From 5408b641ddbddd9f40ec203901dd7cb1a7afa3c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20Sch=C3=B6lling?= Date: Wed, 4 Mar 2015 22:32:16 +0100 Subject: Add connect() support for UDP sockets --- openssl/src/ssl/mod.rs | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'openssl/src/ssl/mod.rs') diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 4c0b13f1..710a287d 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -25,6 +25,7 @@ use x509::{X509StoreContext, X509FileType, X509}; use crypto::pkey::PKey; pub mod error; +pub mod connected_socket; #[cfg(test)] mod tests; @@ -97,6 +98,9 @@ pub enum SslMethod { #[cfg(feature = "tlsv1_2")] /// Support TLSv1.2 protocol, requires the `tlsv1_2` feature. Tlsv1_2, + #[cfg(feature = "dtlsv1")] + /// Support DTLSv1 protocol, requires the `dtlsv1` feature. + Dtlsv1, } impl SslMethod { @@ -110,7 +114,9 @@ impl SslMethod { #[cfg(feature = "tlsv1_1")] SslMethod::Tlsv1_1 => ffi::TLSv1_1_method(), #[cfg(feature = "tlsv1_2")] - SslMethod::Tlsv1_2 => ffi::TLSv1_2_method() + SslMethod::Tlsv1_2 => ffi::TLSv1_2_method(), + #[cfg(feature = "dtlsv1")] + SslMethod::Dtlsv1 => ffi::TLSv1_method(), } } } -- cgit v1.2.3 From 664600eadff8a0388bc9ab2544b382e56e4fae9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20Sch=C3=B6lling?= Date: Tue, 10 Mar 2015 14:31:54 +0100 Subject: Add DTLSv1 and DTLSv1.2 support --- openssl/src/ssl/mod.rs | 47 +++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 45 insertions(+), 2 deletions(-) (limited to 'openssl/src/ssl/mod.rs') diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 710a287d..9cf09bc8 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -101,6 +101,9 @@ pub enum SslMethod { #[cfg(feature = "dtlsv1")] /// Support DTLSv1 protocol, requires the `dtlsv1` feature. Dtlsv1, + #[cfg(feature = "dtlsv1_2")] + /// Support DTLSv1.2 protocol, requires the `dtlsv1_2` feature. + Dtlsv1_2, } impl SslMethod { @@ -116,9 +119,35 @@ impl SslMethod { #[cfg(feature = "tlsv1_2")] SslMethod::Tlsv1_2 => ffi::TLSv1_2_method(), #[cfg(feature = "dtlsv1")] - SslMethod::Dtlsv1 => ffi::TLSv1_method(), + SslMethod::Dtlsv1 => ffi::DTLSv1_method(), + #[cfg(feature = "dtlsv1_2")] + SslMethod::Dtlsv1_2 => ffi::DTLSv1_2_method(), } } + + #[cfg(feature = "dtlsv1")] + pub fn is_dtlsv1(&self) -> bool { + *self == SslMethod::Dtlsv1 + } + + #[cfg(feature = "dtlsv1_2")] + pub fn is_dtlsv1_2(&self) -> bool { + *self == SslMethod::Dtlsv1 + } + + pub fn is_dtls(&self) -> bool { + self.is_dtlsv1() || self.is_dtlsv1_2() + } + + #[cfg(not(feature = "dtlsv1"))] + pub fn is_dtlsv1(&self) -> bool { + false + } + + #[cfg(not(feature = "dtlsv1_2"))] + pub fn is_dtlsv1_2(&self) -> bool { + false + } } /// Determines the type of certificate verification used @@ -345,7 +374,13 @@ impl SslContext { return Err(SslError::get()); } - Ok(SslContext { ctx: ctx }) + let ctx = SslContext { ctx: ctx }; + + if method.is_dtls() { + ctx.set_read_ahead(); + } + + Ok(ctx) } /// Configures the certificate verification method for new connections. @@ -356,6 +391,7 @@ impl SslContext { mem::transmute(verify)); let f: extern fn(c_int, *mut ffi::X509_STORE_CTX) -> c_int = raw_verify; + ffi::SSL_CTX_set_verify(self.ctx, mode.bits as c_int, Some(f)); } } @@ -376,6 +412,7 @@ impl SslContext { mem::transmute(data)); let f: extern fn(c_int, *mut ffi::X509_STORE_CTX) -> c_int = raw_verify_with_data::; + ffi::SSL_CTX_set_verify(self.ctx, mode.bits as c_int, Some(f)); } } @@ -387,6 +424,12 @@ impl SslContext { } } + pub fn set_read_ahead(&self) { + unsafe { + ffi::SSL_CTX_ctrl(*self.ctx, ffi::SSL_CTRL_SET_READ_AHEAD, 1, ptr::null_mut()); + } + } + #[allow(non_snake_case)] /// Specifies the file that contains trusted CA certificates. pub fn set_CA_file(&mut self, file: &Path) -> Result<(),SslError> { -- cgit v1.2.3 From efbd4eee05d7f21ce2ffd1b1beaae1cde1de36ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20Sch=C3=B6lling?