aboutsummaryrefslogtreecommitdiff
path: root/openssl/src/ssl
Commit message (Collapse)AuthorAgeFilesLines
* Cleanup SNI stuffSteven Fackler2015-12-151-13/+6
|
* CleanupSteven Fackler2015-12-151-4/+6
|
* Merge pull request #309 from Geal/masterSteven Fackler2015-12-151-0/+112
|\ | | | | Add support for Server Name indication (SNI) on the server's side
| * Increment SSL_CTX's reference count in Ssl::get_ssl_context()Geoffroy Couprie2015-12-031-0/+1
| | | | | | | | | | | | Without this, whenever the returned SslContext is released, the refcount of the underlying SSL_CTX will decrease and it will be freed too soon
| * Make shims for SSL_CTX_ctrl and SSL_CTX_callback_ctrl macro wrappersGeoffroy Couprie2015-11-251-3/+3
| |
| * fix memory managementGeoffroy Couprie2015-11-251-5/+3
| |
| * Avoid freeing the SSL object when Ssl is droppedGeoffroy Couprie2015-11-241-10/+19
| |
| * implement get/set ssl contextGeoffroy Couprie2015-11-241-0/+8
| |
| * test SNI supportGeoffroy Couprie2015-11-241-0/+96
| |
* | Document unused variantSteven Fackler2015-12-141-1/+1
| | | | | | | | No reason to hide it
* | Yet more AsRawSocket fixesSteven Fackler2015-12-121-1/+1
| |
* | More AsRawSocket fixesSteven Fackler2015-12-121-1/+1
| |
* | Fix AsRawSocket implsSteven Fackler2015-12-121-2/+2
| |
* | Have NonblockingSslStream delegate to SslStreamSteven Fackler2015-12-122-158/+84
| |
* | Build out a new error typeSteven Fackler2015-12-122-35/+231
| |
* | Make error handling more reliableSteven Fackler2015-12-101-5/+16
| |
* | Replace SslStream implementation!Steven Fackler2015-12-092-532/+114
| |
* | Implement read and writeSteven Fackler2015-12-092-96/+142
| |
* | IT LIVESSteven Fackler2015-12-093-15/+144
| |
* | Custom BIO infrastructureSteven Fackler2015-12-082-0/+142
| |
* | Cast correctly c_char raw pointers (fixes build on ARM #314)Ondrej Perutka2015-11-302-12/+15
|/
* Implement try_clone for MaybeSslStreamSteven Fackler2015-11-201-0/+10
| | | | Closes #308
* Fixed a typo in a comment.Alex Gaynor2015-11-191-1/+1
|
* Split stuff requiring a shim out to a separate crateSteven Fackler2015-11-161-46/+47
|
* Switch to libc 0.2Steven Fackler2015-11-161-29/+14
|
* Move SSL methods to Ssl object, add getterSteven Fackler2015-11-162-124/+66
|
* Revert "Revert "Merge pull request #280 from ltratt/libressl_build""Steven Fackler2015-11-162-4/+3
| | | | This reverts commit ae3d0e36d71bb121c2fc1a75b3bc6d97f0e61480.
* Better debug implsSteven Fackler2015-10-261-3/+7
|
* Get nonblocking tests working on OSX/WindowsAlex Crichton2015-10-222-120/+189
|
* Nonblocking streams support.Jamie Turner2015-10-203-2/+405
|
* Revert "Merge pull request #280 from ltratt/libressl_build"Steven Fackler2015-10-142-3/+4
| | | | | This reverts commit aad933e5077b2c73e1f05d7314e442531a562bcf, reversing changes made to 60ee731408facdc8e3dfc000fdee2f1291fad664.
* Add set_certificate_chain_file()Frank Denis2015-10-121-0/+10
| | | | | | | | SSL_CTX_use_certificate_chain_file() is preferred over SSL_CTX_use_certificate_file(). It allows the use of complete certificate chains instead of loading only the first certificate in a PEM file.
* Fix build on LibreSSL.Laurence Tratt2015-10-032-4/+3
| | | | | | | | | LibreSSL has deprecated SSLv3_method, so this commit makes that a compile-time feature. It also removes a test referencing SSL_OP_CISCO_ANYCONNECT, as the LibreSSL header says it is amongst "Obsolete flags kept for compatibility. No sane code should use them."
* Update documentation about SSLv23John Downey2015-10-021-1/+2
| | | | | | | In OpenSSL world, the SSLv23 option is a poorly name method that will negotiate what version of TLS or SSL to use. It starts with the best version the library supports and then precedes to keep trying all the way down to SSL 2.0.
