aboutsummaryrefslogtreecommitdiff
path: root/openssl/src
Commit message (Collapse)AuthorAgeFilesLines
* Release v0.6.6Steven Fackler2015-10-051-1/+1
|
* Update documentation about SSLv23John Downey2015-10-021-1/+2
| | | | | | | In OpenSSL world, the SSLv23 option is a poorly name method that will negotiate what version of TLS or SSL to use. It starts with the best version the library supports and then precedes to keep trying all the way down to SSL 2.0.
* Add an ecdh_auto descriptionFrank Denis2015-09-251-0/+4
|
* Add SSL::set_ecdh_auto()Frank Denis2015-09-251-0/+8
| | | | | This sets automatic curve selection and enables ECDH support. Requires LibreSSL or OpenSSL >= 1.0.2, so behind a feature gate.
* Enable testing on Windows via AppVeyorAlex Crichton2015-09-222-57/+164
| | | | | | | This abolishes the test.sh script which spawns a bunch of `openssl` instances to instead run/manage the binary in-process (providing more isolation to boot). The tests have been updated accordingly and the `connected_socket` dependency was also dropped in favor of `net2` as it the former doesn't work on Windows.
* Merge pull request #266 from jmesmon/alpnSteven Fackler2015-09-162-5/+51
|\ | | | | ssl/npn+alpn: adjust protocol selection to fail if no protocols match
| * ssl/alpn: test mismatch between protocols resulting in NoneCody P Schafer2015-09-161-0/+43
| |
| * ssl/npn+alpn: adjust protocol selection to fail if no protocols matchCody P Schafer2015-09-011-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current behavior causes a server written using rust-openssl to (if it cannot negotiate a protocol) fallback to the first protocol it has avaliable. This makes it impossible to detect protocol mismatches. This updates our selection to be more similar to how openssl's s_server behaves: non-matching protocols are not supplied with a fallback. Note that some setups may actually want a fallback protocol supplied via ALPN. To support those cases, we should consider adding a generic callback that allows protocol selection to be entirely controlled by the programmer. For the purposes of having a sane default, however, not supplying a default (and mimicing s_server's behavior) is the best choice.
| * openssl/ssl: fix some of the comment text where I missed replacing NPN with ALPNCody P Schafer2015-09-011-3/+3
| |
* | Merge pull request #261 from jedisct1/try_ssl_nullSteven Fackler2015-09-162-28/+7
|\ \ | | | | | | Use try_ssl_null!() when relevant
| * | Use try_ssl_null!() when relevantFrank Denis2015-09-132-28/+7
| | |
* | | Add DH::from_pem() to load DH parameters from a fileFrank Denis2015-09-131-1/+27
|/ /
* | Merge pull request #270 from mvdnes/crypto_segvSteven Fackler2015-09-111-7/+67
|\ \ | | | | | | Check if public/private RSA key is properly loaded
| * | Fix one call to RSA_size found by testsMathijs van de Nes2015-09-111-1/+1
| | |
| * | Add tests to ensure a panic occurs instead of segvMathijs van de Nes2015-09-111-0/+32
| | |
| * | Check rsa.is_null() before passing it to RSA_sizeMathijs van de Nes2015-09-101-1/+22
| | | | | | | | | | | | RSA_size will cause an segmentation fault if it is null
| * | Check _fromstr function for successMathijs van de Nes2015-09-101-6/+13
| |/
* / Make the docs say that load_pub/save_pub methods take DER bytesAlex Gaynor2015-09-091-2/+2
|/
* Merge pull request #259 from jedisct1/dhSteven Fackler2015-09-014-2/+107
|\ | | | | Add support for DHE for forward secrecy
| * Add support for set_tmp_dh() and RFC5114 DH parameters for forward secrecy.Frank Denis2015-08-314-2/+107
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | rust-openssl didn't support forward secrecy at all. This adds support for DHE, by exposing set_tmp_dh() as well as the RFC5114 parameters, which are conveniently exposed since OpenSSL 1.0.2. With OpenSSL >= 1.0.2, and the rfc5114 feature gate, enabling DHE is as simple as (here for 2048-bit MODP group with 256-bit prime order subgroup): use openssl::dh::DH; let dh = DH::get_2048_256().unwrap(); ctx.set_tmp_dh(dh).unwrap(); With OpenSSL < 1.0.2, DH::from_params() can be used to manually specify the DH parameters (here for 2048-bit MODP group with 256-bit prime order subgroup): use openssl::bn::BigNum; use openssl::dh::DH; let p = BigNum::from_hex_str("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0EF13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5140564251CCACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE621C3A3960A54E710C375F26375D7014103A4B54330C198AF126116D2276E11715F693877FAD7EF09CADB094AE91E1A1597").unwrap(); let g = BigNum::from_hex_str("3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC831D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6184B523D1DB246C32F63078490F00EF8D647D148D47954515E2327CFEF98C582664B4C0F6CC41659").unwrap(); let q = BigNum::from_hex_str("8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F5FBD3").unwrap(); let dh = DH::from_params(p, g, q).unwrap(); ctx.set_tmp_dh(dh).unwrap();
* | Release v0.6.5Steven Fackler2015-08-311-1/+1
|/
* Merge pull request #251 from ebarnard/evp_bytestokeySteven Fackler2015-08-234-23/+138
|\ | | | | Expose EVP_BytesToKey
| * Expose EVP_BytesToKeyEdward Barnard2015-08-234-23/+138
| | | | | | | | | | This is based on work by pyrho. Closes #88
* | Merge pull request #253 from manuels/masterSteven Fackler2015-08-192-0/+35
|\ \ | | | | | | Add get_state_string()
| * | Add get_state_string()Manuel Schölling2015-08-172-0/+35
| | |
* | | Merge pull request #240 from jethrogb/topic/x509_req_extensionSteven Fackler2015-08-152-9/+33
|\ \ \ | |/ / |/| | Implement certificate extensions for certificate requests
| * | Implement certificate extensions for certificate requestsJethro Beekman2015-07-082-9/+33
| | |
* | | Grab errno for directstream want errorsSteven Fackler2015-08-101-7/+2
| | |
* | | Handle WantWrite and WantRead errorsSteven Fackler2015-08-081-0/+8
| |/ |/|
* | Merge pull request #243 from manuels/masterSteven Fackler2015-08-022-2/+41
|\ \ | | | | | | Fix probelms with DTLS when no packets are pending.
| * | Fix probelms with DTLS when no packets are pending.Manuel Schölling2015-07-182-2/+41
| |/ | | | | | | | | | | | | | | | | | | | | When using DTLS you might run into the situation where no packets are pending, so SSL_read returns len=0. On a TLS connection this means that the connection was closed, but on DTLS it does not (a DTLS connection cannot be closed in the usual sense). This commit fixes a bug introduced by c8d23f3. Conflicts: openssl/src/ssl/mod.rs
* | Merge pull request #242 from awelkie/masterSteven Fackler2015-08-021-11/+16
|\ \ | | | | | | Added AES CTR-mode under feature flag.
| * | Added AES CTR-mode under feature flag.Allen Welkie2015-07-151-11/+16
| |/
* | Expose ssl::initpanicbit2015-07-261-1/+3
| |
* | Add function to write RSA public key as PEMAndrew Dunham2015-07-231-0/+32
|/
* Add missing C-string conversion, fixing recent build errorsJethro Beekman2015-07-081-3/+6
|
* Merge pull request #227 from jethrogb/topic/x509_nameSteven Fackler2015-07-082-7/+47
|\ | | | | Allow setting of arbitrary X509 names
| * Fix/add more X509generator testsJethro Beekman2015-07-082-4/+6
| |
| * Add X509generator.add_names methodJethro Beekman2015-07-081-0/+11
| |
| * Add public add_name method to X509GeneratorJethro Beekman2015-07-081-3/+16
| |
| * Replace CN field by names vectorJethro Beekman2015-07-081-4/+18
| |
* | Merge pull request #221 from jethrogb/topic/ssl_optionsSteven Fackler2015-07-081-29/+46
|\ \ | |/ |/| Several SSL option fixes
| * Decouple C SSL Option bit flags from Rust versionJethro Beekman2015-07-011-29/+46
| | | | | | | | | | | | | | The OpenSSL "SSL_OP_*" flags are in constant flux between different OpenSSL versions. To avoid having to change the Rust definitions, we implement our own numbering system in Rust, and use an automatically-generated C shim to convert the bitflags at runtime.
* | Merge pull request #233 from jethrogb/topic/x509_extensionSteven Fackler2015-07-084-122/+289
|\ \ | | | | | | Allow setting of arbitrary X509 extensions
| * | tabs to spacesJethro Beekman2015-07-011-76/+76
| | |
| * | Add documentation on X509 ExtensionsJethro Beekman2015-07-011-0/+42
| | |
| * | Add Issuer Alternative Name extensionJethro Beekman2015-07-011-0/+5
| | |
| * | Add Subject Alternate Name extensionJethro Beekman2015-07-012-1/+35
| | |
| * | Add arbitrary X509 extensions by OID stringJethro Beekman2015-07-013-15/+35
| | |
| * | Add arbitrary X509 extensions by NIDJethro Beekman2015-07-012-2/+8
| | |
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-30 22:26:42 +0000