= Date: Thu, 12 Mar 2015 19:24:16 +0100 Subject: Fix portability issue and typo --- openssl/src/ssl/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'openssl/src/ssl/mod.rs') diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 9cf09bc8..fa388c3a 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -132,7 +132,7 @@ impl SslMethod { #[cfg(feature = "dtlsv1_2")] pub fn is_dtlsv1_2(&self) -> bool { - *self == SslMethod::Dtlsv1 + *self == SslMethod::Dtlsv1_2 } pub fn is_dtls(&self) -> bool { -- cgit v1.2.3 From dbef985e328f97905ce58ef14914100bd7e55e62 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20Sch=C3=B6lling?= Date: Sun, 15 Mar 2015 15:52:09 +0100 Subject: Move connected_socket to its own crate and fix SSL_CTX_set_read_ahead() --- openssl/src/ssl/mod.rs | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'openssl/src/ssl/mod.rs') diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index fa388c3a..01d65220 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -25,7 +25,6 @@ use x509::{X509StoreContext, X509FileType, X509}; use crypto::pkey::PKey; pub mod error; -pub mod connected_socket; #[cfg(test)] mod tests; @@ -377,7 +376,7 @@ impl SslContext { let ctx = SslContext { ctx: ctx }; if method.is_dtls() { - ctx.set_read_ahead(); + ctx.set_read_ahead(1); } Ok(ctx) @@ -424,9 +423,9 @@ impl SslContext { } } - pub fn set_read_ahead(&self) { + pub fn set_read_ahead(&self, m: c_long) { unsafe { - ffi::SSL_CTX_ctrl(*self.ctx, ffi::SSL_CTRL_SET_READ_AHEAD, 1, ptr::null_mut()); + ffi::SSL_CTX_set_read_ahead(*self.ctx, m); } } -- cgit v1.2.3 From 114253c55ec5dea618b839a39d1bc7ab02ab524c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20Sch=C3=B6lling?= Date: Thu, 19 Mar 2015 09:18:20 +0100 Subject: Change SslContext::set_read_ahead(c_long) to SslContext::set_read_ahead(u32) --- openssl/src/ssl/mod.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'openssl/src/ssl/mod.rs') diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 01d65220..d47915b2 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -423,9 +423,9 @@ impl SslContext { } } - pub fn set_read_ahead(&self, m: c_long) { + pub fn set_read_ahead(&self, m: u32) { unsafe { - ffi::SSL_CTX_set_read_ahead(*self.ctx, m); + ffi::SSL_CTX_set_read_ahead(*self.ctx, m as c_long); } } -- cgit v1.2.3 From 912cacf4bc3ea28003c5aa41f6cfd7a5989ba7d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20Sch=C3=B6lling?= Date: Fri, 3 Apr 2015 16:58:05 +0200 Subject: Fix rebase errors --- openssl/src/ssl/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'openssl/src/ssl/mod.rs') diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index d47915b2..0dd2b3cb 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -425,7 +425,7 @@ impl SslContext { pub fn set_read_ahead(&self, m: u32) { unsafe { - ffi::SSL_CTX_set_read_ahead(*self.ctx, m as c_long); + ffi::SSL_CTX_set_read_ahead(self.ctx, m as c_long); } } -- cgit v1.2.3