* Add an ecdh_auto descriptionFrank Denis2015-09-251-0/+4
|
* Add SSL::set_ecdh_auto()Frank Denis2015-09-251-0/+8
| | | | | This sets automatic curve selection and enables ECDH support. Requires LibreSSL or OpenSSL >= 1.0.2, so behind a feature gate.
* Enable testing on Windows via AppVeyorAlex Crichton2015-09-221-55/+163
| | | | | | | This abolishes the test.sh script which spawns a bunch of `openssl` instances to instead run/manage the binary in-process (providing more isolation to boot). The tests have been updated accordingly and the `connected_socket` dependency was also dropped in favor of `net2` as it the former doesn't work on Windows.
* Merge pull request #266 from jmesmon/alpnSteven Fackler2015-09-162-5/+51
|\ | | | | ssl/npn+alpn: adjust protocol selection to fail if no protocols match
| * ssl/alpn: test mismatch between protocols resulting in NoneCody P Schafer2015-09-161-0/+43
| |
| * ssl/npn+alpn: adjust protocol selection to fail if no protocols matchCody P Schafer2015-09-011-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current behavior causes a server written using rust-openssl to (if it cannot negotiate a protocol) fallback to the first protocol it has avaliable. This makes it impossible to detect protocol mismatches. This updates our selection to be more similar to how openssl's s_server behaves: non-matching protocols are not supplied with a fallback. Note that some setups may actually want a fallback protocol supplied via ALPN. To support those cases, we should consider adding a generic callback that allows protocol selection to be entirely controlled by the programmer. For the purposes of having a sane default, however, not supplying a default (and mimicing s_server's behavior) is the best choice.
| * openssl/ssl: fix some of the comment text where I missed replacing NPN with ALPNCody P Schafer2015-09-011-3/+3
| |
* | Use try_ssl_null!() when relevantFrank Denis2015-09-131-12/+3
|/
* Add support for set_tmp_dh() and RFC5114 DH parameters for forward secrecy.Frank Denis2015-08-311-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | rust-openssl didn't support forward secrecy at all. This adds support for DHE, by exposing set_tmp_dh() as well as the RFC5114 parameters, which are conveniently exposed since OpenSSL 1.0.2. With OpenSSL >= 1.0.2, and the rfc5114 feature gate, enabling DHE is as simple as (here for 2048-bit MODP group with 256-bit prime order subgroup): use openssl::dh::DH; let dh = DH::get_2048_256().unwrap(); ctx.set_tmp_dh(dh).unwrap(); With OpenSSL < 1.0.2, DH::from_params() can be used to manually specify the DH parameters (here for 2048-bit MODP group with 256-bit prime order subgroup): use openssl::bn::BigNum; use openssl::dh::DH; let p = BigNum::from_hex_str("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0EF13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5140564251CCACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE621C3A3960A54E710C375F26375D7014103A4B54330C198AF126116D2276E11715F693877FAD7EF09CADB094AE91E1A1597").unwrap(); let g = BigNum::from_hex_str("3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC831D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6184B523D1DB246C32F63078490F00EF8D647D148D47954515E2327CFEF98C582664B4C0F6CC41659").unwrap(); let q = BigNum::from_hex_str("8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F5FBD3").unwrap(); let dh = DH::from_params(p, g, q).unwrap(); ctx.set_tmp_dh(dh).unwrap();
* Add get_state_string()Manuel Schölling2015-08-172-0/+35
|
* Grab errno for directstream want errorsSteven Fackler2015-08-101-7/+2
|
* Handle WantWrite and WantRead errorsSteven Fackler2015-08-081-0/+8
|
* Merge pull request #243 from manuels/masterSteven Fackler2015-08-022-2/+41
|\ | | | | Fix probelms with DTLS when no packets are pending.
| * Fix probelms with DTLS when no packets are pending.Manuel Schölling2015-07-182-2/+41
| | | | | | | | | | | | | | | | | | | | | | When using DTLS you might run into the situation where no packets are pending, so SSL_read returns len=0. On a TLS connection this means that the connection was closed, but on DTLS it does not (a DTLS connection cannot be closed in the usual sense). This commit fixes a bug introduced by c8d23f3. Conflicts: openssl/src/ssl/mod.rs
* | Expose ssl::initpanicbit2015-07-261-1/+3
|/
* Decouple C SSL Option bit flags from Rust versionJethro Beekman2015-07-011-29/+46
| | | | | | | The OpenSSL "SSL_OP_*" flags are in constant flux between different OpenSSL versions. To avoid having to change the Rust definitions, we implement our own numbering system in Rust, and use an automatically-generated C shim to convert the bitflags at runtime.
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-26 23:02:12 +0000