| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |\
| |
| | |
Handle OPENSSL_NO_COMP
|
| | |
| |
| |
| | |
Closes #459
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
In OpenSSL 1.1, a failure to negotiate a protocol is a fatal error, so
fork that test. This also popped up an issue where we assumed all errors
had library, function, and reason strings which is not necessarily the
case.
While we're in here, adjust the Display impl to match what OpenSSL
prints out.
Closes #465
|
| |
|
|
|
|
| |
Also cfg off SSLv3_method, since it's disabled in the OpenSSL that ships
with Arch Linux. More such flags can be added on demand - it doesn't
seem worth auditing everything for them.
|
| | |
|
| |
|
|
| |
Closes #206
|
| | |
|
| |
|
|
| |
Also un-feature gate npn as it ships with 1.0.1
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit is relatively major refactoring of the `openssl-sys` crate as well
as the `openssl` crate itself. The end goal here was to support OpenSSL 1.1.0,
and lots of other various tweaks happened along the way. The major new features
are:
* OpenSSL 1.1.0 is supported
* OpenSSL 0.9.8 is no longer supported (aka all OSX users by default)
* All FFI bindings are verified with the `ctest` crate (same way as the `libc`
crate)
* CI matrixes are vastly expanded to include 32/64 of all platforms, more
OpenSSL version coverage, as well as ARM coverage on Linux
* The `c_helpers` module is completely removed along with the `gcc` dependency.
* The `openssl-sys` build script was completely rewritten
* Now uses `OPENSSL_DIR` to find the installation, not include/lib env vars.
* Better error messages for mismatched versions.
* Better error messages for failing to find OpenSSL on a platform (more can be
done here)
* Probing of OpenSSL build-time configuration to inform the API of the `*-sys`
crate.
* Many Cargo features have been removed as they're now enabled by default.
As this is a breaking change to both the `openssl` and `openssl-sys` crates this
will necessitate a major version bump of both. There's still a few more API
questions remaining but let's hash that out on a PR!
Closes #452
|
| |
|
| |
RAND_status() returns 1 if the PRNG has been seeded with enough data, 0 otherwise.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
SSL_CTX_add_extra_chain_cert assumes ownership of the certificate, so
the method really needs to take an X509 by value. Work around this by
manually cloning the cert.
This method has been around for over a year but I'm guessing nobody
actually used it since it produces a nice double free into segfault!
|
| |
|
|
|
| |
- fix return of `ASN1_TIME_print`
- assert on null `date`
|
| |
|
|
|
|
| |
- Use MemBio and implement `Display` for Asn1Time
- Tweak doc for asn1 `not_before`, `not_after`
|
| | |
|
| |
|
|
| |
Required to deserialize PKCS12 on 0.9.8, looks like
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Old rust-openssl versions rely on it being there
|
| | |
|
| |
|
|
| |
rust-openssl no longer requires headers for the default feature set.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This deletes the vast majority of PKey's API, since it was weirdly tied
to RSA and super broken.
|
| |
|
|
| |
Closes #430
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Dealing with byte buffers directly avoids error handling weirdness and
we were loading it all into memory before anyway.
|
| |
|
|
|
|
| |
Allows recognizing when a stream is still in handshake mode and can gracefully
transition when ready. The blocking usage of the API should still be the same,
just helps nonblocking implementations!
|
| |\
| |
| | |
DSA bindings
|
| | | |
|
| |/ |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
SSL_read returns a WANT_READ after a renegotiation by default which ends
up bubbling up as a weird BUG error. Tell OpenSSL to just do the read
again.
|