ \ | | | | | | | | Added AES CTR-mode under feature flag.
| * | | Added AES CTR-mode under feature flag.Allen Welkie2015-07-154-13/+22
| |/ /
* | | Merge pull request #247 from panicbit/pub-initSteven Fackler2015-07-261-1/+3
|\ \ \ | | | | | | | | Expose ssl::init
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-17 16:52:17 +0000